Hi,
you can modify the only_from option in ~/etc/xinetd.d/livestatus and allow 127.0.0.1 only.
# configure the IP address(es) of your Nagios server here:
only_from = 127.0.0.1
Mit freundlichen Grüßen / best regards
Thomas Kladaric
Systemberatung
ITeratio GmbH
Hollweghstr. 22-26
D-51103 Köln
Tel.: +49 (0) 221 829 18 60
Fax.: +49 (0) 221 829 18 61
Geschäftsführung: Rolf Assenmacher, Hardy Düttmann, Thomas Glöckner
Sitz der Gesellschaft: Köln
Registergericht: Köln, HRB 35517
USt.-Id Nr. DE 215 675 338
···
Am 01.08.2012 um 11:16 schrieb Benjamin Henrion:
Hi,
I am trying to make livestatus TCP service only available on
localhost, I used the xinetd.d config here:http://mathias-kettner.de/checkmk_livestatus.html
But when I do an nmap to the machine, I see this:
==============================================================
nmap monitoring.machine.com -p5000-7000
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-01 11:13 CEST
Nmap scan report for monitoring.machine.com (192.168.0.53)
Host is up (0.036s latency).
rDNS record for 192.168.0.53
Not shown: 1999 closed ports
PORT STATE SERVICE
6556/tcp open unknown
6557/tcp open unknownAny idea how to restrict it strictly to localhost?
Best,
–
Benjamin Henrion
FFII Brussels - +32-484-566109 - +32-2-3500762
“In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators.”
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en