Pandora FMS community forums
Secure access Pandroid to Pandora FmS - Printable Version

+- Pandora FMS community forums (https://pandorafms.com/community-forums)
+-- Forum: Pandora FMS (https://pandorafms.com/community-forums/forum-3.html)
+--- Forum: Community support (English) (https://pandorafms.com/community-forums/forum-7.html)
+--- Thread: Secure access Pandroid to Pandora FmS (/thread-8156.html)



Secure access Pandroid to Pandora FmS - ansator3 - 12-15-2016


Hello,

I have the latest version of Pandora FMS Community.

I have installed to test Pandroid on an Android mobile and it works correctly. The only thing that only works if it is connected by wifi to the internal network of the company.

We had thought he would always report. But for this you have to publish the address of the Pandora server to the Internet. I do not see how to secure this agent's access. Because to auto-register only in Pandora fms, simply had to put the address of the server in setup Pandroid

It does not request any type of authorization, user or password to register these devices.


If the Pandora server is not published on the Internet and securized the access of the Pandroid agents do not make any sense.

I would like to indicate if it is possible and how to do it. I searched for information but found nothing.

Thank you

Regards


Re: Secure access Pandroid to Pandora FmS - antonio - 12-16-2016

Hello ansator3,

As you can imagine, that's the normal behaviour, the agent needs to be able to communicate with the Pandora server in order to report the information, how could it do it if the server is on a separated unreachable network?

You will need to set up your network properly for either publish your Pandora server or open firewall rules and routing for the agent to be able to communicate with your internal network.
Only port needed is 41121 TCP.

Kind regards,
Antonio.


Re: Secure access Pandroid to Pandora FmS - ansator3 - 12-16-2016

Hello Antonio,

This way, if I haveĀ  a public server ip, anyone could register a device on my Pandora server. do not?

Is there no way to restrict this? Some password, authorization code, approve the registration of these devices, etc.

Because then it would be fantastic.

But I only see it to have internal devices in a vpn or local network. The tool loses a lot of potential. In our case, it does not make any sense.

thanks


Re: Secure access Pandroid to Pandora FmS - antonio - 12-19-2016

Hello ansator3,

Yes, you can disable the agents autocreation on the pandora_server.conf file, this way agents reporting to your IP won't be created unless there is an agent already created with the same name, understanding that it is not a new agent but an update of an existing agent.
Don't forget to restart the pandora_server service after making the changes on the configuration file.

Kind regards,
Antonio.


Re: Secure access Pandroid to Pandora FmS - ansator3 - 12-21-2016

Hi,

what is the parameter?

Thank you


Re: Secure access Pandroid to Pandora FmS - antonio - 12-21-2016

Code:
autocreate
Don't forget to restar pandora_server service after the change.

Kind regards,
Antonio.


Re: Secure access Pandroid to Pandora FmS - ansator3 - 12-27-2016

Hi, you don't show what is this paramenter.

Please, could you indicate us what is?

Thank you


Re: Secure access Pandroid to Pandora FmS - roberto - 12-30-2016

Hi ansator3,

# Set to 1 if want to autocreate agents with Pandora FMS Data Server,
# set to 0 to disable (for security purposes, for example).

autocreate 1

Don't forget restarting pandora_server service after changing that value.

Best regards,

Roberto.