Problem with ping-check?
Holger Weiss
holger at CIS.FU-Berlin.DE
Mon Oct 15 14:49:19 CEST 2007
* Andreas Ericsson <ae at op5.se> [2007-10-15 14:34]:
> Matthias Eble wrote:
> >> I've moved from check_ping to check_icmp.
> >> If check_ping can produce unnecessary alerts then why not simply symlink
> >> check_ping to check_icmp or remove it?
> >
> > because check_icmp needs root privileges (setuid root). check_ping can
> > be run without uid 0 because ping already has setuid root.
> > check_icmp can only be installed with root privileges.
>
> Well, it's bugs in /bin/ping or bugs in check_icmp. Both of them drop
> root privs immediately after having obtained the raw socket, so the attack
> vector is severely limited.
Personally, though I do recommend to use check_icmp whenever possible, I
would not like making root privileges a requirement to get some
check_ping/check_icmp plugin installed. I'm not root on all Nagios
systems I maintain.
Holger
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
More information about the Developers
mailing list