nrpe and nrpe_nt development
Stephen Strudwick
sas at gxn.net
Thu Dec 18 16:04:53 CET 2003
hello all,
This is my first post to this list and I want to ask some questions
about my company (Pipex) doing some development for nrpe and nrpe_nt.
We have been using netsaint for a while and are upgrading to nagios and
have decided to use nrpe for nt and unix boxes.
I noticed the encryption using openssl is not really that secure, as far
as I can tell it only encrypts the session between the client and server
and dosnt stop anyone else with the nrpe client querying the server.
The only protection the demon has as far as I can tell is the IP
restrictions.
We have some internal code we have been using for several years here that
provides Blowfish encryption using shared keys, username pass
authentication and all kinds of handshaking and security.
The code is in C, and we have modules for *nix and NT.
we also have an implementation as a Perl module (with C backend code).
I would like to add this code to nrpe as a compile time option (say
--use-blowfish on ./configure).
And also to the NT version.
If I add this code I would like if possible to be integrated into the
current releases of nrpe so we dont create a static fork inside our
company).
Basically im looking for feedback as to whether this is neccessary/right
thing to do, or have I misunderstood the openssl encryption.
I envisage the shared key encryption working like nrpep with a -s
<secret> option being used for a secret on the nagios server.
Thanks in advance for any feedback.
-
Stephen Strudwick
Advanced Development Engineer
Development Group, Product Development
PIPEX Communications
http://www.pipexcommunications.net/
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
More information about the Developers
mailing list