hi,
On May 14, 2007 17:43, at May, 14 17:43 , Christopher Blunck wrote:
The source based installation method allows you to select the
hostname, port, root mysql username, root mysql password, zenoss
username, zenoss password, and zenoss database name. It gives you
the full control you're looking for. But, in order to use the
source based installation method you must have a development
environment.
ok, development environment isn't a problem, i prefer to keep my
systems RPM based where possible.
The RPM offers a tradeoff: easier installation but with less
flexibility (choices) during installation time.
We want to support unattended installation via the RPM so we
default the configuration items you describe to what we believe
most people will use. In your case it's different, but you can
override the defaults using zendmd (or the GUI). You'll have to
repopulate the database but that's not overly complex.
good to know. i'll keep that in mind before deploying to production.
b) when starting zenoss for the first time, it prompts for the
root password
whish is then displayed in plain text on the screen!!!
It's prompting you for the password because the default blank root
password isn't working.
try adding 'stty -echo' before the 'read response' line (line 68) in
$ZENHOME/bin/install-functions.sh and 'stty echo' after that line.
that turns
off terminal echoes, cf also http://tldp.org/LDP/abs/html/
system.html#SECRETPW .
This prompt moved into the set_mysql function in build-
functions.sh, and I changed the root password section to stty -echo
before the prompt:
http://dev.zenoss.org/trac/changeset/5331
great! :)
c) another security gripe:
http://community.zenoss.com/docs/install-guides/install-on-redhat-
enterprise-linux/
mr. huckins suggests turning off iptables altogether. please don't
suggest this.
any inexperienced user following those instructions will do so and
offer an open
box to the world. not a good idea. as this page is specific for
RHEL, better to
offer instructions on how to edit /etc/sysconfig/iptables to add
those ports.
I sent Sam some new instructions. Please review them:
http://community.zenoss.com/docs/install-guides/install-on-redhat-
enterprise-linux/
looks good to me. one thing that a lot of ppl don't know is that you
can use yum to install a local rpm package and it automatically pulls
the dependencies if they're not installed. i'm not sure if you want
to mention that in the installation guide, it saves at least one line
of typing though:
yum -y install zenoss-1.1.2-0.rhel5.i386.rpm
d) a brief glance through the installation scripts seems to
suggest that zenoss
replaces without taking into account any previous content /etc/
sudoers and
/etc/snmp.conf. i haven't verified this yet, but it seems to be
very wrong if it
is doing so.
In 1.X we lay down a new /etc/sudoers. And by default we put
zenoss in the wheel group. <...SNIP...>
Bottom line: we killed off sudo in 2.0.
ok, looks like i'll be using zenoss 2.0 instead. any idea on the
release date?
e) zenoss installs scripts into the sysV boot directories. good
idea, better
idea even to make it support chkconfig for RedHat derived systems.
also a brief
check of my rc*.d directories makes me also assume that kill links
aren't
installed.
I created a ticket for this and made the changes you requested.
Please review the changeset associated with this ticket:
http://dev.zenoss.org/trac/ticket/1477
last time i hacked an init.d script to be used by chkconfig i seem to
remember it required a description field. this was about 1-2 yrs ago,
so i'm not 100% sure. also running chkconfig --add zenoss will not
automatically enable the service, iirc. i can't verify this right
now, as i'm nowhere near my zenoss box (closed testing network), i
will have a go at this a bit later and let you know if there's
anything you need to additionally change.
sorry for firing off these gripes in such a huffy manner, i feel a
monitoring
application should be more security aware.
Thanks for pointing those out. If you come across some other
security issues please send 'em in! :)
no problems. to be honest, i wasn't expecting such an extensive
answer. thanks for taking these things seriously. :)
btw, i've been playing with the web console a bit today, i'm
impressed. looks like it's definitely what i'm looking for. is there
any plan to release the documentation as a pdf?
regards,
sb
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
