[NRPE]Good Job
Carroll, Jim P [Contractor]
jcarro10 at sprintspectrum.com
Thu Nov 21 16:48:41 CET 2002
I'm with Ethan on this. Keep NRPE simple, minimize the security risk.
- For testing purposes, run the command locally on the target host, till you
have the sorts of metrics you're looking for.
- 'Freeze' it by defining it in a master nrpe.cfg (held on your gold
server)*
- Deploy the master nrpe.cfg to all hosts.**
* The concept of a gold server is discussed on www.infrastructures.org
** We're using the 'push' paradigm to get the config file out to all hosts,
but ideally we would have a host where the config file would be 'pulled'
from on a regular basis (using rsync-over-ssh or scp, for example)
Our nrpe.cfg file is currently 12,978 bytes, and will in all probability get
larger over time, not smaller. I've decided that even if a given host
doesn't use the extra definitions in nrpe.cfg, it doesn't matter. Having
one version of nrpe.cfg to manage is certainly quite a bit easier than
maintaining N versions of nrpe.cfg. And the definitions are, for the most
part, fairly universal. Checking for free space on /db001 on one host is
really no different from checking for free space on /db001 on another host
(assuming both hosts have a /db001 partition).
Food for thought.
jc
> -----Original Message-----
> From: Ethan Galstad [mailto:nagios at nagios.org]
> Sent: Wednesday, November 20, 2002 10:43 PM
> To: nagios-users
> Subject: Re: [Nagios-users] [NRPE]Good Job
>
>
> On 20 Nov 2002 at 10:52, Pascal Miquet wrote:
>
> >
> > Just to say that the NRPE is for me a good thing. I took
> less than an
> > hour to compile, install, and check things are working.
> >
> > I'm just surprised that commands seems to be frozen, I mean no
> > arguments from the Nagios server, just request the command
> and that's
> > it.
> > Note, I didn't test to pass arguments to the command on my nagios
> > server.
> > Should be better to give arguments on the command executed on the
> > remote server.
> >
> > Any way,
> > Thanks a lot for this nice feature.
> > Pascal Miquet
>
> I might add support for command arguments in NRPE in future versions
> (because its been requested so much), but I see this as a big
> security problem more than anything. Allowing unauthenticated users
> to execute plugins with arbitrary arguments on remote systems is
> probably not a good idea. In order to make it safer, I'd have to add
> encryption and some means of authentication/authorization. Seems
> better to just use check_by_ssh if you really need that
> functionality.
>
>
> Ethan Galstad,
> Nagios Developer
> ---
> Email: nagios at nagios.org
> Website: http://www.nagios.org
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
More information about the Users
mailing list