Plugin to check MD5 sum on certain files

[Andreas Ericsson]

Dan Stromberg wrote:
> On Tue, 2004-11-09 at 12:56, Andreas Ericsson wrote:
> 
> 
>>> I'm not opposed to using another method, it is just what Big
>>>Brother had used.
>>
>>A poor design choice isn't made better because people use it.
> 
> 
> By the same token, antispam filtering, antivirus filtering, and
> host-based printer page counting are "poor design choices" - they're all
> fallible, and they're all "incomputable" in a strict computation theory
> sense.
> 

Moot comparison. Filtering rules aren't in the hands of the spammer or 
virus-author, but checksum comparison data and programs needs to be 
accessed on the system where it's used. Accessible means root can alter 
them. There's no avoiding it.

If you compare it to setting up a spamfilter for outgoing mail in the 
sending client you'd be dead on target.

> But if you go around telling people they should stop using these just
> because they cannot do the job 100%, people are just going to laugh at
> you.  Long and loud.
> 

I argue people should use pop-before-smtp on their servers and filter 
all email that doesn't match a whitelist or isn't text-only.
I argue people should use Unix-based operating systems instead of 
Windows because Windows-based systems are flawed in design, making them 
susceptible to virii and worms in 99% of all default installations.
I argue people should use opensource because that's the only way you can 
be sure the program does what it's supposed to without doing anything else.
I argue people should run networking daemons as dedicated pseudo-users 
in chroot jail and use firewalls to block out access to ports that 
aren't in use.
I argue that people should MANUALLY run checks for rootkits and such 
every once in a while, because automated tests just doesn't work if the 
attacker manages to get root access.

I don't hear anybody laughing. On the contrary, I make pretty good money 
implementing what I argue.

> The only reason it isn't the same in the security world, is people don't
> understand computer security well enough to laugh into oblivion, the
> people arguing against doing the best you can.
> 

Hearing from you that people don't understand computer security is a bit 
like hearing a monkey telling a bird how to fly.
You can substitute "bird" with "real admin" and "fly" with "set up and 
operate a computer in a secure manner" in the previous sentence. The 
monkey part stays the same, though.

By the way, did you find my last reply?

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null