About this list Date view Thread view Subject view Author view Attachment view

From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Fri 04 Jun 2004 - 18:35:00 BST


> > you insisted that I must run snmpd in my server, I'd balk.
> The SNMPD application is supposed to run on the host, not within
> the vserver itself... That, I agree, would be a security threat, and an
> unnecessary resoource allocation.
 Actually THAT is a real security threat. I run snmpd only within vservers,
you shouldn't put such complicated and historically vulnerable app on host
itself.

> It works great, I agree, however, SNMP is a generic and proven way
> to do monitoring of a wide variety of devices (routers, servers,
> switches, etc.)
 It is proven that you should run it only on private networks (if you can)

> monitoring as well... Monitoring is done via SNMP, why not do the
> management via SNMP as well ?
 Because, although it was fashionable to do so some time ago ( just like
now it's fashionable to do management via embedded http-servers ), doing
management via SNMP is not that secure ( and not that simple to implement).

 Hmm, there is another issue here - if you already use app like HP Open
View to do your other management, then putting it in control of vservers
might be the wisest choice.

-- 
Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9
We're giving you a new chance in life, and an opportunity
 to screw it up in a new, original way.
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 04 Jun 2004 - 18:35:25 BST by hypermail 2.1.3