nrpe allowed_hosts
Brian Whitehead
brian.whitehead at digitalevergreen.com
Mon Oct 7 23:51:53 CEST 2002
On Mon, 2002-10-07 at 16:22, Rusch, Daniel wrote:
> All,
>
> In the nrpe.cfg file there is the line allowed_hosts.
>
> Can a range of addresses be used instead of a single address. If so what
> would be the syntax?
>
> i.e. 10.24.2.0-50
>
> or 10.24.2.x
I've included the notes from the nrpe.cfg and the xinetd.conf man page.
Basically, if you are using inetd or xinetd the line in nrpe.cfg is
ignored. Below you'll find the information on how to use the only_from
line for xinetd.
------- START nrpe.cfg -----------
# ALLOWED HOST ADDRESSES
# This is a comma-delimited list of IP address of hosts that are allowed
# to talk to the NRPE daemon.
#
# NOTE: The daemon only does rudimentary checking of the client's IP
# address. I would highly recommend adding entries in your
# /etc/hosts.allow file to allow only the specified host to
connect
# to the port you are running this daemon on.
#
# NOTE: This option is ignored if NRPE is running under either inetd or
xinetd
------ END nrpe.cfg --------------
------ START man xinted.conf------
only_from determines the remote hosts to which the
particular service is available. Its
value is a list of IP addresses which can
be specified in any combination of the
following ways:
a) a numeric address in the form of
%d.%d.%d.%d. If the rightmost compo-
nents are 0, they are treated as
wildcards (for example, 128.138.12.0
matches all hosts on the 128.138.12
subnet). 0.0.0.0 matches all Inter-
net addresses.
b) a factorized address in the form of
%d.%d.%d.{%d,%d,...}. There is no
need for all 4 components (i.e.
%d.%d.{%d,%d,...%d} is also ok).
However, the factorized part must be
at the end of the address.
c) a network name (from /etc/networks)
d) a host name. When a connection is
made to xinetd, a reverse lookup is
performed, and the canonical name
returned is compared to the speci-
fied host name. You may also use
domain names in the form of
.domain.com. If the reverse lookup
of the client's IP is within
.domain.com, a match occurs.
e) an ip address/netmask range in the
form of 1.2.3.4/32.
Specifying this attribute without a value
makes the service available to nobody.
----- END man xinetd.conf -------
--
Brian Whitehead - A+, LCP, RHCE
Systems Administrator
Direct: 816.512.9417
Mobile: 816.510.3996
mailto:brian.whitehead at digitalevergreen.com
Digital Evergreen
423 West 8th Street
Suite 410
Kansas City, MO 64105
Phone: 816.512.9399
http://www.digitalevergreen.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
More information about the Users
mailing list