Pandora: Documentation en: RemoteManagement
1 Remote system management with Pandora FMS
Pandora FMS is a monitoring tool, and given its philosophy, it doesn't use the agents to connect us to the equipment, so it uses other methods to allow operators to remotely control the monitored systems. Some systems, such as routers and switches can be managed by Telnet or SSH and in order to access them you only need to launch the command. To do this, we will use an optional extension based on the Anytermd tool that has not been installed as standard since version 7.0. It is present in the Pandora FMS module library 
The standard tool in Pandora FMS to have access to remote systems (be it windows, mac or Windows) is eHorus , a remote control tool that since it's WEB, it is totally integrated in the Pandora FMS interface.
1.2 Using eHorus with Pandora FMS
eHorus is a remote management system that relies on the cloud (SaaS) to connect to the computers, regardless of changes in IP, firewalls or other problems discussed previously.
To enable it, it is necessary to activate the integration in its configuration section.
After that, it will be necessary to enter a valid login from a service user. This user will be used to authorize the remote connection to the provided agents.
It is possible, although probably not necessary, to use another eHorus provider editing the fields API Hostname (switch.ehorus.com by default) and API Port (18080 by default).
Once the connection is configured, you'll be able to check that a new custom field appears in the agent view, called eHorusID. This field should contain the eHorus agent ID to be managed. YOu can find this ID in several places, such as the eHorus agent running on the machine or in the eHorus Portal (see image).
If you are using Pandora FMS agents 7.0 or higher, they already automatically support a parameter to automatically obtain the eHorus ID, through the following configuration token:
The configuration token supports the absolute path to a valid configuration file of an eHorus agent. The agent will create a custom field called eHorusID that contains the identification key of the eHorus agent.
The eHorus agent to be managed must be visible by the configured user in the configuration section of the integration.
When the Pandora FMS agent has defined the ID of the eHorus agent in its customized field, the administrator users or those that have management permissions of the agent, will see a new tab in the agent menu from which they will be able to use the eHorus client from inside Pandora FMS.
The ehorus id (EKID) is entered in this custom field of the agent:
Once configured, just click on any of the sections that the remote control extension with ehorus of that agent presents: remote control via Shell, remote desktop, process view, services or copy files:
We always recommend using a local password in the eHorus agent. If configured, we will be prompted interactively:
Once authenticated, we can access the interactive command line session (linux, mac and windows) with root permissions:
And the same goes for managing remote processes and copying files (both upload and download):
And of course, the remote desktop (windows, linux and mac):
For more information about eHorus, you can visit their website . eHorus is free up to 10 computers. eHorus is developed by the same team that made Pandora FMS possible.
If you are running Pandora FMS on Windows, download the Mozilla CA certificate store in PEM format and add
1.3 Connecting to remote systems using SSH and/or Telnet with Pandora FMS
There is an extension that allows users to connect directly with remote devices via SSH or SSH. This can be done with the "Remote gateway"extension. This component needs a special configuration, which is not installed "by default" in most Pandora FMS installations, more information and downloads in the library of Pandora FMS modules. 
This extension does not work well with modern versions of Centos/RHEL due to security restrictions in the internal call forkptt (). We recommend using eHorus to replace this functionality. More info.
Pandora FMS uses a tool called "anytermd", to create a kind of proxy between the user's browser and the remote destination. This tool launches a daemon, listening on a port, that executes a command, diverting all the contents of the connection to the user's browser. This means that all connections are made from the Pandora FMS server, and that the Pandora server has to have installed the ssh and telnet clients of the system. This would be an architecture of the system:
1.3.1 Installation and configuration
The source code is located in extras/anytermd in the SVN repository of the project. Additionally it can be found as RPM and tarball packages in the official downloads of the project.
Make sure you have installed the packages: gcc-c++, make, boost-devel and zlib-devel.
Then manually install the binary in /usr/bin
cp anytermd /usr/bin
To run the server daemon, you will have to do it "by hand", since it does not start with the server or Pandora console. The SSH/Telnet remote connection extension will use a different port for each type of connection, SSH 8022 and Telnet 8023.
It has a boot script for anytermd in contrib/anytermd. Copy it to /etc/init. d/anytermd and run it this way to boot it:
By default it uses the user "pandora" for its execution, if you want to change it, modify the script.
Make sure that ports 8022 and 8023 are free and open from the user browser to the server where the Pandora's console and anytermd runs.
184.108.40.206 Securization of Anytermd installation
For security reasons, we recommend restricting access to ports 8022 and 8023 so that only authorized systems can access them. To do this, we recommend using firewall rules (iptables on Linux):
On the host where Anytermd runs:
iptables -I INPUT -p tcp --dport 8023 -s <source_ip> -j ACCEPT iptables -I INPUT -p tcp --dport 8022 -s <source_ip> -j ACCEPT
Where <source_ip> is the IP of the user/browser that will have access to this functionality.