Fusion Inventory Agent on pfSense 2.3.1
-
Hi!
So, I need to monitor pfSense using FusionInventory, but since pfSense use it's own FreeBSD ports collection, I'm asking here if anyone has installed the agent before.
I work on a IT Service Provider so servers are not in the same network as my GLPI+Fusion server, that's why SNMP is not an option, too much security risks.
-
Hi, I am in the same need for my v2.3.2 setup.
I have found the (french) topic « Installer FusionInventory » that said it worked, but it was on pfSense v2.1.Any feedback on such installation went?
-
Hello everyone, I followed the tutorial in french, but some packages were broke, since the quarterly repo have already some updates: http://pkg.freebsd.org/FreeBSD:10:amd64/quarterly/All/
So I double checked the initial script with the versions and managed to setup the installation over 2.3.2-r1
Checking today 04/01/17 the current packages to be added, avaiable are:
pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-ExtUtils-Manifest-1.70.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-ExtUtils-MakeMaker-7.24.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Text-Template-1.46_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Compress-Raw-Zlib-2.069.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-File-Which-1.21.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-SSLeay-1.78.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Socket-2.021.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-Socket-IP-0.37_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-URI-1.71.txz pkg install p5-Mozilla-CA pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-Socket-SSL-2.038.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-HTTP-6.09.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Encode-Locale-1.05.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-IO-HTML-1.001_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Date-6.02_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-LWP-MediaTypes-6.02_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Message-6.11.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Daemon-6.01_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Negotiate-6.01_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-WWW-RobotRules-6.02_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTTP-Cookies-6.01_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTML-Tagset-3.20_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-HTML-Parser-3.72.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-File-Listing-6.04_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Digest-HMAC-1.03_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Authen-NTLM-1.09_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-libwww-6.15.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/pciids-20160621.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/libpci-3.5.1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/pciutils-3.5.1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-UNIVERSAL-require-0.18.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-XML-TreePP-0.43.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Net-IP-1.26_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-LWP-Protocol-https-6.06_1.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-Proc-Daemon-0.23.txz pkg add http://pkg.freebsd.org/freebsd:10:x86:64/quarterly/All/p5-FusionInventory-Agent-2.3.17.txz
those lines can be copy/ pasted via ssh with root access directly to pfsense.
After the packages are installed, the french tutorial says thats needed to create the /user/local/etc/fusioninventory folder and its configs, but here on my installation all was created automatically, I just had to copy the agent.conf.sample to the regular agent.cfg file and tailor up to my needs. The suggested config would be on the agent.conf:
server=https://inventory.domain.tld/ #If using proxy, set those up #user=inventory #password=p@ssw0rd/Inv3nt0ry no-deploy no-ocsdeploy no-esx no-printer
and afterwards, just run the agent with debug options to check if its ok:
/usr/local/bin/fusioninventory-agent --debug
and voilá, it should be avaiable on your glpi / fusioniventory hosts
-
Just playing devils advocate here.. But what is less secure do you think? Opening up snmp between 2 devices, or installing a crapton of software on your "firewall" That is a lot of packages.. Can you not use snmp3 which you could encrypt etc. as well..
-
Update 2020
Change file /usr/local/etc/pkg/repos/pfSense.conf add:FreeBSD: {
url: "http://pkg.freebsd.org/FreeBSD:11:amd64/release_4/",
enabled: yes
}Execute: pkg upgrade -n
Execute: pkg install p5-ExtUtils-Manifest p5-ExtUtils-MakeMaker p5-Text-Template p5-Compress-Raw-Zlib p5-File-Which p5-Net-SSLeay p5-Socket p5-IO-Socket-IP p5-URI p5-Mozilla-CA p5-IO-Socket-SSL p5-Net-HTTP p5-Encode-Locale p5-IO-HTML p5-HTTP-Date p5-LWP-MediaTypes p5-HTTP-Message p5-HTTP-Daemon p5-HTTP-Negotiate p5-WWW-RobotRules p5-HTTP-Cookies p5-HTML-Tagset p5-HTML-Parser p5-File-Listing p5-Digest-HMAC p5-Authen-NTLM p5-libwww pciids libpci pciutils p5-UNIVERSAL-require p5-XML-TreePP p5-Net-IP p5-LWP-Protocol-https p5-Proc-Daemon p5-FusionInventory-AgentRename /user/local/etc/fusioninventory/agent.cfg.sample to /user/local/etc/fusioninventory/agent.cfg/agent.cfg and change options
-
This is still a terrible idea in 2020.
https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html#concerns-warnings
-
@stephenw10 I completely agree, I don't think it's safe to install packages and software in addition to those that are already original to the tool. But I posted here the update of the installation process because you never know the needs and peculiarities of each project. So if someone needs to install the package, I believe it will be much better to install the packages with the latest version of each one.
-
Yup, if you must do it then use the correct pkg versions. Just be aware of the risks before doing so.
Steve