Le vendredi 14 janvier 2011 à 09:52 +0100, nap a écrit : > Yes it's true. I'll update the "security" chapter of the > documentation. But with lazy admin, you can't have security. No matter > what the application does, the worse the admin is, the worse the > system will be :) > > With this way of working, they have crypted communication, but no > authentification. If they want it, they can have one of the best way > for it, x509 certificates. I won't do a mere ip filter for > un-security-aware admins :)
In fact, the ip filter idea was not for daemons (X509 is sufficient), but only for livestatus. > Beleve me, generate new certif is too easy : > > http://shinken-monitoring.org/wiki/ssl_certificates I know ;) > I'm wodnering if it should be a part of the automatic setup. Distro > can't do it I think (they use setup.py to have their files, not to > really install it). I don't know how others tools are doing this. > > ssh-server is able to generate x509 certificates? I thoug it was > special ones. If so, it can be a good thing :) That make me think about Prelude (NIDS) : when a Prelude sensor is started for the first time, it registers himself on its central Prelude daemon. The central daemon asks the sensor for a passphrase (that must be entered by the user sensor-side), and passphrase is correct, the central daemon generate and send an authentication token for the sensor (certificate). Perhaps such a thing could be sexy in the future, so you only create the CA on the arbiter (done by distro package why not), and all other steps (server certificates creation and distribution) are done automagically ? > The problem is that if we add a layer over livestatus, we should do it > with the official livestatus too, and ask the tools to update their > lib. It's possible of course, but it will ask some time. I didn't mean to add a new layer (event if it should be the best way), but only a better-than-nothing simple ip filter (like done in every Nagios agent) for example, so not much work I think, because adding a new layer will effectively break the compatibility with the original livestatus module. > (btw, your idea of passive configuration dispatching is very > good, > because arbiter -> scheduler will ne be always possible, this > will be > mandatory for some of my customers ^^) > Yes, with DMZ and co, the admin should be able to choose the connexion > way. It will not be easy, and the active way will still be the default > because it's more "natural", but passive is important :) Agree ;) Laurent ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Shinken-devel mailing list Shinken-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shinken-devel
