Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Secure access Pandroid to Pandora FmS
#1

Hello,

I have the latest version of Pandora FMS Community.

I have installed to test Pandroid on an Android mobile and it works correctly. The only thing that only works if it is connected by wifi to the internal network of the company.

We had thought he would always report. But for this you have to publish the address of the Pandora server to the Internet. I do not see how to secure this agent's access. Because to auto-register only in Pandora fms, simply had to put the address of the server in setup Pandroid

It does not request any type of authorization, user or password to register these devices.


If the Pandora server is not published on the Internet and securized the access of the Pandroid agents do not make any sense.

I would like to indicate if it is possible and how to do it. I searched for information but found nothing.

Thank you

Regards
 Reply
#2
Hello ansator3,

As you can imagine, that's the normal behaviour, the agent needs to be able to communicate with the Pandora server in order to report the information, how could it do it if the server is on a separated unreachable network?

You will need to set up your network properly for either publish your Pandora server or open firewall rules and routing for the agent to be able to communicate with your internal network.
Only port needed is 41121 TCP.

Kind regards,
Antonio.
 Reply
#3
Hello Antonio,

This way, if I have  a public server ip, anyone could register a device on my Pandora server. do not?

Is there no way to restrict this? Some password, authorization code, approve the registration of these devices, etc.

Because then it would be fantastic.

But I only see it to have internal devices in a vpn or local network. The tool loses a lot of potential. In our case, it does not make any sense.

thanks
 Reply
#4
Hello ansator3,

Yes, you can disable the agents autocreation on the pandora_server.conf file, this way agents reporting to your IP won't be created unless there is an agent already created with the same name, understanding that it is not a new agent but an update of an existing agent.
Don't forget to restart the pandora_server service after making the changes on the configuration file.

Kind regards,
Antonio.
 Reply
#5
Hi,

what is the parameter?

Thank you
 Reply
#6
Code:
autocreate
Don't forget to restar pandora_server service after the change.

Kind regards,
Antonio.
 Reply
#7
Hi, you don't show what is this paramenter.

Please, could you indicate us what is?

Thank you
 Reply
#8
Hi ansator3,

# Set to 1 if want to autocreate agents with Pandora FMS Data Server,
# set to 0 to disable (for security purposes, for example).

autocreate 1

Don't forget restarting pandora_server service after changing that value.

Best regards,

Roberto.
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes