compiling nsca-2.1 under Solaris8

Jolet, John John.Jolet at misyshealthcare.com
Fri Aug 16 22:00:01 CEST 2002


if nrpe dies for whatever reason, you get critical alerts.

-----Original Message-----
From: 8lb4fmllhm001 at sneakemail.com [mailto:8lb4fmllhm001 at sneakemail.com]
Sent: Friday, August 16, 2002 2:58 PM
To: nagios-users at lists.sourceforge.net
Subject: RE: RE: [Nagios-users] compiling nsca-2.1 under Solaris8


Fred Im wrote:
> cons:
> 1) scalability, when nagios (or any other monitoring server) 
> has to open an ssh
> session any time it wants to get data, it uses a pretty good 
> amount of cpu
> time...

This did spring to mind.  :-/

> 2) security, seems funny, i know.  to use any scripted ssh 
> daemon, you either
> have to put the passphrase somewhere or the password.  
> neither is a favorable
> way to go.  and the user you're logging in as on the remote 
> host has to have
> login access, something you don't need for the nrpe daemon.  

Actually, you can set up a null passphrase (at least with v.2), drop the
public key on the clients (authorized_keys2) and keep the private key only
on the Nagios host.  Optionally you can modify authorized_keys2 to limit
what can be done whilst authenticating with that key.

As for login access... assuming you don't have root access to the client,
and assuming you've only been granted the one login on the client... you
don't have too many options for installing the plugins.

> simply put, using ssh, you have encrypted the traffic, but 
> the user can run
> anything.  with nrpe, someone may see some odd traffic to the 
> effect of "Test
> OK [5% of 6MB]", but they can only run what you've let them 
> run in the nrpe.cfg
> file.

Again, with authenticated_keys2, you can restrict which command(s) the user
can run.  I might be wrong, but I think you can even specify from which IP
address.  And it'll be a little difficult for them to run anything, if they
don't have the password/private key.  ;)

NRPE does seem much more lightweight, but if the daemon exits (for whatever
reason, including a naive sysadmin who does a "pkill nagios"), you're
rooked.  Granted, the same can be said of sshd....  Okay, so I'm reaching
here.  ;)


-----------------------------------------------------
Protect yourself from spam, use http://sneakemail.com


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users


-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390




More information about the Users mailing list