NRPE - daemon versus xinetd - pros and cons

James Turnbull james at lovedthanlost.net
Sat Oct 1 13:37:36 CEST 2005


Richard DeWath wrote:
> I am interested in hearing from anyone who has insight
> on to whether running the daemon is more efficient
> than xinetd for nagios (I mean real difference not
> minor overhead differences);  Is there more security
> with xinetd and wrappers in this case?  Anyone who has
> tried both, I would be interested in your feedback.  I
> have been using xinted/inetd without real problems
> (some nrpe timeouts), but there are people who want to
> use the daemon option.  I can do this, but hate to
>   
Personally I find inetd/xinetd adds considerable overhead to daemons.  I 
run NRPE in daemon mode and use iptables or pf rules to lock down the 
incoming and outgoing ports and IP addresses.

IMHO - inetd/xinetd/tcpwrappers are outmoded and really only useful for 
very dumb daemons - r-tools, finger, ftp - which really you shouldn't be 
running anyways - their clear-text implementations make for lousy 
security. 

Regards

James Turnbull

-- 
James Turnbull <james at lovedthanlost.net>
---
Author of Hardening Linux, Apress
(http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list