Distributing plugins
Thomas Guyot-Sionnest
dermoth at aei.ca
Thu Aug 30 08:05:40 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 29/08/07 05:07 PM, Andreas Ericsson wrote:
> Thomas Guyot-Sionnest wrote:
>> That could easily be done in a secure manner, just require all
>> distributed packages to be signed and have the public key reside on the
>> servers. This is what most distributions already do under the hood for
>> security updates.
>>
>
> Not really, no, since the whole idea of having pre-defined commands
> in nrpe.cfg is to make sure that the rest of the network stays more
> or less intact even if someone manages to obtain a user account on
> the nagios server.
>
> Ofcourse, if that user account is the root account, ssh keys allowing
> distribution of programs and configuration files aren't secure either.
I was talking about digitally signing the stuff you send to the remote
daemons (binary or script + command + (optionally) allowed hosts). Of
course it's worth nothing if an unencrypted key is lying around the
server - ideally the key should be encrypted and sitting on the
administrator's computer.
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG1l4z6dZ+Kt5BchYRAhztAKCUEYp4b82FA1daCjYifLWIcYPNgQCfVLqF
Se5kjUvQOa5NlLy2rgaRi8g=
=piUV
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
More information about the Developers
mailing list