https://access.redhat.com/solutions/1145963
SOLUTION 已验证 - 已更新 2019年一月24日17:40 -
环境
- Red Hat Enterprise Linux version 7
- Red Hat Enterprise Linux version 6
- Red Hat Enterprise Linux version 5
问题
- How do I configure firewall on a RHEL server to allow remote monitoring with performance Co-Pilot (PCP)?
- How can I configure PCP security features, including authentication and access control
决议
- for local performance data collection, the firewall configuration does NOT need to be changed. This is the most common PCP collector deployment.
- to allow monitoring of the server by remote PCP clients (including a remote pmlogger), the firewall configuration needs to be configured as follows :
RHEL7
firewall-cmd --permanent --zone=public --add-service=pmcd
firewall-cmd --reload
RHEL6 and RHEL5
use the standard firewall configuration tools, e.g. by running setup or system-config-securitylevel.
Additional Notes
- the firewall GUI tool on each RHEL version can also be used - just open up (or re-map) the pmcd port (which is normally
44321/tcp, see /etc/services) on the desired network interfaces or zones as needed. - in a devops environment with the pmwebd(1) service enabled, you may also want to expose the pmwebd port, which is
44323/tcpby default. - there may be security implications of allowing remote access - PCP exports a lot of information about the system. Due care is required when opening the pmcd port on a public zoned interface.
Authentication and access control
- PCP has authentication and access control features that can be configured if necessary, see the pcpintro(1) man page and also Authenticated Connections
- these features should be used when access control is required, e.g. for remote access over a public interface.
78
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
