Distributing plugins

Andreas Ericsson ae at op5.se
Wed Aug 29 23:07:43 CEST 2007

Previous message: Distributing plugins
Next message: Distributing plugins
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thomas Guyot-Sionnest wrote:
> sean finney wrote:
>> On Wednesday 29 August 2007 04:30:53 pm Andreas Ericsson wrote:
>>> francois basquin wrote:
>>>> - modifying nrpe to distribute the plugins on demand. The Nagios server
>>>> could hold the plugins repository, and send the ones missing to the
>>>> client. A timestamp checking should also be needed to distribute new
>>>> versions. Pros: no extra protocol. Cons: needs some development, may
>>>> introduce a lag on the first service call.
>>> Code speaks louder than words. Unfortunately, a very, very small percentage
>>> of the people reading emails on this list are competent programmers enough
>>> to hack up the ideas being sent to this list. Usually those of us who are
>>> aren't interested in making the changes necessary, so it dies down without
>>> ever being even prototyped.
>> furthermore, we're talking about a system where one host on the network 
>> basically connects to another host and says "here, run this thing i'm about 
>> to give you".  i would be very skeptical of *anyone*'s implementation of 
>> that, even that very small percentage :)
> 
> That could easily be done in a secure manner, just require all
> distributed packages to be signed and have the public key reside on the
> servers. This is what most distributions already do under the hood for
> security updates.
> 

Not really, no, since the whole idea of having pre-defined commands
in nrpe.cfg is to make sure that the rest of the network stays more
or less intact even if someone manages to obtain a user account on
the nagios server.

Ofcourse, if that user account is the root account, ssh keys allowing
distribution of programs and configuration files aren't secure either.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/

Previous message: Distributing plugins
Next message: Distributing plugins
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list