Re: [Nagios-devel] Re: Security Concerns about the nsca daemon
Posted: Wed Feb 22, 2006 2:08 am
Marc Haber wrote:
> On Mon, Feb 20, 2006 at 10:48:51PM +0100, Marc Haber wrote:
>
>>I'm having a headache about using nsca to receive passive service
>>checks.
>
>
> And while we're at it, nsca should use tcp-wrappers itself so that it
> can be tcp wrapped without having to add inetd to possible attack
> vectors.
>
Nopes. I could implement some basic tcp-wrappers-like thing in the nsca
core, but I won't make it use tcp-wrappers. It'd be much better to do
some simple firewalling anyway.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> On Mon, Feb 20, 2006 at 10:48:51PM +0100, Marc Haber wrote:
>
>>I'm having a headache about using nsca to receive passive service
>>checks.
>
>
> And while we're at it, nsca should use tcp-wrappers itself so that it
> can be tcp wrapped without having to add inetd to possible attack
> vectors.
>
Nopes. I could implement some basic tcp-wrappers-like thing in the nsca
core, but I won't make it use tcp-wrappers. It'd be much better to do
some simple firewalling anyway.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]