subject:"\[Nagios\-users\] nrpe arguments"

[Nagios-users] NRPE Arguments

2009-05-05 Thread Christopher McAtackney

Hi all,

I was wondering if someone could give a quick run-down of the security
issues surrounding argument passing to NRPE?

If my systems (including the monitoring server) are all going to be on
a trusted, internal network, and if I configure my NRPE agents to only
accept connections from my monitoring server, what other security
precautions should I take when using argument passing?

Cheers,
Chris

--
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

[Nagios-users] nrpe arguments

2006-03-09 Thread Toto Capuccino

Hi,I want to launch event hancler on a remote windows host. The active nagios checks are checking exchange IS, MTA and SA and i want services to be restarted if they stop.Event handlers are enabled.I see in eventlog [09-03-2006 10:43:28] SERVICE EVENT HANDLER: ussfrsv02;Exchange 
IS;CRITICAL;SOFT;3;restart_exchangeI put a service eventhandler in nagios 
services.cfg fileevent_handler   restart_exchangeand put a definition in miscommands.cfg fileEvent-Handlers#define command {    command_name restart_exchange


    command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c restart_exchange $SERVICESTATE$ $STATETYPE$ $SERVICEATTEMPT$    }I am wondering if the concept is ok. On the windows side the nrpe.cfg file got a definition for restart_exchange:
# Values: 0=do not allow arguments, 1=allow command argumentsdont_blame_nrpe=1command[restart_exchange]=C:\nrpe\bin\RestartExchangeServices.cmd $ARG1$ $ARG2$ $ARG3$
And my RestartExchangeServices.cmd file contains this and at least it works in command line@ECHO offIF %1 == 'HARD' GOTO :1 ELSE GOTO :999:1IF %2 == 'SOFT' GOTO :2 ELSE GOTO :999:2
IF %3 == '3' GOTO :3:3  net start MSExchangeISnet start MSExchangeMTAnet start MSExchangeSAECHO "Services Exchange IS, MTA ans SA have been started"REM EXIT exitCode 0GOTO :999
I commented the Exitcode because it dont see the need for eventhandler.Anyway it is not working at all :( I would greatly appreciate some thoughts, comments, help or solutions. -- Le bon sens est la chose du monde la mieux partagée.

RE: [Nagios-users] NRPE arguments

2006-01-31 Thread Steve Shipway


> Hi, I'm trying to pass arguments from one system to another 
> and am having some trouble. I have rebuilt nrpe with the 
> command-args option enabled, yet i am still getting "Error: 
> Request contained command arguments, but argument option is 
> not enabled" in our log entries.

For the NRPE daemon to accept arguments to the requested commands, you need
to do 3 things.

1) Compile NRPE with argument support.
2) Enable arguments in the nrpe.cfg (dont_blame_nrpe = 1)
3) Define the command with arguments in the nrpe.cfg

I suspect your problem is number (2).

This is disabled by default as it is a security problem.  If you enable
this, I strongly recommend you do all of the following:

1) Make sure that all NRPE command definitions have QUOTES around the
arguments, to prevent people sending metacharacters or spaces in the
parameters and cracking your system.  Very important.
2) Use the allowed_hosts option in the nrpe.cfg, or else tcpwrappers or
xinetd (unix), to restrict access to the daemon to only your nagios host.
3) Run the daemon as an unprivileged account created for this purpose only
(unix)

If you look into it for a short while, you will realise why this option is
disabled by default - and how much chaos you could cause on a system which
doesn't take these precautions.

Steve




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

RE: [Nagios-users] NRPE arguments

2006-01-31 Thread Marc Powell



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:nagios-users-
> [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
> Sent: Tuesday, January 31, 2006 1:12 PM
> To: nagios-users@lists.sourceforge.net
> Subject: [Nagios-users] NRPE arguments
> 
> Hi, I'm trying to pass arguments from one system to another and am
having
> some
> trouble. I have rebuilt nrpe with the command-args option enabled, yet
i
> am
> still getting "Error: Request contained command arguments, but
argument
> option
> is not enabled" in our log entries. I'm having some trouble finding
> documentaion on this, so any help would be awsome. Thanks in advance

>From the SECURITY file --

ENABLING ARGUMENTS
--

To enable support for command argument in the daemon, you must
do two things:

   1.  Run the configure script with the --enable-command-args 
   option

   2.  Set the 'dont_blame_nrpe' directive in the NRPE config
   file to 1.

Did you perform _both_ actions?

--
Marc 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue.
::: Messages without supporting info will risk being sent to /dev/null

[Nagios-users] NRPE arguments

2006-01-31 Thread jtrooney

Hi, I'm trying to pass arguments from one system to another and am having some
trouble. I have rebuilt nrpe with the command-args option enabled, yet i am
still getting "Error: Request contained command arguments, but argument option
is not enabled" in our log entries. I'm having some trouble finding
documentaion on this, so any help would be awsome. Thanks in advance

--
Jeff Rooney
[EMAIL PROTECTED]



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

[Nagios-users] NRPE Arguments

[Nagios-users] nrpe arguments

RE: [Nagios-users] NRPE arguments

RE: [Nagios-users] NRPE arguments

[Nagios-users] NRPE arguments

5 matches

Site Navigation

Mail list logo

Footer information