On Fri, 2006-10-13 at 08:31 +0200, Henrik Stoerner wrote:
On Thu, Oct 12, 2006 at 04:00:41PM -0400, Schwimmer, Eric E *HS wrote:
2. The possibility that someone might compromise one machine running a
hobbit client and use that machine to send false reports or DOS the
hobbit server.
Someone with access to a machine with the Hobbit client could still run
the "bb" program and send in a status report. Unless you protect the client-side certificate with a passphrase that is kept only in memory - i.e. you'll have to enter it on the console whenever the machine is rebooted or the Hobbit client is restarted - then an attacker will have access to the client certificate, and therefore he can send forged data to the Hobbit server.
The client certificate does provide authentication, though - so you know
what server the (forged) data originates from. And rogue clients - i.e.
anyone with a network connection to your Hobbit server - are kept out.
But you could use the client certificates to limit who can send updates
for a particular host. Thus bar.example.com could not send a status
message for foo.example.com. That would go a long way to solving Eric's
problem.
You would still need some sort of method for trusted proxies - for
example, I run bb-mrtg which provides updates for 600 "hosts" that can't
report on their own.
--
Daniel J McDonald, CCIE #2495
Linux mcdonalddj-dc.austin-energy.net 2.6.17-5mdv #1 SMP Wed Sep 13
14:32:31 EDT 2006 i686 Intel(R) Pentium(R) 4 CPU 3.40GHz GNU/Linux