Problem with ping-check?

[Andreas Ericsson]

Holger Weiss wrote:
> * Andreas Ericsson <ae at op5.se> [2007-10-15 14:34]:
>> Matthias Eble wrote:
>>>> I've moved from check_ping to check_icmp.
>>>> If check_ping can produce unnecessary alerts then why not simply symlink
>>>> check_ping to check_icmp or remove it?
>>> because check_icmp needs root privileges (setuid root). check_ping can 
>>> be run without uid 0 because ping already has setuid root.
>>> check_icmp can only be installed with root privileges.
>> Well, it's bugs in /bin/ping or bugs in check_icmp. Both of them drop
>> root privs immediately after having obtained the raw socket, so the attack
>> vector is severely limited.
> 
> Personally, though I do recommend to use check_icmp whenever possible, I
> would not like making root privileges a requirement to get some
> check_ping/check_icmp plugin installed.  I'm not root on all Nagios
> systems I maintain.
> 

True. AFAIR that's the primary reason check_ping is still around. Perhaps it
would have been better to put all effort into improving check_ping instead of
creating a replacement for it, especially in light of parallellized host checks
in nagios 3. Ah well, one lives and one learns, and hindsight is always 20/20.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/