%%
\section*{Monitor Configuration}
-\label{_ChapterStart35}
+\label{_MonitorChapter}
\index[general]{Monitor Configuration }
\index[general]{Configuration!Monitor }
\addcontentsline{toc}{section}{Monitor Configuration}
\ilink{Director's configuration}{_ChapterStart40} file, using the
Console Name and Password defined in the Monitor resource. To avoid security
problems, you should configure this Console resource to allow access to no
-others daemon, and permit the use of only two commands: {\bf status} and {\bf
+other daemons, and permit the use of only two commands: {\bf status} and {\bf
.status} (see below for an example).
You may have multiple Director resource specifications in a single Monitor
\item [Name = \lt{}name\gt{}]
\index[fd]{Name }
The Director name used to identify the Director in the list of monitored
-daemons. It is not required to be the same as defined in the Director's
+daemons. It is not required to be the same as the one defined in the Director's
configuration file. This record is required.
\item [DIRPort = \lt{}port-number\gt{}]
\index[fd]{DIRPort }
Specify the port to use to connect to the Director. This value will most
likely already be set to the value you specified on the {\bf
-\verb{--{with-base-port} option of the {\bf ./configure} command. This port must be
+\verb:--:with-base-port} option of the {\bf ./configure} command. This port must be
identical to the {\bf DIRport} specified in the {\bf Director} resource of
the
\ilink{Director's configuration}{_ChapterStart40} file. The
\item [Name = \lt{}name\gt{}]
\index[fd]{Name }
The Client name used to identify the Director in the list of monitored
-daemons. It is not required to be the same as defined in the Client's
+daemons. It is not required to be the same as the one defined in the Client's
configuration file. This record is required.
\item [Address = \lt{}address\gt{}]
\item [Name = \lt{}name\gt{}]
\index[fd]{Name }
The Storage name used to identify the Director in the list of monitored
-daemons. It is not required to be the same as defined in the Storage's
+daemons. It is not required to be the same as the one defined in the Storage's
configuration file. This record is required.
\item [Address = \lt{}address\gt{}]
\end{description}
-\subsection*{Sample Monitor configuration file and related daemons'
-configuration records.}
+\subsection*{Tray Monitor Security}
+\index[general]{Tray Monitor Security}
+\addcontentsline{toc}{subsection}{Tray Monitor Security}
+
+There is no security problem in relaxing the permissions on
+tray-monitor.conf as long as FD, SD and DIR are configured properly, so
+the passwords contained in this file only gives access to the status of
+the daemons. It could be a security problem if you consider the status
+information as potentially dangereous (I don't think it is the case).
+
+Concerning Director's configuration: \\
+In tray-monitor.conf, the password in the Monitor resource must point to
+a restricted console in bacula-dir.conf (see the documentation). So, if
+you use this password with bconsole, you'll only have access to the
+status of the director (commands status and .status).
+It could be a security problem if there is a bug in the ACL code of the
+director.
+
+Concerning File and Storage Daemons' configuration:\\
+In tray-monitor.conf, the Name in the Monitor resource must point to a
+Director resource in bacula-fd/sd.conf, with the Monitor directive set
+to Yes (once again, see the documentation).
+It could be a security problem if there is a bug in the code which check
+if a command is valid for a Monitor (this is very unlikely as the code
+is pretty simple).
+
+
+\subsection*{Sample Tray Monitor configuration}
\label{SampleConfiguration1}
-\index[general]{Sample Monitor configuration file and related daemons'
-configuration records. }
-\index[general]{Records!Sample Monitor configuration file and related daemons'
-configuration }
-\addcontentsline{toc}{subsection}{Sample Monitor configuration file and
-related daemons' configuration records.}
-
-A example Monitor configuration file might be the following:
+\index[general]{Sample Tray Monitor configuration}
+\addcontentsline{toc}{subsection}{Sample Tray Monitor configuration}
+
+An example Tray Monitor configuration file might be the following:
\footnotesize
\begin{verbatim}
projects / bacula / docs / blobdiff