check_by_ssh vs check_snmp: security considerations?

Jeff Smelser tradergt at smelser.org
Fri Oct 29 20:50:45 CEST 2004


On Friday 29 October 2004 01:27 pm, Dan Stromberg wrote:
> check_by_ssh of course, isn't vulnerable to replay attacks.  But if we
> set up passwordless, passphraseless accounts on all of our systems for
> check_by_ssh, that's a sort of problem in itself, since that account
> could (normally) run any command it wanted to.
>
> check_snmp is subject to replay attacks, but it's relatively limited in
> what it can do.
>
> So I guess my question is: Is there a form of restricted shell that
> would work conveniently with check_by_ssh, that would allow only a short
> list of sanitized plugins to run?

I thought this was the point behind check_nrpe?

Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20041029/0ac0ddd6/attachment.sig>


More information about the Users mailing list