[Pkg-nagios-devel] Bug#756479: Bug#756479: (no subject)
David Rosenstrauch
darose at darose.net
Tue Sep 1 15:24:31 UTC 2015
On 09/01/2015 11:15 AM, Alexander Wirt wrote:
> On Tue, 01 Sep 2015, David Rosenstrauch wrote:
>
>> On 09/01/2015 10:58 AM, Alexander Wirt wrote:
>>> On Tue, 01 Sep 2015, David Rosenstrauch wrote:
>>>
>>>> So what is the recommended workaround for users who are currently relying on
>>>> this functionality?
>>> either get your environment fixed, or build your own package.
>>>
>>> Alex
>>
>> Not sure what you mean by "get your environment fixed"?
>>
>> Presumably a "fixed environment" means "one that doesn't use
>> 'dont_blame_nrpe'". That's fair enough. But that also obviously removes
>> previously working functionality
>>
>> So that's exactly what I was asking: for someone who was previously making
>> use of this functionality, and no longer should, what might a "fixed
>> environment" look like? What is the recommended/more secure way to pass
>> parms to a remote NRPE process now? Or, if it's recommended that one not
>> pass parms to NRPE, what is recommended instead.
> nrpe has several, not fixable security problems with argument parsing. You
> should not use it at all. A secure alternative would be to use check_by_ssh.
>
>> For a concrete example, I'm currently monitoring machines for disk space.
>> Most machines I check for at least 20% disk space free. But on machines
>> with large disks, 20% is excessive, so I drop that to 10%. So the 20%/10%
>> is a parm that I pass to NRPE. What would be the recommended way to
>> implement functionality like this going forward?
> Either use check_by_ssh or use a configuration management system like puppet
> to write out your nrpe configuration with different parameters.
>
> Alex
>
Ah. I wasn't aware of that check_by_ssh plugin. I'll give that a look.
Thanks!
DR
More information about the Pkg-nagios-devel
mailing list