[Nagiosplug-devel] Security discussion - don't run as root plugins
Hendrik Bäcker
andurin at process-zero.de
Fri Jul 18 20:46:27 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi List,
just a few moments ago I've read a question by a user if it would be a
problem to run the nagios plugins with root right via check_by_ssh.
Yes - I laughed too as I read that. But in the following discussion it
clears up - they already have a spreaded root ssh key on most of their
systems and are to lazy to establish an unprivileged 'nagios' user on
their systems - so they would run them as root.
I know, security awareness should be part of the persons who are using
the tools, scripts and programs - but 80% of security holes came from
people who didn't know what they are doing.
Without starting a flame on this topic I would like to ask what do you
think of some security benefits like:
* don't run the code if UID is 0: Hard but effective - check uid and
abort with a warning.
* try to drop the privileges to the givven user by the configure run as
a hard coded option
I am not stupid enough to run my plugins with root privileges - but
there are thousand of users out their who won't know what they're doing.
Regards,
Hendrik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIgOUDlI0PwfxLQjkRAse1AJ9BXDL40w3UgztEgOjBGWkkiC2DowCfYdlZ
/ycNK7edoC7q1ehWNo//LvM=
=dBD2
-----END PGP SIGNATURE-----
More information about the Devel
mailing list