On Thu, Oct 16, 2008 at 09:17:58PM +1100, Edwin Groothuis wrote: > > The nrpe daemon that handles the script runs as the "nagios" user and > > the command needed is camcontrol: > > First lines of the check_ciss.sh command: > > #!/bin/sh > > if [ $(whoami) != "root" ]; then > sudo $* > fi > > And allow in sudoerrs.conf the nagios user to run the check_ciss.sh > command without passwords. > > Works fine here for years :-)
Wow... all I can say. Wow. This is a *humongous* security hole. So what happens when someone finds a security hole in Nagios, allowing them to modify files or run checks with arguments of their choice? For a good time: check_ciss.sh camcontrol format da0 -y Yeah, uh, that script should be nuked. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"