Am 06.06.2013 21:10, schrieb Rainer Duffner: > Do you have any details? The german notice sounds like someone broke > into their nagios system, but not necessarily by a nagios backdoor. Sven We know very little, but from the nagios architecture I would rather suspect there is a security flaw in a check script than in the nagios core. The checks are the tools that contact other servers, not the nagios core. And a check script can be anything, e.g. a self-written shell script using a root login and called from the nagios core with a password in plain text. I think we shoud wait until we know more about the attack vectors before speculating in the wild.
Regards jakob curdes ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
