NRPE - daemon versus xinetd - pros and cons
James Turnbull
james at lovedthanlost.net
Sat Oct 1 13:37:36 CEST 2005
Richard DeWath wrote:
> I am interested in hearing from anyone who has insight
> on to whether running the daemon is more efficient
> than xinetd for nagios (I mean real difference not
> minor overhead differences); Is there more security
> with xinetd and wrappers in this case? Anyone who has
> tried both, I would be interested in your feedback. I
> have been using xinted/inetd without real problems
> (some nrpe timeouts), but there are people who want to
> use the daemon option. I can do this, but hate to
>
Personally I find inetd/xinetd adds considerable overhead to daemons. I
run NRPE in daemon mode and use iptables or pf rules to lock down the
incoming and outgoing ports and IP addresses.
IMHO - inetd/xinetd/tcpwrappers are outmoded and really only useful for
very dumb daemons - r-tools, finger, ftp - which really you shouldn't be
running anyways - their clear-text implementations make for lousy
security.
Regards
James Turnbull
--
James Turnbull <james at lovedthanlost.net>
---
Author of Hardening Linux, Apress
(http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list