check-ping
Andreas Ericsson
ae at op5.se
Mon Jul 14 13:54:03 CEST 2008
Jeff Koch wrote:
> Hi Philipp:
>
> Thanks for your help. When we ran ping as nagios it bombed. Permissions on
> ping needed to be set SUID root so that an ICMP socket could be opened. We
> had changed that for security reasons. We'll make nagios sudo root for
> ping. That should solve the problem.
>
Changing /bin/ping to not be suid root for security reasons and then changing
Nagios to be suid root to fix a problem this causes seems more than just a
little backwards to me.
Do "chmod 4711 /bin/ping" instead. ping is a simple program of ~4000 LoC. It
has been thouroughly audited for security holes. Nagios is, in comparison, a
complex elephantine monster of 80.000 LoC. Add any and all plugins it might
run as well and you'll be well on your way to 250k LoC or more. Nobody has
bothered auditing it very much from a security standpoint because it's not
supposed to run with root permissions.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list