On Thu, 2013-02-07 at 14:13 -0800, Matt Taggart wrote: > If this can't be solved, maybe we could recommend better > alternatives? The better alternative is using ssh with control channel multiplexing,... which is as fast as nrpe.
The only thing missing there was a restricted shell for the remote hosts where they can specify white (the check commands and their args) and blacklists (evil stuff like "*" or "..") in order to control the commands that the monitoring node may run (as they can do on a very, very, limited and insecure way with nrpe). Removing nrpe from testing is IMHO a bad idea... but I would suggest to add big fat warnings the nrpe is completely insecure. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
