On Wed, May 16, 2012 at 1:50 PM, Jeff Gehlbach <je...@opennms.org> wrote:
> On 05/16/2012 02:12 PM, Les Mikesell wrote:
>
>> I'd contend that the behavior is incorrect if you unmanage a service,
>> though. When I have explicitly told it not to manage a service on a
>> specific interface it should quit probing it and triggering the
>> associated security exceptions.
>
> It's working as designed, Les, and as it's worked for the past twelve
> years plus. To "unmanage" a service is to tell the *poller* to ignore
> it. This has no bearing on Capsd / Provisiond, because those daemons
> are in a different business.
I understand why it does the wrong thing. I'm just saying that it is
wrong for a program to continue abusing a network port after being
told not to do it. You can interpret that as meaning that I am wishing
for a more convenient way for an operator to interact with all of the
disconnected portions of OpenNMS than editing filters into each
portion's xml config or imposing firewalls between them if you want.
But really, what business does capsd/provisiond have discovering
services on interfaces where you don't want them to be managed (or
more to the point, may be sending emails to a security officer each
time they are probed...).
--
Les Mikesell
lesmikes...@gmail.com
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ
opennms-devel mailing list
To *unsubscribe* or change your subscription options, see the bottom of this
page:
https://lists.sourceforge.net/lists/listinfo/opennms-devel
