NRPE Client worthwhile?
Scott Zawalski
scott.zawalski at web.de
Fri Aug 22 08:41:13 CEST 2003
I have been playing with the question of if the NRPE is worth while. I
still cannot make a case against it, but i'm leaning towards the answer
of no and any imput would be appreciated.
NRPE not only opens another port on your systems, but also requires you
to install a daemon that has to be configured on every host you install it.
SSH on the other hand only requires that you have the requested plugins
on that machine and a passphraseless key. This does however grant people
access to every machine if your "nagios.key" is compromised, but in many
enviroments every system's credentials is run with nis or ldap so if you
crack someone's password the same applies.
SSH is encrypted natively and NRPE can be compiled with SSL so they are
the same from that point of view. The fact that you do not have to
configure a seperate config file for ssh like you do for nrpe is a big
plus IMHO. I know you can make a standard nrpe.cfg and put args in it,
but something just doesn't make me to happy when the config says HUGE
SECURITY RISK if I enable the option.
It is kind of back and forth any suggestions as to why NRPE could be
superior in remote checking please let me know if I am missing out on a
cool feature when nrpe is deployed!
Thank you,
Scott
-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list