Fusion Inventory Agent on pfSense 2.3.1



  • Hi!

    So, I need to monitor pfSense using FusionInventory, but since pfSense use it's own FreeBSD ports collection, I'm asking here if anyone has installed the agent before.

    I work on a IT Service Provider so servers are not in the same network as my GLPI+Fusion server, that's why SNMP is not an option, too much security risks.



  • Hi, I am in the same need for my v2.3.2 setup.
    I have found the (french) topic « Installer FusionInventory » that said it worked, but it was on pfSense v2.1.

    Any feedback on such installation went?



  • Hello everyone, I followed the tutorial in french, but some packages were broke, since the quarterly repo have already some updates: http://pkg.freebsd.org/FreeBSD:10:amd64/quarterly/All/

    So I double checked the initial script with the versions and managed to setup the installation over 2.3.2-r1

    Checking today 04/01/17 the current packages to be added, avaiable are:

    
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-ExtUtils-Manifest-1.70.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-ExtUtils-MakeMaker-7.24.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Text-Template-1.46_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Compress-Raw-Zlib-2.069.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-File-Which-1.21.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-SSLeay-1.78.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Socket-2.021.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-Socket-IP-0.37_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-URI-1.71.txz
    pkg install p5-Mozilla-CA
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-Socket-SSL-2.038.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-HTTP-6.09.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Encode-Locale-1.05.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-HTML-1.001_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Date-6.02_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-LWP-MediaTypes-6.02_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Message-6.11.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Daemon-6.01_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Negotiate-6.01_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-WWW-RobotRules-6.02_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Cookies-6.01_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTML-Tagset-3.20_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTML-Parser-3.72.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-File-Listing-6.04_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Digest-HMAC-1.03_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Authen-NTLM-1.09_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-libwww-6.15.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/pciids-20160621.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/libpci-3.5.1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/pciutils-3.5.1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-UNIVERSAL-require-0.18.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-XML-TreePP-0.43.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-IP-1.26_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-LWP-Protocol-https-6.06_1.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Proc-Daemon-0.23.txz
    pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-FusionInventory-Agent-2.3.17.txz
    
    

    those lines can be copy/ pasted via ssh with root access directly to pfsense.

    After the packages are installed, the french tutorial says thats needed to create the /user/local/etc/fusioninventory folder and its configs, but here on my installation all was created automatically, I just had to copy the agent.conf.sample to the regular agent.cfg file and tailor up to my needs. The suggested config would be on the agent.conf:

    server=https://inventory.domain.tld/
    #If using proxy, set those up
    #user=inventory
    #password=p@ssw0rd/Inv3nt0ry
    no-deploy
    no-ocsdeploy
    no-esx
    no-printer
    

    and afterwards, just run the agent with debug options to check if its ok:

    /usr/local/bin/fusioninventory-agent --debug
    

    and voilá, it should be avaiable on your glpi / fusioniventory hosts


  • LAYER 8 Global Moderator

    Just playing devils advocate here.. But what is less secure do you think?  Opening up snmp between 2 devices, or installing a crapton of software on your "firewall"  That is a lot of packages..  Can you not use snmp3 which you could encrypt etc. as well..



  • Update 2020
    Change file /usr/local/etc/pkg/repos/pfSense.conf add:

    FreeBSD: {
    url: "http://pkg.freebsd.org/FreeBSD:11:amd64/release_4/",
    enabled: yes
    }

    Execute: pkg upgrade -n
    Execute: pkg install p5-ExtUtils-Manifest p5-ExtUtils-MakeMaker p5-Text-Template p5-Compress-Raw-Zlib p5-File-Which p5-Net-SSLeay p5-Socket p5-IO-Socket-IP p5-URI p5-Mozilla-CA p5-IO-Socket-SSL p5-Net-HTTP p5-Encode-Locale p5-IO-HTML p5-HTTP-Date p5-LWP-MediaTypes p5-HTTP-Message p5-HTTP-Daemon p5-HTTP-Negotiate p5-WWW-RobotRules p5-HTTP-Cookies p5-HTML-Tagset p5-HTML-Parser p5-File-Listing p5-Digest-HMAC p5-Authen-NTLM p5-libwww pciids libpci pciutils p5-UNIVERSAL-require p5-XML-TreePP p5-Net-IP p5-LWP-Protocol-https p5-Proc-Daemon p5-FusionInventory-Agent

    Rename /user/local/etc/fusioninventory/agent.cfg.sample to /user/local/etc/fusioninventory/agent.cfg/agent.cfg and change options


  • Netgate Administrator



  • @stephenw10 I completely agree, I don't think it's safe to install packages and software in addition to those that are already original to the tool. But I posted here the update of the installation process because you never know the needs and peculiarities of each project. So if someone needs to install the package, I believe it will be much better to install the packages with the latest version of each one.


  • Netgate Administrator

    Yup, if you must do it then use the correct pkg versions. Just be aware of the risks before doing so.

    Steve


Log in to reply