check_by_ssh

mark.potter at academy.com mark.potter at academy.com
Thu Dec 13 16:11:10 CET 2007


> Further, what is the big concern about running nrpe ??? I have a
> number of mission critical systems that all run nrpe. Configured with
> the correct "allowed_hosts" list, with "nrpe_user" & "nrpe_group" set
> to the right type of account, and the "dont_blame_nrpe=0" parameter
> set (in order to prevent arguments being passed to nrpe) I really
> can't see what the risk is (someone like to enlighten me ?).
> 
> -- 
> bright blessings,
> Mark
> 

Currently I know of no risk associated with running NRPE however any 
service that opens a port on a system can become a risk. After much debate 
and discussion we have decided to use check_by_ssh in our environment for 
this very reason. It may not be a risk at the moment but it could become a 
risk in the future. I am not a hacker so I can't say what could happen 
with the existing code to cause a risk but the possibility remains. Our 
decision was based in simplicity as there is less to install on each 
system, fewer configurations to maintain, less risk as no new daemons are 
introduced. Everyone else may have different mileage in their own 
environments.

Sorry for the off topic post.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20071213/9882cdf6/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list