NRPE

[Andy Shellam]

Brent Clark wrote:
> Matthew Macdonald-Wallace wrote:
>   
>> It's basically a firewall rule that states:
>>     
>
> See thats what i didnt want.
>
> Im sure we the same, in that we run very minimalistic (kernel tweaking 
> too) software installation / services (namely just http, ssh). But now I 
> have to go write a ruleset all for blocking a port. I was hoping that 
> the "allowed_host" (which from what I read is tcpwrapped), was good enough.
>
> Or am I missing something.
>
> Thanks
>
> Brent Clark
>
>   

Hi Brent,

It doesn't have to be a software firewall.  I assume if you're running 
public-facing services, your servers are firewalled in some way, be it 
hardware, software or router-based?  If not then you've got a bigger 
worry than NRPE being compromised.  And if you are, well where's the 
harm in adding another rule to it?

allowed_host does do the job, but it rejects the connection after it 
hits NRPE (i.e. it's rejected from within NRPE.)  The firewall adds an 
extra layer of security, and prevents connection attempts from even 
reaching NRPE.  I don't believe NRPE is by default tcpwrapped, see here: 
http://www.nagios.org/faqs/viewfaq.php?faq_id=101.

Regards,

Andy

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null