Hi Eric: On Wed, Mar 10, 2010 at 7:37 AM, Eric Shubert <e...@shubes.net> wrote:
> That's great news to me. This was one of the questions I had when I > first learned about ganglia. > > I've recently begun using ganglia to monitor several vmware hosts and > guests, and am very much interested in this type of configuration. I > would like to keep the data collection on the vmware hosts/guests, but > run the frontend on a separate (remote) host. > > What are the security implications? >From the man page of rrdtool for "RRD Server": "NOTE: that there is no authentication with this feature! Do not setup such a port unless you are sure what you are doing." It does run rrdtool in a chroot (usually the root directory where your rrd files are located, i.e. /var/lib/ganglia/rrds), however, since there is no authentication, the port is basically wide open meaning out of the box folks on the network could do things like "ls" and "mkdir" in the root directory. It would be nice if we could add the functionality of restricting certain commands from being executed remotely, much like the -P feature of rrdcached. Cheers, Bernard ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Ganglia-general mailing list Ganglia-general@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general