How do I configure a firewall on a RHEL server to allow remote monitoring with Performance Co-Pilot

117 篇文章 0 订阅

https://access.redhat.com/solutions/1145963

 SOLUTION 已验证 - 已更新 2019年一月24日17:40 - 

English 

环境

  • Red Hat Enterprise Linux version 7
  • Red Hat Enterprise Linux version 6
  • Red Hat Enterprise Linux version 5

问题

  • How do I configure firewall on a RHEL server to allow remote monitoring with performance Co-Pilot (PCP)?
  • How can I configure PCP security features, including authentication and access control

决议

  • for local performance data collection, the firewall configuration does NOT need to be changed. This is the most common PCP collector deployment.
  • to allow monitoring of the server by remote PCP clients (including a remote pmlogger), the firewall configuration needs to be configured as follows :

RHEL7

Raw

firewall-cmd --permanent --zone=public --add-service=pmcd
firewall-cmd --reload

RHEL6 and RHEL5

use the standard firewall configuration tools, e.g. by running setup or system-config-securitylevel.

Additional Notes

  • the firewall GUI tool on each RHEL version can also be used - just open up (or re-map) the pmcd port (which is normally 44321/tcp, see /etc/services) on the desired network interfaces or zones as needed.
  • in a devops environment with the pmwebd(1) service enabled, you may also want to expose the pmwebd port, which is 44323/tcp by default.
  • there may be security implications of allowing remote access - PCP exports a lot of information about the system. Due care is required when opening the pmcd port on a public zoned interface.

Authentication and access control

  • PCP has authentication and access control features that can be configured if necessary, see the pcpintro(1) man page and also Authenticated Connections
  • these features should be used when access control is required, e.g. for remote access over a public interface.

See Also

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值