check time syncronization

Hari Sekhon hpsekhon at googlemail.com
Fri Feb 22 10:22:35 CET 2008


mark.potter at academy.com wrote:
>
> This is patently untrue. NRPE opens a new port and introduces new 
> processes to an environment. This has to be vetted through all 
> security testing and that can take months at some companies only to 
> have it fail because they do not understand it. If they are admining 
> Linux boxes already I am betting they have ssh running in the 
> environment and properly locked down at many levels. SSH may be more 
> powerful than NRPE as far as what could happen but it is also running 
> in a lot more places. It is an alternative if you can't get NRPE 
> approved. The final statement is false as well. "If you can't use 
> nrpe, then you certainly can't give out ssh access". I can assure you 
> that there are many environments where the security admins are more 
> concerned about introducing new processes that use open ports than 
> they are about giving out ssh access when properly locked down. It is 
> really very simple to allow ssh access by IP and chroot the nagios 
> user making ssh no more of a risk than nrpe and not introducing a new 
> "threat" into the farm. The security admins are likely wrong but they 
> are also the ones calling the shots in many cases.
>
> >
> > Also, I'm not sure it's worth writing any wrapper, since any which way
> > you'd still need a remote execution mechanism. By the time you have any
> > remote execution mechanism, then surely you should use the standard
> > check_ntp plugin...
>
> You don't need a remote execute mechanism:
> HOST-RESOURCES-MIB::hrSystemDate.0
I already mentioned SNMP...
> I was referring to writing a wrapped for snmp checks. 
Ok I must have misunderstood, you didn't mention what type of wrapper 
you were talking about, you mentioned ssh, then writing a wrapper and 
there was mention of snmp in your email.
> Amazing that you suggest using snmp. I highly doubt nsca can be used 
> if nrpe cannot. SNMP or SSH are likely the only options for the 
> scenario as presented.
I don't understand how it's amazing to suggest snmp... you did the same 
afterwards...
I'm losing something in translation here, but never mind. Let's let it rest.

The OP has a good range of options now: SNMP, NSCA, SSH etc.

Thanks

-h

-- 
Hari Sekhon


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list