check-ping

Andreas Ericsson ae at op5.se
Tue Jul 15 10:51:37 CEST 2008


Jay R. Ashworth wrote:
> On Mon, Jul 14, 2008 at 01:54:03PM +0200, Andreas Ericsson wrote:
>> Jeff Koch wrote:
>>> Thanks for your help. When we ran ping as nagios it bombed. Permissions on 
>>> ping needed to be set SUID root so that an ICMP socket could be opened. We 
>>> had changed that for security reasons. We'll make nagios sudo root for 
>>> ping. That should solve the problem.
>> Changing /bin/ping to not be suid root for security reasons and then changing
>> Nagios to be suid root to fix a problem this causes seems more than just a
>> little backwards to me.
> 
> I've left Jeff's quote in so you can see, Andreas, that you misread
> him.  He didn't say "SUID root".  He said sudo -- he plans to set the
> nagios Linux user up so it can sudo to run ping as root.
> 

Ah, right. Having had some driver issues for my laptop lately, I foolishly
joined the linux-kernel mailing list. A payload of 1000 non-spam emails
is now hitting my inbox on a daily basis, causing me to only half-read
pretty much everything.

> Seems sensible to me.
> 

Still, I'm not convinced. sudo is a different can of worms entirely,
and not nearly as secure as many people seem to think. Although the
attack vector is strictly local, it's large enough to be a greater
worry to me than running a small, much-audited program suid root.

Ah well. To each his own, I guess.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list