Skip to content

Latest commit

 

History

History
36 lines (23 loc) · 2.85 KB

readme.md

File metadata and controls

36 lines (23 loc) · 2.85 KB

Simple Statping NAT Gateway Adapter

This repository contains a simple PHP Web Application that allows you to generate and deploy status scripts for the major OS plattforms. This will allow you to keep an eye on the basic online status of your hosts, even if they are located behind a private NAT gateway, don't have their own public IP address or if they are not running any web service.

Deployment

Just copy the contents of the folder "statping-api-adapter" to a directory on a webserver or shared webhosting of your choice. As long as PHP is enabled and the scripts are allowed to access your local files, you should be good to go.

How to use

  1. Modify the tokens in the config.php file (VERY IMPORTANT)
  2. Copy the contents to your webserver
  3. Open the folder / the file index.php on your webserver.
  4. Press the button to generate all deployment scripts
  5. Copy the instructions for your OS and execut them in your shell

Live Demo

You can see the tool in action over here: https://pixel-shift.de/statping-service/ The status-export is used in this website: https://pixel-shift.de/status.html

Statping Setup

Now that you have deployed your server to statping, you can add a new target in statping to make use of the newly created link. Copy the URL from the statping section of your index.php and add the device name to it, that you configured during deployment. You can also get the statping URL by opening accessing the manager script on your host. It will show you the correct URL on your shell output.

Security concerns

The WebApp does not implement any sophisticated security mechanisms due to the (possibly) low severity of data leaks. This web app makes use of three different tokens:

  • api token (to authenticate deployments)
  • download token (to download deployment scripts)
  • statping token (optional)

By default, the deployments folder and storage folders are autogenerated with permissions 0700, meaning that only the server itself has full privilges. Users requesting access to the files directly cannot get the deployment scripts or settings. This will not work on Windows Servers, in this case you would have to adjust the permissions manually after generation.

To improve privacy, there are two settings. First of all, you can disable the debug mode. This will prevent the database export at the bottom of the index page. In addition to that, you can enable the privacy mode. While the privacy mode is active, you cannot change any of the settings until you enter the download token from the settings on the website. This also means that unauthenticated users cannot see any of the specifics.

One final warning: this whole thing is based on security through obfuscation. If you are interested in establishing an actual production ready monitoring system for your private or public infrastructure, shoot us a message at [email protected] or on www.pixel-shift.de.