Hi Alex
On Sat, Feb 23, 2013 at 01:17:03PM +0100, Alexander Wirt wrote:
> On Sat, 23 Feb 2013, Salvatore Bonaccorso wrote:
>
> > Hi Alex, Hi Thijs
> >
> > I was looking trough the bugs for nagios-nrpe, and noticed #547092
> > where there was an upload to address it, but the bug was not closed.
>
On Sat, 23 Feb 2013, Salvatore Bonaccorso wrote:
> Hi Alex, Hi Thijs
>
> I was looking trough the bugs for nagios-nrpe, and noticed #547092
> where there was an upload to address it, but the bug was not closed.
>
> I wondered if this was intentional, als the original issue is "only"
> addressed
Hi Alex, Hi Thijs
I was looking trough the bugs for nagios-nrpe, and noticed #547092
where there was an upload to address it, but the bug was not closed.
I wondered if this was intentional, als the original issue is "only"
addressed by making clear in the documentation where the issues are.
Rega
On Sun, 10 Feb 2013, Thijs Kinkhorst wrote:
> Hi Alex,
>
> > > All agreed... but would you consider to add some big warnings about that
> > > fact? :)
> > Thats something for the release notes or readme.debian. Feel free to send a
> > patch.
>
> I do not believe the issue should mean that NRPE
On Sun, 10 Feb 2013, Thijs Kinkhorst wrote:
> Hi Alex,
>
> > > All agreed... but would you consider to add some big warnings about that
> > > fact? :)
> > Thats something for the release notes or readme.debian. Feel free to send a
> > patch.
>
> I do not believe the issue should mean that NRPE
Hi Alex,
> > All agreed... but would you consider to add some big warnings about that
> > fact? :)
> Thats something for the release notes or readme.debian. Feel free to send a
> patch.
I do not believe the issue should mean that NRPE is so critically flawed that
it should be removed from Wheez
On Fri, 08 Feb 2013, Christoph Anton Mitterer wrote:
> On Fri, 2013-02-08 at 00:26 +0100, Alexander Wirt wrote:
> > In fact nothing is new here and security wouldn't change much with different
> > keys. The implementation ist just broken. But if you have an idea to improve
> > it, feel free to sen
Off topic but...
Hi Michael
On Fri, 2013-02-08 at 00:55 +0100, Michael Friedrich wrote:
> i've tried the idea of the ssl x509 patch in an unofficial nrpe fork.
> lives in git here, until it dies, and will never get released, so
> beware: https://git.icinga.org/?p=icinga-irpe.git;a=summary
If no
On Fri, 2013-02-08 at 00:26 +0100, Alexander Wirt wrote:
> In fact nothing is new here and security wouldn't change much with different
> keys. The implementation ist just broken. But if you have an idea to improve
> it, feel free to send a patch. (as long as it doesn't make nrpe incompatible
> to
On 08.02.2013 00:31, Markus Frosch wrote:
Just my 2 cents (without any hat on):
TLS integration in NRPE was broken from the beginning and more or less
by design.
The "real" and only security feature is to configure a appropriate
allowed_hosts list, which might be enough security for internal
ne
Just my 2 cents (without any hat on):
TLS integration in NRPE was broken from the beginning and more or less
by design.
The "real" and only security feature is to configure a appropriate
allowed_hosts list, which might be enough security for internal
networks in respect of TCP sessions.
Question
On Thu, 07 Feb 2013, Matt Taggart wrote:
> As pointed out in a previous message to the bug, #547092
> "nagios-nrpe-server: Insecure 'SSL' option, key identical for all
> debian systems" is severity grave due to the security problem it
> introduces in the service (but not critical since the problem
On Thu, 2013-02-07 at 14:13 -0800, Matt Taggart wrote:
> If this can't be solved, maybe we could recommend better
> alternatives?
The better alternative is using ssh with control channel
multiplexing,... which is as fast as nrpe.
The only thing missing there was a restricted shell for the remote
As pointed out in a previous message to the bug, #547092
"nagios-nrpe-server: Insecure 'SSL' option, key identical for all
debian systems" is severity grave due to the security problem it
introduces in the service (but not critical since the problem is
limited to the nrpe service). I have adjusted
14 matches
Mail list logo
