The security risks are that there is a potential for remote command execution on the system. This is exactly the section I was refering to.
Greg Pangrazio pangr...@gmail.com On Tue, Dec 8, 2009 at 11:41 AM, ReynierPM <rper...@uci.cu> wrote: > Greg Pangrazio wrote: >> >> I use commands similar to what you are doing, did you enable command >> processing from remote submissions? > > What you mean with "command processing remote submissions"? I can't > understand this part. > >> In the windows version it says something about "don't blame me" > > I don't know what you mean with "windows version" but I found this line: > > # COMMAND ARGUMENT PROCESSING > # This option determines whether or not the NRPE daemon will allow clients > # to specify arguments to commands that are executed. This option only > works > # if the daemon was configured with the --enable-command-args configure > script > # option. > # > # *** ENABLING THIS OPTION IS A SECURITY RISK! *** > # Read the SECURITY file for information on some of the security > implications > # of enabling this variable. > # > # Values: 0=do not allow arguments, 1=allow command arguments > > dont_blame_nrpe=0 > > So if I enable thi, which are the main security risks? > -- > Cheers > ReynierPM > ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
