[Pkg-nagios-devel] Bug#547092: nrpe ssl security problem
Christoph Anton Mitterer
calestyo at scientia.net
Thu Feb 7 22:50:12 UTC 2013
On Thu, 2013-02-07 at 14:13 -0800, Matt Taggart wrote:
> If this can't be solved, maybe we could recommend better
The better alternative is using ssh with control channel
multiplexing,... which is as fast as nrpe.
The only thing missing there was a restricted shell for the remote hosts
where they can specify white (the check commands and their args) and
blacklists (evil stuff like "*" or "..") in order to control the
commands that the monitoring node may run (as they can do on a very,
very, limited and insecure way with nrpe).
Removing nrpe from testing is IMHO a bad idea... but I would suggest to
add big fat warnings the nrpe is completely insecure.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5113 bytes
Desc: not available
More information about the Pkg-nagios-devel