Distributing plugins

[Thomas Guyot-Sionnest]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 29/08/07 05:07 PM, Andreas Ericsson wrote:
> Thomas Guyot-Sionnest wrote:
>> That could easily be done in a secure manner, just require all
>> distributed packages to be signed and have the public key reside on the
>> servers. This is what most distributions already do under the hood for
>> security updates.
>>
> 
> Not really, no, since the whole idea of having pre-defined commands
> in nrpe.cfg is to make sure that the rest of the network stays more
> or less intact even if someone manages to obtain a user account on
> the nagios server.
> 
> Ofcourse, if that user account is the root account, ssh keys allowing
> distribution of programs and configuration files aren't secure either.

I was talking about digitally signing the stuff you send to the remote
daemons (binary or script + command + (optionally) allowed hosts). Of
course it's worth nothing if an unencrypted key is lying around the
server - ideally the key should be encrypted and sitting on the
administrator's computer.

Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG1l4z6dZ+Kt5BchYRAhztAKCUEYp4b82FA1daCjYifLWIcYPNgQCfVLqF
Se5kjUvQOa5NlLy2rgaRi8g=
=piUV
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/