PFMS Exec Server Configuration

At the end of this configuration process, an SSH connection with a digital key will have been established for automated monitoring processes. This is the type of connection recommended, as it is much safer than Credential Boxes.

The configuration process will require the assistance of the person responsible for network administration to configure both PFMS Servers and the target computers and connection and data traffic, among other aspects such as firewalls and VLANs to increase security.

In a Logic Agent that was already created and with remote configuration enabled, users (called pandora_exec_proxy here) and a pair of digital keys (public and private) may access a remote device on which the public key was hosted and configured.

Without remote configuration enabled, Satellite Server module creation from wizards will be unavailable.

Configuration in PFMS Web Console

This option may be configured on a PFMS Network Server and/or a PFMS Satellite Server.

From the list of Pandora FMS servers, select one to work as the Exec Server and edit it:

Check the box labelled Execute server, enter the port number (default is 22) and the IP address of the server where the desired commands will be launched:

Since configuration is not yet complete at this point, the connection test will fail (Check server execution button).

User configuration in OS on remote servers

Before accessing the Exec Server through SSH, on PFMS Network Server and/or PFMS Satellite Server enabled as Exec Server(s), a specific user must be created on that machine or machines, for example named pandora_exec_proxy. In a terminal window connected as the root user or equivalent using sudo:

useradd pandora_exec_proxy -m

A password must be assigned to the newly created user:

passwd pandora_exec_proxy

User configuration in PFMS server OS

Key generation and copying

Now work as root or an equivalent user where PFMS Web Console is running to generate the key pair:

ssh-keygen

Proceed to copy the key to the remote server (replace the IP address in <Remote_Server_IP_address>):

ssh-copy-id pandora_exec_proxy@<Remote_Server_IP_address>

Next, create the SSH folder for the “Apache” user, move the credentials, and change their owner, depending on the operating system installed.

Rocky Linux / RHEL:

mkdir /usr/share/httpd/.ssh
mv /root/.ssh/* /usr/share/httpd/.ssh/
chown -R apache. /usr/share/httpd/.ssh/

Ubuntu server:

mkdir /var/www/.ssh
mv /root/.ssh/* /var/www/.ssh/
chown -R www-data. /var/www/.ssh/

You should check that the default DocumentRoot for the Apache2 service is:

/var/www/html

This is so that the .ssh folder cannot be listed from the web browser.

Checking the operation of the Exec Server

Finally, just test configuration in the proxy server editing section within Pandora FMS Web Console. Check the test indicator by clicking on it:

←Back to Pandora FMS documentation index

Table of Contents