Versions Compared

Old Version 1

changes.mady.by.user Unknown User (adimopoulos)

Saved on

compared with

New Version Current

changes.mady.by.user IDERA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Related DocumentationVersion of up.time AffectedAffected Platforms
Setting the agent port or permissionsAllLinux

You can secure communication between the

...

Uptime monitoring station and the

...

Uptime Linux agent by enabling SSL encryption. Enabling SSL is a two-step process:

...

Table of Contents

Enabling SSL

...

on the Linux Agent System

To enable SSL encryption, complete the following steps on each agent system:

...

Note
titleNote
Perform these steps on the Agents only. Do not perform these steps on the monitoring station.

  1. Ensure Stunnel is installed on the agent server. If you do not have access to a distribution, you can download it from Stunnel.org.

  2. Edit the /etc/xinetd.d/uptmagnt file so that it includes the following configuration information:

    Code Block
    languagetext
    service uptmagnt

...

  1.  
{

...

  1.  
disable = no

...

  1.  
flags = REUSE

...

  1.  
socket_type

...

  1. = stream

...

  1.  
wait = no

...

  1.  
user = nobody

...

  1.  
server = /usr/sbin/stunnel

...

  1.  
server_args

...

  1. = /etc/stunnel/uptmagnt.conf

...

  1.  
}

...

  2. Create the certificate that will be used by Stunnel. For example:
...
  1.  Code Block
    languagetext
    openssl req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem
...
  1. The following is a sample stunnel.cnf for the openssl program:
     Code Block
    languagetext
    # create RSA certs - Server
...
  1. 
RANDFILE = stunnel.rnd
...
  1. 
[ req ]
...
  1. 
default_bits = 1024
...
  1. 
encrypt_key = yes
...
  1. 
distinguished_name = req_dn
...
  1. 
x509_extensions = cert_type
...
  1. 
[ req_dn ]
...
  1. 
countryName = Country Name (2 letter code)
...
  1. 
countryName_default
...
  1.  
...
  1. = PL
...
  1. 
countryName_min
...
  1.  
...
  1. = 2
...
  1. 
countryName_max
...
  1.  
...
  1. = 2
...
  1. 
stateOrProvinceName = State or Province Name (full name)
...
  1. 
stateOrProvinceName_default 
...
  1. = Some-State
...
  1. 
localityName = Locality Name (eg, city)
...
  1. 
0.organizationName
...
  1.  
...
  1. = Organization Name (eg, company)
...
  1. 
0.organizationName_default 
...
  1. = Stunnel Developers Ltd
...
  1. 
organizationalUnitName = Organizational Unit Name (eg, section)
...
  1. 
#organizationalUnitName_default =
...
  1. 
0.commonName = Common Name (FQDN of your server)
...
  1. 
0.commonName_default
...
  1.  
...
  1. = localhost
...
  1. 
# To create a certificate for more than one name uncomment:
...
  1. 
# 1.commonName
...
  1.  
...
  1. = DNS alias of your server
...
  1. 
# 2.commonName
...
  1.  
...
  1. = DNS alias of your server
...
  1. 
# ...
...
  1. 
# See http://home.netscape.com/eng/security/ssl_2.0_certificate.html
...
  1. 
# to see how Netscape understands commonName.
...
  1. 
[ cert_type ]
...
  1. 
nsCertType = server
...
  2. Copy stunnel.pem to /etc/stunnel/uptmagnt.pem.
    Create the /etc/stunnel/uptmagnt.conf file and add the following lines:
     Code Block
    languagetext
    cert=/etc/stunnel/uptmagnt.
...
  1. pem 
exec=/opt/uptime-agent/bin/uptmagnt
...
  1. Restart the xinetd service. After doing this, your agent should now be in SSL mode.
    You can verify that your agent is communicating securely by running the following command on your monitoring station:
     Code Block
    languagetext
    agentcmd +s -p 9998 <hostname> df-k
...
...
 Note
titleNote
You can change the port on which to enable SSL to any value. To change the default agent port to something other than 9998, edit the /etc/services file, and restart xinetd. You can also use the agent-configure.sh script (see 
...
Changing Linux agent port or permissions
...
 for more information).
Enabling SSL in the 
...
Uptime UI
If the Linux agent has already been added to 
...
Uptime, complete the following steps in the 
...
Uptime Web interface for each agent system that you want to configure to use SSL.
      1. Click My 
     Enterprise
      1. Infrastructure.
      2. Click the name of the agent system for which you want to enable SSL.
      3. On the system information page, click the Edit Performance Monitor link in the System Profile section.
      4. In the new Edit Service Monitor window that appears, select the Use SSL (HTTPS) option.
      5. Click Save.
        Once saved, your 
     monitoring station 
      1. Monitoring Station and agent system will be communicating via SSL.
If you have not yet added the agent system to 
...
Uptime, follow the steps that are detailed in the 
...
Uptime User Guide. When adding the agent system, ensure that the Agent Port Number option is set to 9998, and that the Use SSL (HTTPS) option is enabled.