NRPE - command arguments, security?

[chiel]

Thanks Andy, makes sense now.
I have implemented the 3 security features you suggested so I will keep 
using it this way.

chiel

----- Original Message ----- 
From: "Andy Shellam" <andy.shellam-lists at mailnetwork.co.uk>
To: "chiel" <chiel at gmx.net>
Cc: <nagios-users at lists.sourceforge.net>
Sent: Tuesday, April 10, 2007 4:12 PM
Subject: Re: [Nagios-users] NRPE - command arguments, security?


> Certainly.
> Imagine you have this command in your nrpe.cfg file:
>
> command[check_disk]=/usr/local/nagios/libexec/chec_disk -p $ARG1$
>
> and you want to pass "/usr" as the parameter to check the disk space 
> available to the /usr directory.
> Now, imagine some rogue has discovered you're running NRPE on your server, 
> connects to it, and sends the command check_disk with "/usr && rm -rf /" 
> as the argument.
>
> NRPE will pass out to the shell the command 
> "/usr/local/nagios/libexec/chec_disk -p /usr && rm -rf /"
> which will cause it to run the plugin, then erase the entire contents of 
> your server's file system.
>
> To be fair, I think it's only a risk if your server is wide open in other 
> ways, such as:
>
> - NRPE allowing any host to connect to it
> - No firewall restrictions
> - sudo security really permissive
>
> etc.  So if you know that only your Nagios server can connect to Nagios 
> (restricted by firewalls and allowed_hosts in nrpe.cfg) I think, with a 
> bit of extra attention paid to command definitions, you'll be OK.  But 
> that's just my opinion.
>
> Note you also have to have compiled NRPE with an extra option to allow 
> command arguments (./configure --enable-command-args) as well as setting 
> the option in the config file.
>
> Andy.
>
>
> chiel wrote:
>> Hi all,
>>  I have just implemented some NRPE servers and I want to allow "command 
>> arguments" with nrpe.
>> In the security readme form nrpe I see that this is a security issue and 
>> you must set "dont_blame_nrpe" (only the argument name already...).
>>  The only thing is that I don't see any reason in the docs why this is so 
>> dangerous. Can somebody please explain?
>>  chiel
>>  !DSPAM:37,461b98af89291579711602!
>> ------------------------------------------------------------------------
>>
>> -------------------------------------------------------------------------
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to share 
>> your
>> opinions on IT & business topics through brief surveys-and earn cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>
>> !DSPAM:37,461b98af89291579711602!
>>   ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when 
>> reporting any issue. ::: Messages without supporting info will risk being 
>> sent to /dev/null
>>
>> !DSPAM:37,461b98af89291579711602!
>> 


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null