[NRPE]Good Job

Carroll, Jim P [Contractor] jcarro10 at sprintspectrum.com
Thu Nov 21 16:48:41 CET 2002


I'm with Ethan on this.  Keep NRPE simple, minimize the security risk.

- For testing purposes, run the command locally on the target host, till you
have the sorts of metrics you're looking for.

- 'Freeze' it by defining it in a master nrpe.cfg (held on your gold
server)*

- Deploy the master nrpe.cfg to all hosts.**

* The concept of a gold server is discussed on www.infrastructures.org

** We're using the 'push' paradigm to get the config file out to all hosts,
but ideally we would have a host where the config file would be 'pulled'
from on a regular basis (using rsync-over-ssh or scp, for example)

Our nrpe.cfg file is currently 12,978 bytes, and will in all probability get
larger over time, not smaller.  I've decided that even if a given host
doesn't use the extra definitions in nrpe.cfg, it doesn't matter.  Having
one version of nrpe.cfg to manage is certainly quite a bit easier than
maintaining N versions of nrpe.cfg.  And the definitions are, for the most
part, fairly universal.  Checking for free space on /db001 on one host is
really no different from checking for free space on /db001 on another host
(assuming both hosts have a /db001 partition).

Food for thought.

jc

> -----Original Message-----
> From: Ethan Galstad [mailto:nagios at nagios.org]
> Sent: Wednesday, November 20, 2002 10:43 PM
> To: nagios-users
> Subject: Re: [Nagios-users] [NRPE]Good Job
> 
> 
> On 20 Nov 2002 at 10:52, Pascal Miquet wrote:
> 
> > 
> > Just to say that the NRPE is for me a good thing. I took 
> less than an 
> > hour to compile, install, and check things are working. 
> > 
> > I'm just surprised that commands seems to be frozen, I mean no 
> > arguments from the Nagios server, just request the command 
> and that's 
> > it. 
> > Note, I didn't test to pass arguments to the command on my nagios 
> > server. 
> > Should be better to give arguments on the command executed on the 
> > remote server. 
> > 
> > Any way, 
> > Thanks a lot for this nice feature. 
> > Pascal Miquet 
> 
> I might add support for command arguments in NRPE in future versions 
> (because its been requested so much), but I see this as a big 
> security problem more than anything.  Allowing unauthenticated users 
> to execute plugins with arbitrary arguments on remote systems is 
> probably not a good idea.  In order to make it safer, I'd have to add 
> encryption and some means of authentication/authorization.  Seems 
> better to just use check_by_ssh if you really need that 
> functionality.
> 
> 
> Ethan Galstad,
> Nagios Developer
> ---
> Email: nagios at nagios.org
> Website: http://www.nagios.org
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf




More information about the Users mailing list