Re: [Nagios-users] NRPE - command arguments, security?
Thanks Andy, makes sense now. I have implemented the 3 security features you suggested so I will keep using it this way. chiel - Original Message - From: "Andy Shellam" <[EMAIL PROTECTED]> To: "chiel" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, April 10, 2007 4:12 PM Subject: Re: [Nagios-users] NRPE - command arguments, security? > Certainly. > Imagine you have this command in your nrpe.cfg file: > > command[check_disk]=/usr/local/nagios/libexec/chec_disk -p $ARG1$ > > and you want to pass "/usr" as the parameter to check the disk space > available to the /usr directory. > Now, imagine some rogue has discovered you're running NRPE on your server, > connects to it, and sends the command check_disk with "/usr && rm -rf /" > as the argument. > > NRPE will pass out to the shell the command > "/usr/local/nagios/libexec/chec_disk -p /usr && rm -rf /" > which will cause it to run the plugin, then erase the entire contents of > your server's file system. > > To be fair, I think it's only a risk if your server is wide open in other > ways, such as: > > - NRPE allowing any host to connect to it > - No firewall restrictions > - sudo security really permissive > > etc. So if you know that only your Nagios server can connect to Nagios > (restricted by firewalls and allowed_hosts in nrpe.cfg) I think, with a > bit of extra attention paid to command definitions, you'll be OK. But > that's just my opinion. > > Note you also have to have compiled NRPE with an extra option to allow > command arguments (./configure --enable-command-args) as well as setting > the option in the config file. > > Andy. > > > chiel wrote: >> Hi all, >> I have just implemented some NRPE servers and I want to allow "command >> arguments" with nrpe. >> In the security readme form nrpe I see that this is a security issue and >> you must set "dont_blame_nrpe" (only the argument name already...). >> The only thing is that I don't see any reason in the docs why this is so >> dangerous. Can somebody please explain? >> chiel >> !DSPAM:37,461b98af89291579711602! >> >> >> - >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net's Techsay panel and you'll get the chance to share >> your >> opinions on IT & business topics through brief surveys-and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> >> !DSPAM:37,461b98af89291579711602! >> >> >> ___ >> Nagios-users mailing list >> Nagios-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/nagios-users >> ::: Please include Nagios version, plugin version (-v) and OS when >> reporting any issue. ::: Messages without supporting info will risk being >> sent to /dev/null >> >> !DSPAM:37,461b98af89291579711602! >> - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] NRPE - command arguments, security?
Certainly. Imagine you have this command in your nrpe.cfg file: command[check_disk]=/usr/local/nagios/libexec/chec_disk -p $ARG1$ and you want to pass "/usr" as the parameter to check the disk space available to the /usr directory. Now, imagine some rogue has discovered you're running NRPE on your server, connects to it, and sends the command check_disk with "/usr && rm -rf /" as the argument. NRPE will pass out to the shell the command "/usr/local/nagios/libexec/chec_disk -p /usr && rm -rf /" which will cause it to run the plugin, then erase the entire contents of your server's file system. To be fair, I think it's only a risk if your server is wide open in other ways, such as: - NRPE allowing any host to connect to it - No firewall restrictions - sudo security really permissive etc. So if you know that only your Nagios server can connect to Nagios (restricted by firewalls and allowed_hosts in nrpe.cfg) I think, with a bit of extra attention paid to command definitions, you'll be OK. But that's just my opinion. Note you also have to have compiled NRPE with an extra option to allow command arguments (./configure --enable-command-args) as well as setting the option in the config file. Andy. chiel wrote: > Hi all, > > I have just implemented some NRPE servers and I want to allow "command > arguments" with nrpe. > In the security readme form nrpe I see that this is a security issue > and you must set "dont_blame_nrpe" (only the argument name already...). > > The only thing is that I don't see any reason in the docs why this is > so dangerous. Can somebody please explain? > > chiel > > > > !DSPAM:37,461b98af89291579711602! > > > - > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > !DSPAM:37,461b98af89291579711602! > > > > ___ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > !DSPAM:37,461b98af89291579711602! > - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] NRPE - command arguments, security?
Hi all, I have just implemented some NRPE servers and I want to allow "command arguments" with nrpe. In the security readme form nrpe I see that this is a security issue and you must set "dont_blame_nrpe" (only the argument name already...). The only thing is that I don't see any reason in the docs why this is so dangerous. Can somebody please explain? chiel - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null