Hi! On Fri, 24 Aug 2007, Russell Adams wrote: > The argument was always SNMP (inferring v1), versus NRPE. I've been an > advocate of using SNMP because there was little client software to > maintain.
I prefer NRPE over SNMP (no matter what version) for a two simple reasons: 1) Code complexity. An SNMPd is a hell of a lot more complex than the NRPE daemon. As we always forbid param passing to NRPE, the plugins aren't really exposed to the client. 2) Vectors. An SNMPd has code in place to change stuff on the machine it runs on. No matter how tight your security setup is, the code is there and a slipup in security might leave you vulnerable. NRPE just execs stuff which has been preconfigured. Barring a nasty buffer overflow, you have no "write" access to the machine - and then, a buffer overflow might happen to an SNMPd, too. That said, the only disadvantage of NRPE (security-wise) I can see is that probably more people look at and dissect snmp daemons than NRPE. But NRPE is smaller, so that may compensate. Just my EUR0.02, Tobias PS: As for the "should SNMP travel across insecure nets, I'll also point to those more knowledgable in SNMP. I'm lucky: I don't have to check remote machines. -- In the future, everyone will be anonymous for 15 minutes. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
