[opsview-users] graphs and events on same chart

2010-10-08 Thread Alexander Smirnov
Hello! I'am running self developed production servers and need version/performance monitoring solution, which display cpu/disk/network load charts and version/configuration changing points. Perfomance question i solve by Graph > Summary, but where is best way for show version/configuration changi

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Roberto R. Morelli
Jose, The information you just provide, especially the quick hack solution is perfect and many thanks. I am not so much concerned about ourselves, we hack anything and everything that comes into our shop, but more thinking about others that are uncomfortable doing such changes. Simple quick

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Jose Luis Martinez
El 08/10/2010 19:51, Roberto R. Morelli escribió: Great, however the question has been answered, when is this going to be pushed out ? What is the date ? > Most repositories when a security issue has been identified and fixed, its pushed so that updaters can take advantage of it. The patch if

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Roberto R. Morelli
Yeah, I got onto the forums and I am sorry, its terrible and a waste of my time ! If forum support was the only thing available, we where ready to switch to a competitor's product. With the forums, we would have not seen any details about security issue without logging in and looking at the t

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Roberto R. Morelli
James, Great, however the question has been answered, when is this going to be pushed out ? What is the date ? Most repositories when a security issue has been identified and fixed, its pushed so that updaters can take advantage of it. The patch if not applied correctly, it will create mor

Re: [opsview-users] opsview security flaw

2010-10-08 Thread James Peel
Hi > If this is a security fix, which it is, why is opsview team not pushing this > out ? When you are going to push this out ? Ton posted a link to the code fix on the opsview-users list earlier so that you can patch critical systems: https://secure.opsera.com/wsvn/wsvn/opsview?op=comp&comp

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Tony Hunter
On Fri, Oct 08, 2010 at 10:26:36AM -0700, Roberto R. Morelli wrote: > If this is a security fix, which it is, why is opsview team not > pushing this out ? When you are going to push this out ? > > -Roberto I'm happy to see the mailing list is still alive. I thrashed about the forums for a coupl

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Roberto R. Morelli
If this is a security fix, which it is, why is opsview team not pushing this out ? When you are going to push this out ? -Roberto --On October 7, 2010 2:02:46 PM +0100 Ton Voon wrote: On 7 Oct 2010, at 07:13, aero wrote: My company's security team found a security flaws in opsview. eve

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Jose Luis Martinez
El 08/10/2010 17:07, Ton Voon escribió: On 8 Oct 2010, at 15:45, Jose Luis Martinez wrote: To Mr. Kang: Thanks for the report, but, please do not disclose vulnerabilites in public forums without giving the vendor a chance to fix them before. This way security updates get distributed in a timely

Re: [opsview-users] opsview security flaw

2010-10-08 Thread aero
Long Long threads~ What a surprise! I already knew what Ton said ( "this only happens when someone is already logged into Opsview AND they have ADMINACCESS" ). So I seriously didn't think I would have to keep it secret. Anyway, I am sorry for my carelessness. Thanks you all who offend or defend

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Ton Voon
On 8 Oct 2010, at 15:45, Jose Luis Martinez wrote: El 07/10/2010 15:02, Ton Voon escribió: On 7 Oct 2010, at 07:13, aero wrote: My company's security team found a security flaws in opsview. even for 3.9.0 Someone can execute shell command via URL( ex. http://opsviewurl/cgi-nmis/admin.pl?

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Jose Luis Martinez
El 07/10/2010 15:02, Ton Voon escribió: On 7 Oct 2010, at 07:13, aero wrote: My company's security team found a security flaws in opsview. even for 3.9.0 Someone can execute shell command via URL( ex. http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Kurt Bechstein
On 10/08/2010 09:21 AM, John Coleman wrote: On 10/07/2010 02:13 AM, aero wrote: Hello, My company's security team found a security flaws in opsview. even for 3.9.0 Someone can execute shell command via URL( ex. http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10

Re: [opsview-users] opsview security flaw

2010-10-08 Thread John Coleman
On 10/07/2010 02:13 AM, aero wrote: Hello, My company's security team found a security flaws in opsview. even for 3.9.0 Someone can execute shell command via URL( ex. http://opsviewurl/cgi-nmis/admin.pl?admin=ping&node=10.10.10.10

Re: [opsview-users] opsview security flaw

2010-10-08 Thread Edgars Mazurs
How to apply this patch? E From: opsview-users-boun...@lists.opsview.org [mailto:opsview-users-boun...@lists.opsview.org] On Behalf Of Ton Voon Sent: Thursday, October 07, 2010 4:03 PM To: Opsview Users Subject: Re: [opsview-users] opsview security flaw On 7 Oct 2010, at 07:13, aero