[Pkg-nagios-devel] Bug#547092: nrpe ssl security problem
Matt Taggart
taggart at debian.org
Thu Feb 7 22:13:44 UTC 2013
As pointed out in a previous message to the bug, #547092
"nagios-nrpe-server: Insecure 'SSL' option, key identical for all
debian systems" is severity grave due to the security problem it
introduces in the service (but not critical since the problem is
limited to the nrpe service). I have adjusted it.
This bug hasn't had any activity for almost a year and was mostly
shouting before that. This package shouldn't be in testing/stable
until this is fixed lest others (as I did) spend a bunch of effort
implementing lots of nrpe based checks before realizing they just
opened a security hole on all their systems...
If this can't be solved, maybe we could recommend better
alternatives?
Thanks,
--
Matt Taggart
taggart at debian.org
More information about the Pkg-nagios-devel
mailing list