_warn_ssloption.dpatch
#! /bin/sh /usr/share/dpatch/dpatch-run ## 07_warn_ssloption.dpatch by Thijs Kinkhorst <thijs@debian.org> ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Warn against inadequateness of NRPE's own SSL option. Gbp-Pq: Name 07_warn_ssloption.dpatch
This commit is contained in:
parent
df777ff68c
commit
e222db65fc
11
SECURITY
11
SECURITY
|
@ -93,14 +93,17 @@ ENCRYPTION
|
|||
----------
|
||||
|
||||
If you do enable support for command arguments in the NRPE daemon,
|
||||
make sure that you encrypt communications either by using:
|
||||
|
||||
1. Stunnel (see http://www.stunnel.org for more info)
|
||||
2. Native SSL support
|
||||
make sure that you encrypt communications either by using, for
|
||||
example, Stunnel (see http://www.stunnel.org for more info).
|
||||
|
||||
Do NOT assume that just because the daemon is behind a firewall
|
||||
that you are safe! Always encrypt NRPE traffic!
|
||||
|
||||
NOTE: the currently shipped native SSL support of NRPE is not an
|
||||
adequante protection, because it does not verify clients and
|
||||
server, and uses pregenerated key material. NRPE's SSL option is
|
||||
advised against. For more information, see Debian bug #547092.
|
||||
|
||||
|
||||
USING ARGUMENTS
|
||||
---------------
|
||||
|
|
Loading…
Reference in a new issue