Brent Clark wrote: > Matthew Macdonald-Wallace wrote: > >> It's basically a firewall rule that states: >> > > See thats what i didnt want. > > Im sure we the same, in that we run very minimalistic (kernel tweaking > too) software installation / services (namely just http, ssh). But now I > have to go write a ruleset all for blocking a port. I was hoping that > the "allowed_host" (which from what I read is tcpwrapped), was good enough. > > Or am I missing something. > > Thanks > > Brent Clark > >
Hi Brent, It doesn't have to be a software firewall. I assume if you're running public-facing services, your servers are firewalled in some way, be it hardware, software or router-based? If not then you've got a bigger worry than NRPE being compromised. And if you are, well where's the harm in adding another rule to it? allowed_host does do the job, but it rejects the connection after it hits NRPE (i.e. it's rejected from within NRPE.) The firewall adds an extra layer of security, and prevents connection attempts from even reaching NRPE. I don't believe NRPE is by default tcpwrapped, see here: http://www.nagios.org/faqs/viewfaq.php?faq_id=101. Regards, Andy ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null