Monitor Checkpoint VPN links

Tedman Eng teng at dataway.com
Thu Jul 10 07:03:38 CEST 2003

Previous message: Monitor Checkpoint VPN links
Next message: Monitor Checkpoint VPN links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How about if you use a good security model, and aproach it from that POV.

The secure object (the firewall) shouldn't be regularly accepting commands,
so instead it pushes its status and performance information to a collector
machine (cricket comes to mind).  A cron job on the firewall runs a command
that scp's the performance data (bandwidth, cpu, vpn load, vpn status, etc)
to the collector machine.  The machine then crunches the incoming data,
creating nice little RRDtool Graphs.  And, submit the VPN status piece of
info as a passive check to nagios (check if it's fresh too).

Poppin' fresh links!  Yum!

--T



"Roy S. Rapoport" <nagios-users at ols.inorganic.org> wrote in message
news:20030709230248.GP9908 at nag.inorganic.org...
> On Wed, Jul 09, 2003 at 06:21:50PM -0400, Rob Nelson wrote:
> > It's always an ugly hack, but one can do just about anything with
"expect".
> > I'd suggest using ssh keys tho, rather than putting your ssh password in
> > cleartext in the scriptfile.
>
> As a security person, this makes me shudder.
>
> Remember, this is your firewall.
>
> I won't tell you how to manage your security devices, but the concept of
> allowing automated, non-passworded (or passphrased) access to a firewall
> scares the bejesus out of me.  I would aruge, with respect to the
> requester's experience and knowledge, that it's a Bad Idea.
>
> If you *are* going to do that, for God's sake, make sure that the SSH key
> is only authorized for the very minimal actions that you need to monitor
> the system -- in other words, you shouldn't just SSH and run some commands
> -- you should 'ssh user at fw <command>' and make sure that the SSH key ONLY
> allows you to run <command>.
>
> -roy
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> www.parasoft.com/bulletproofapps
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>





-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Monitor Checkpoint VPN links
Next message: Monitor Checkpoint VPN links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list