On Thu, 28 Feb 2002, Johan Jacobsson wrote: > I am using netsaint_statd on a debian machine and I would like to know > what I am doing, eg what security holes may this create? > As I understand it, the netsaint_statd deamon makes it possible to > extract information about CPU load, disk usage, memory load etc. > Is this a security problem? > Has anyone heard about security holes in netsaint_statd 2.13? The web > page maintaining it is not so informative...
Hi, I'm the package maintainer for netsaint_statd, and I also run it at pretty large installation at work. Basically what you're doing is this: Plugins on the Netsaint server attach to netsaint_statd, which is a perl daemon listening on port 1040. The daemon, by default will accept connections from anywhere, but this can be changed by editing @allowed_hosts in the netsaint_statd script itself (this will be changed to a configuration file once I can get with upstream and agree on how to do it). The daemon is pretty well written, IMO, in that you can only ask it to run "labels of commands" - the command itself is hardcoded into the daemon - and the arguments are checked for validity, so it's not as if you can pass in "disk /dev/sda3 ; rm -rf /." Also, the netsaint_statd daemon runs as nobody. (I once saw an installation where it was running as root - yikes!) Now, all of that information is flowing around in cleartext. But there is no sort of password/handshake going on, just request and response. The response can contain things like file system utilizations, whether or not a process is running, system load, the current number of users, and the version of netsaint_statd. If you believe this information is sensitive then you should consider some sort of tunnel or VPN as was suggested in a previous posting (FreeSWAN with opportunistic IPsec seems like a great way to do this), or use something else to collect this information. Someone else posted a message about using nrpe with ssh. This is a good approach (if you don't mind keys without passwords). In some larger installations, I've used netsaint_statd to perform most of the service checks, and then configured event handlers to use ssh to log in to the endpoint and then sudo to take some action based on the state of the service check. Anyway, I'm slowly drifting off-topic here... netsaint_statd alone is pretty safe unless you don't like the idea of folks being able to sniff out the amount of disk space you have free. tony <[EMAIL PROTECTED]>
