Hide usernam and password in http test
Hi
Im running a xymon server installed from the Terabithia repository
Release: xymon-4.3.30-1
I added a http test that requires basic authentication. The password has special characters.
The test works when I add the username and password in the full url, ie. https://server/page.htm?user=User&password=p at sw0rd
The man pages mention a file ~/.netrc where you can store username and password for basic authentication
Which directory should the file be stored on the server.
Best regards
Those are always stored in the home directory of the user that they're for. You need to find the home directory of the xymon user in /etc/passwd.
Scot Kreienkamp | Senior Systems Engineer | La-Z-Boy Corporate One La-Z-Boy Drive | Monroe, Michigan 48162 | * 734-384-6403 | | * 1-734-915-1444 | * Scot.Kreienkamp at la-z-boy.com www.la-z-boy.com<http://www.la-z-boy.com> | facebook.com/lazboy<http://facebook.com/lazboy> | twitter.com/lazboy<http://twitter.com/lazboy> | youtube.com/lazboy<http://youtube.com/lazboy> [cid:4C-lzbVertical_Tag_400px_d8b9412e-f3ea-46a1-99dc-a7c57261e11e.jpg] From: Xymon <xymon-bounces at xymon.com> On Behalf Of Chris Pretorius Sent: Thursday, March 18, 2021 7:35 AM To: Xymon Mailing List <xymon at xymon.com> Subject: [Xymon] Hide usernam and password in http test
ATTENTION: This email was sent to La-Z-Boy from an external source. Be vigilant when opening attachments or clicking links. Hi
Im running a xymon server installed from the Terabithia repository
Release: xymon-4.3.30-1
I added a http test that requires basic authentication. The password has special characters.
The test works when I add the username and password in the full url, ie. https://server/page.htm?user=User&password=p at sw0rd
The man pages mention a file ~/.netrc where you can store username and password for basic authentication
Which directory should the file be stored on the server.
Best regards
This message is intended only for the individual or entity to which it is addressed. It may contain privileged, confidential information which is exempt from disclosure under applicable laws. If you are not the intended recipient, you are strictly prohibited from disseminating or distributing this information (other than to the intended recipient) or copying this information. If you have received this communication in error, please notify us immediately by e-mail or by telephone at the above number. Thank you.
The online manpage (probably the most up-to-date) says that the netrc file is in $XYMON/etc/netrc - note that there is no dot in the filename.
https://xymon.sourceforge.io/xymon/help/manpages/man1/xymonnet.1.html
On Thu, 18 Mar 2021 at 22:45, Chris Pretorius <chrisp at lightstone.co.za> wrote:
Hi
Im running a xymon server installed from the Terabithia repository
Release: xymon-4.3.30-1
I added a http test that requires basic authentication. The password has special characters.
The test works when I add the username and password in the full url, ie. https://server/page.htm?user=User&password=p at sw0rd
The man pages mention a file ~/.netrc where you can store username and password for basic authentication
Which directory should the file be stored on the server.
Best regards
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
I tried $XYMON/etc/netrc and $XYMON/etc/.netrc
And xymon user homedir both netrc and .netrc
Also set chmod 600 to all the files
I found a different end point on the webserver (Windows, not IIS) that doesn?t require authentication that I can use in the test. Seems to be doing the job.
Thanx everyone for your guidance, much appreciated.
From: Jeremy Laidman <jeremy at laidman.org> Sent: Friday, 19 March 2021 08:12 To: Chris Pretorius <chrisp at lightstone.co.za> Cc: Xymon Mailing List <xymon at xymon.com> Subject: Re: [Xymon] Hide usernam and password in http test
The online manpage (probably the most up-to-date) says that the netrc file is in $XYMON/etc/netrc - note that there is no dot in the filename.
https://xymon.sourceforge.io/xymon/help/manpages/man1/xymonnet.1.html
On Thu, 18 Mar 2021 at 22:45, Chris Pretorius <chrisp at lightstone.co.za<mailto:chrisp at lightstone.co.za>> wrote: Hi
Im running a xymon server installed from the Terabithia repository
Release: xymon-4.3.30-1
I added a http test that requires basic authentication. The password has special characters.
The test works when I add the username and password in the full url, ie. https://server/page.htm?user=User&password=p at sw0rd
The man pages mention a file ~/.netrc where you can store username and password for basic authentication
Which directory should the file be stored on the server.
Best regards
Xymon mailing list Xymon at xymon.com<mailto:Xymon at xymon.com> http://lists.xymon.com/mailman/listinfo/xymon
Very strange.
The code (within xymonnet) that loads the file first looks for $XYMONHOME/etc/netrc and then looks for $HOME/.netrc (where $HOME should be ~xymon, the xymon user's home directory).
Could be the format you have is not recognised by Xymon. Unfortunately, there are no diagnostics if the file is unreadable or malformed.
The code seems to suggest that you can use keywords: machine, login, password, account, macef and default.
A comment can be denoted by a hash (#), leading and trailing whitespace is ignored. Tokens are separated by whitespace (tabs and spaces).
So something like this:
my authentication params
hostname beatbox.example.com login webadmin password pr1v at te
This will cause an authentication string of "webadmin:pr1v at te" to be assigned to the hostname beatbox, presumably to be used in a URL such as https://beatbox.example.com/testthis.html. The string is base64-encoded and included in an "Authorization: Basic <base64>" header.
On my system, if I run "strace xymoncmd xymonnet www.example.com 2>&1 | grep netrc" I get this:
open("/usr/lib/xymon/server/etc/netrc", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/xymon/.netrc", O_RDONLY) = -1 ENOENT (No such file or directory)
So it's definitely looking for it. If I mis-type the hostname, to something that doesn't exist in hosts.cfg, or if I choose a host that doesn't have "http://<something>", the strace doesn't show any output, so it doesn't even try to find a netrc file.
I appreciate that you have another solution, but you (and others) might find it helpful to find out why this isn't working for you.
Cheers Jeremy
On Fri, 19 Mar 2021 at 18:58, Chris Pretorius <chrisp at lightstone.co.za> wrote:
I tried
$XYMON/etc/netrc and $XYMON/etc/.netrc
And xymon user homedir both netrc and .netrc
Also set chmod 600 to all the files
I found a different end point on the webserver (Windows, not IIS) that doesn?t require authentication that I can use in the test.
Seems to be doing the job.
Thanx everyone for your guidance, much appreciated.
*From:* Jeremy Laidman <jeremy at laidman.org> *Sent:* Friday, 19 March 2021 08:12 *To:* Chris Pretorius <chrisp at lightstone.co.za> *Cc:* Xymon Mailing List <xymon at xymon.com> *Subject:* Re: [Xymon] Hide usernam and password in http test
The online manpage (probably the most up-to-date) says that the netrc file is in $XYMON/etc/netrc - note that there is no dot in the filename.
https://xymon.sourceforge.io/xymon/help/manpages/man1/xymonnet.1.html
On Thu, 18 Mar 2021 at 22:45, Chris Pretorius <chrisp at lightstone.co.za> wrote:
Hi
Im running a xymon server installed from the Terabithia repository
Release: xymon-4.3.30-1
I added a http test that requires basic authentication. The password has special characters.
The test works when I add the username and password in the full url, ie. https://server/page.htm?user=User&password=p at sw0rd
The man pages mention a file ~/.netrc where you can store username and password for basic authentication
Which directory should the file be stored on the server.
Best regards
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
participants (3)
-
chrisp@lightstone.co.za
-
jeremy@laidman.org
-
Scot.Kreienkamp@la-z-boy.com