nrpe allowed_hosts

Brian Whitehead brian.whitehead at digitalevergreen.com
Mon Oct 7 23:51:53 CEST 2002

Previous message: nrpe allowed_hosts
Next message: nrpe allowed_hosts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2002-10-07 at 16:22, Rusch, Daniel wrote:
> All,
> 
> In the nrpe.cfg file there is the line allowed_hosts.
> 
> Can a range of addresses be used instead of a single address. If so what
> would be the syntax?  
> 
> i.e. 10.24.2.0-50
> 
> or 10.24.2.x

I've included the notes from the nrpe.cfg and the xinetd.conf man page. 
Basically, if you are using inetd or xinetd the line in nrpe.cfg is
ignored.  Below you'll find the information on how to use the only_from
line for xinetd.


------- START nrpe.cfg -----------

# ALLOWED HOST ADDRESSES
# This is a comma-delimited list of IP address of hosts that are allowed
# to talk to the NRPE daemon.
#
# NOTE: The daemon only does rudimentary checking of the client's IP
#       address.  I would highly recommend adding entries in your
#       /etc/hosts.allow file to allow only the specified host to
connect
#       to the port you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
------ END nrpe.cfg --------------

------ START man xinted.conf------

       only_from        determines  the remote hosts to which the
                        particular  service  is  available.   Its
                        value is a list of IP addresses which can
                        be specified in any  combination  of  the
                        following ways:

                        a)   a  numeric  address  in  the form of
                             %d.%d.%d.%d. If the rightmost compo-
                             nents  are  0,  they  are treated as
                             wildcards (for example, 128.138.12.0
                             matches  all hosts on the 128.138.12
                             subnet).  0.0.0.0 matches all Inter-
                             net addresses.

                        b)   a  factorized address in the form of
                             %d.%d.%d.{%d,%d,...}.  There  is  no
                             need  for  all  4  components  (i.e.
                             %d.%d.{%d,%d,...%d}  is  also   ok).
                             However, the factorized part must be
                             at the end of the address.

                        c)   a network name (from /etc/networks)

                        d)   a host name.  When a  connection  is
                             made  to xinetd, a reverse lookup is
                             performed, and  the  canonical  name
                             returned  is  compared to the speci-
                             fied host name.  You  may  also  use
                             domain   names   in   the   form  of
                             .domain.com.  If the reverse  lookup
                             of   the   client's   IP  is  within
                             .domain.com, a match occurs.

                        e)   an ip address/netmask range  in  the
                             form of 1.2.3.4/32.

                        Specifying this attribute without a value
                        makes the service available to nobody.

----- END man xinetd.conf -------


-- 
Brian Whitehead - A+, LCP, RHCE
Systems Administrator
Direct: 816.512.9417
Mobile: 816.510.3996
mailto:brian.whitehead at digitalevergreen.com

Digital Evergreen
423 West 8th Street
Suite 410
Kansas City, MO 64105
Phone: 816.512.9399
http://www.digitalevergreen.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Previous message: nrpe allowed_hosts
Next message: nrpe allowed_hosts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list