Monitor Checkpoint VPN links

Dan Tulovsky Dan.Tulovsky at sbiandcompany.com
Thu Jul 10 17:13:56 CEST 2003

Previous message: Monitor Checkpoint VPN links
Next message: Monitor Checkpoint VPN links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think an even better idea is to use machines that are behind the
firewalls if you are going to do that... Since you just need to test the
link, it's often better to test it from behind...

Dan


-----Original Message-----
From: Roy S. Rapoport [mailto:nagios-users at ols.inorganic.org] 
Sent: Wednesday, July 09, 2003 7:03 PM
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Monitor Checkpoint VPN links


On Wed, Jul 09, 2003 at 06:21:50PM -0400, Rob Nelson wrote:
> It's always an ugly hack, but one can do just about anything with 
> "expect".
> I'd suggest using ssh keys tho, rather than putting your ssh password
in 
> cleartext in the scriptfile.

As a security person, this makes me shudder.

Remember, this is your firewall.  

I won't tell you how to manage your security devices, but the concept of
allowing automated, non-passworded (or passphrased) access to a firewall
scares the bejesus out of me.  I would aruge, with respect to the
requester's experience and knowledge, that it's a Bad Idea.

If you *are* going to do that, for God's sake, make sure that the SSH
key is only authorized for the very minimal actions that you need to
monitor the system -- in other words, you shouldn't just SSH and run
some commands
-- you should 'ssh user at fw <command>' and make sure that the SSH key
ONLY allows you to run <command>.

-roy


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Monitor Checkpoint VPN links
Next message: Monitor Checkpoint VPN links
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list