Fusion Inventory Agent on pfSense 2.3.1

LFCavalcanti

Hi!

So, I need to monitor pfSense using FusionInventory, but since pfSense use it's own FreeBSD ports collection, I'm asking here if anyone has installed the agent before.

I work on a IT Service Provider so servers are not in the same network as my GLPI+Fusion server, that's why SNMP is not an option, too much security risks.

CDuv

Hi, I am in the same need for my v2.3.2 setup.
I have found the (french) topic « Installer FusionInventory » that said it worked, but it was on pfSense v2.1.

Any feedback on such installation went?

crlsgms

Hello everyone, I followed the tutorial in french, but some packages were broke, since the quarterly repo have already some updates: http://pkg.freebsd.org/FreeBSD:10:amd64/quarterly/All/

So I double checked the initial script with the versions and managed to setup the installation over 2.3.2-r1

Checking today 04/01/17 the current packages to be added, avaiable are:

pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-ExtUtils-Manifest-1.70.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-ExtUtils-MakeMaker-7.24.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Text-Template-1.46_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Compress-Raw-Zlib-2.069.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-File-Which-1.21.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-SSLeay-1.78.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Socket-2.021.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-Socket-IP-0.37_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-URI-1.71.txz
pkg install p5-Mozilla-CA
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-Socket-SSL-2.038.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-HTTP-6.09.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Encode-Locale-1.05.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-HTML-1.001_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Date-6.02_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-LWP-MediaTypes-6.02_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Message-6.11.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Daemon-6.01_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Negotiate-6.01_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-WWW-RobotRules-6.02_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Cookies-6.01_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTML-Tagset-3.20_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTML-Parser-3.72.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-File-Listing-6.04_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Digest-HMAC-1.03_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Authen-NTLM-1.09_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-libwww-6.15.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/pciids-20160621.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/libpci-3.5.1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/pciutils-3.5.1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-UNIVERSAL-require-0.18.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-XML-TreePP-0.43.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-IP-1.26_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-LWP-Protocol-https-6.06_1.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Proc-Daemon-0.23.txz
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-FusionInventory-Agent-2.3.17.txz

those lines can be copy/ pasted via ssh with root access directly to pfsense.

After the packages are installed, the french tutorial says thats needed to create the /user/local/etc/fusioninventory folder and its configs, but here on my installation all was created automatically, I just had to copy the agent.conf.sample to the regular agent.cfg file and tailor up to my needs. The suggested config would be on the agent.conf:

server=https://inventory.domain.tld/
#If using proxy, set those up
#user=inventory
#password=p@ssw0rd/Inv3nt0ry
no-deploy
no-ocsdeploy
no-esx
no-printer

and afterwards, just run the agent with debug options to check if its ok:

/usr/local/bin/fusioninventory-agent --debug

and voilá, it should be avaiable on your glpi / fusioniventory hosts

johnpoz

Just playing devils advocate here.. But what is less secure do you think?  Opening up snmp between 2 devices, or installing a crapton of software on your "firewall"  That is a lot of packages..  Can you not use snmp3 which you could encrypt etc. as well..

danielmjmarques

Update 2020
Change file /usr/local/etc/pkg/repos/pfSense.conf add:

FreeBSD: {
url: "http://pkg.freebsd.org/FreeBSD:11:amd64/release_4/",
enabled: yes
}

Execute: pkg upgrade -n
Execute: pkg install p5-ExtUtils-Manifest p5-ExtUtils-MakeMaker p5-Text-Template p5-Compress-Raw-Zlib p5-File-Which p5-Net-SSLeay p5-Socket p5-IO-Socket-IP p5-URI p5-Mozilla-CA p5-IO-Socket-SSL p5-Net-HTTP p5-Encode-Locale p5-IO-HTML p5-HTTP-Date p5-LWP-MediaTypes p5-HTTP-Message p5-HTTP-Daemon p5-HTTP-Negotiate p5-WWW-RobotRules p5-HTTP-Cookies p5-HTML-Tagset p5-HTML-Parser p5-File-Listing p5-Digest-HMAC p5-Authen-NTLM p5-libwww pciids libpci pciutils p5-UNIVERSAL-require p5-XML-TreePP p5-Net-IP p5-LWP-Protocol-https p5-Proc-Daemon p5-FusionInventory-Agent

Rename /user/local/etc/fusioninventory/agent.cfg.sample to /user/local/etc/fusioninventory/agent.cfg/agent.cfg and change options

stephenw10

This is still a terrible idea in 2020.

https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html#concerns-warnings

danielmjmarques

@stephenw10 I completely agree, I don't think it's safe to install packages and software in addition to those that are already original to the tool. But I posted here the update of the installation process because you never know the needs and peculiarities of each project. So if someone needs to install the package, I believe it will be much better to install the packages with the latest version of each one.

stephenw10

Yup, if you must do it then use the correct pkg versions. Just be aware of the risks before doing so.

Steve