Send_nsca.pl

Chaos Golubitsky walrus+nagios at glassonion.org
Wed Sep 8 19:06:06 CEST 2004

Previous message: Send_nsca.pl
Next message: Nagios 2.0 performance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 08 Sep, 2004 at 10:07:43 -0500, Vanole, Mike wrote:

> Has anyone taken the send_nsca.pl script (found at
> http://www.nagios.org/download/extras.php) and added password support.
> The script is very useful but we require a password in our environment,
> and this functionality was not ported. Before I try to add password
> support I was hoping someone had already done this and would like to
> share the result. I would really like a perl solution.

My personal view on send_nsca is that the protection it provides
is not terribly worthwhile, since it uses encryption as authentication
(i.e. any ciphertext which decrypts to a valid message is considered
to be authenticated, rather than using a MAC or other signature
which is actually designed for authentication).

I don't want to argue this, but: an alternative to trying to get
nsca to work with a password over a network is to run the nsca
daemon only listening on the local interface.  Then, you transfer
data from the remote machine to the local machine using an SSH
forced command with a public key, whose forced command is to run
the send_nsca client only locally on the central server.  Any data
you want to send to nsca you put on the STDIN of the SSH call, so
it will also be the STDIN of the locally-run send-nsca call, as
desired.

That way, the between-machine authentication is provided by SSH,
which has reasonably rigorous methods for doing this, and which
allows you to use a public key (so you don't have to store a password
in a file) and a forced command (so an attacker who has compromised
the client machine is a bit more limited in the havoc he can wreak
on the server machine).

-Chaos

-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Send_nsca.pl
Next message: Nagios 2.0 performance
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list