Tedman Eng wrote: > Nice script, but one disadvantage is that it's terribly insecure.
Yep, that's why I wrote - "use it on trusted machines" :) > All our remote hosts' ssh keys are locked down to allow execution of > restricted commands only. That way, if our Nagios server is somehow > compromised, we don't need to worry about every remote host being at risk as > well. The worst thing an attacker could do is DOS the remote machines with > a flood of monitoring queries. Well, for me it's more likely that remote hosts are compromised (although not very probable, as nagios server nor remote hosts don't even have public IPs). > That said, you could also just pipe the script contents directly over the > ssh connection into bash and skip creation of the temp script altogether. You can pipe the script, but for binaries (most nagios plugins), you can't do it. -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
