From: Jeff S. <tra...@sm...> - 2004-10-29 18:52:22
|
On Friday 29 October 2004 01:27 pm, Dan Stromberg wrote: > check_by_ssh of course, isn't vulnerable to replay attacks. But if we > set up passwordless, passphraseless accounts on all of our systems for > check_by_ssh, that's a sort of problem in itself, since that account > could (normally) run any command it wanted to. > > check_snmp is subject to replay attacks, but it's relatively limited in > what it can do. > > So I guess my question is: Is there a form of restricted shell that > would work conveniently with check_by_ssh, that would allow only a short > list of sanitized plugins to run? I thought this was the point behind check_nrpe? Jeff |