Remote host check methods

[stucky]

I can only agree. I do all my checking with ssh and it works wonderfully.
Every monitored machine has a 'nagios' user that is used to log on to it via
an ssh key where only the nagios box has the privkey to. In the pubkey I use
the 'command' directive to force a sanity check on every command that is
passed via ssh. This command compares what's in the SSH_ORIGINAL_COMMAND
environment variable to a list of allowed commands.  If it passes it get
executed, otherwise nagios errors. It's a simple perl script I wrote.
So the authorized_keys file on all hosts for user 'nagios' looks like that:

from="{nagioshost}",command="/usr/local/nagios/home/acl_agent",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-dss..key stuff

This way the key can only be used from the nagios box for exactly the
commands that the plugins need to run. acl_agent is the perl script and the
acl's themselves are maintained via cfengine.

On 3/30/06, Bill Jacqmein <wrjacqmein at gmail.com> wrote:
>
> Im a bigger fan of check by ssh for unix like OSes.
>
> On 3/29/06, Randall Perry <listsub at systame.com> wrote:
> > Got it running, but am having trouble with SSL, which I'll detail in a
> > separate post.
> >
> >
> >
> > Randall Perry wrote:
> > > I'm new to Nagios. Got it configured and running on my monitoring box.
> > > Tried installing NRPE on a remote host running Mac OSX but couldn't
> get
> > > it to run as daemon or through xinetd.
> > >
> > > There seem to be several methods to check remote hosts including SSH
> > > plugins.
> > >
> > > Just wondering what other's method of choice is for this -- especially
> > > on OSXS.
> > >
> > > TIA
> > >
> >
> >
> > --
> > Randall Perry
> > sysTame
> >
> > Xserve Web Hosting/Co-location/Leasing
> > QuickTime Streaming
> > Mac Consulting/Sales
> >
> > http://www.systame.com/
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> > that extends applications into web and mobile media. Attend the live
> webcast
> > and join the prime developer group breaking into this new coding
> territory!
> > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> language
> that extends applications into web and mobile media. Attend the live
> webcast
> and join the prime developer group breaking into this new coding
> territory!
> http://sel.as-us.falkag.net/sel?cmdlnk&kid0944&bid$1720&dat1642
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>



--
stucky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060330/5c98e686/attachment.html>