[Pkg-nagios-devel] Bug#547092: nrpe ssl security problem

Matt Taggart taggart at debian.org
Thu Feb 7 22:13:44 UTC 2013

As pointed out in a previous message to the bug, #547092
"nagios-nrpe-server: Insecure 'SSL' option, key identical for all
debian systems" is severity grave due to the security problem it
introduces in the service (but not critical since the problem is
limited to the nrpe service). I have adjusted it.

This bug hasn't had any activity for almost a year and was mostly
shouting before that. This package shouldn't be in testing/stable
until this is fixed lest others (as I did) spend a bunch of effort
implementing lots of nrpe based checks before realizing they just
opened a security hole on all their systems...

If this can't be solved, maybe we could recommend better


Matt Taggart
taggart at debian.org

More information about the Pkg-nagios-devel mailing list