Disk check by check_by_ssh or nrpe or wrapper, which is better?

Hari Sekhon hpsekhon at googlemail.com
Fri Aug 24 10:21:43 CEST 2007


> wrote a wrapper plugin which will send command to remote host using nc 
> (netcat). On remote host, configured xinetd to run a script which will 
> read the command line sent by nc, parsed it and executed ./check_disk 
> plugin.
>
This is such a bad idea - you need to change that, seriously. The 
chances of you making even the most subtle security coding mistake in 
the way you are doing that means that someone will likely own one of 
your boxes if they find out (and you've just told us as well - could I 
please come for a visit to your workplace? ;-)     ).

> Can the above problem be solved using check_by_ssh? If yes, i wish i 
> can understand how nagios will send warning emails or critical emails? 
> And if not the other option is nrpe... but then I will have to install 
> nrpe on every remote machine! is that assumption correct?

You can but check_by_ssh should be a last resort, nrpe and nsca are 
specifically written for this, and neither are difficult so I would 
recommend those first. You would have to install it on each machine, but 
if you are using a decent distribution (ie not rpm) then this is easy 
and maintainable and what I do.

If you have got nc on your servers, especially just for this, then you 
are making things easier for someone to backdoor you. You should not 
have such favourite hacker tools lying around on your servers if you can 
help it.

> Dilemma!!!!!! help
>
Looks like there is some new short doc on NRPE, read this 
http://nagios.sourceforge.net/docs/nrpe/NRPE.pdf then read up on NSCA as 
an alternative for passive checks, either will solve your dilemma properly.


-h

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list