--On Wednesday, June 04, 2003 9:58 AM +0300 Dan Borlovan <[EMAIL PROTECTED]> wrote:
For mon-0-99-3.31, hopefully fixes several issues with trap authentication:
- trap section parsing in auth.cf ignored all non-wildcard entries. Rewritten entire test logic to give detailed error messages. Hope it works :)
- trap auth did not use ip address and did not test for non-existent user (funny thing is that the way the password test was done, it allowed any non-existant user to send traps)
And here we have one of the reasons why many of us are clamoring for a new release of Mon. I've *already* submitted patches that include fixes for all of this, plus several other trap related bugs (and quite a bit more), months ago. But since my patches are much larger in scope then most other patches Jim has, he hasn't applied them yet. And I've got quiet a few more patches to submit which I've been waiting to send until after Jim releases a version incorporating my previous fixes. I've been sitting on them for *eight* months now, which is frustrating. If anyone is interested in using my code, contact me and I'll point you to our CVS repository. (Note: I'm *not* interested in forking mon, but if more people are testing my code, maybe Jim will be willing to integrate it into the mainline more quickly.)
The other trap related bugs I've fixed include (from looking at my CVS tree):
-Fixed a bug which caused alerts to be sent on traps, even when the
scheduler was stopped.
-Eliminated usage of parse_line during trap processing,
to avoid a perl regexp segfault.
-Don't alert on disabled groups, in addition to not calling monitor scripts.
(Traps were still alerting)
-Trap timeouts didn't work
-There was a bug with dependencies and trap timeouts
-Various fixes to make traps process more like regular monitors (alertafter, alertevery, etc, didn't work quite right, IIRC. Downtime logs also were pretty broken)
And we've added support for trap messages to be signed by a shared des key, providing a secure trap mechanism. (Though we're not yet using that, as I haven't tested it on any significant scale yet. Its a big enough change that I don't want to start using in our production environment until I've tested in a development environment for a while. And I don't have one right now.)
-David
David Nolan <*> [EMAIL PROTECTED]
curses: May you be forced to grep the termcap of an unclean yacc while
a herd of rogue emacs fsck your troff and vgrind your pathalias!
_______________________________________________
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon
