[smokeping-users] Slave-Master security
Gregory Sloop
gregs at sloop.net
Wed Mar 20 05:24:11 CET 2013
Ok, so I've setup a test master-slave config, and the basic config
looks good.
So, I suppose this is essentially off-topic, but I'm wondering about
hardening the communications between a master and a slave.
In my case, I'm thinking of having slaves that communicate over an
un-secure net [say the internet] back to the master.
I know the shared secret [PSK] for the slave-master protect [kinda] so
that an attacker can't stuff data into the SP master - but that
doesnt' address someone finding a hole in the CGI etc.
Essentially, if I let the world hit the smokeping.cgi, but only
prevent writes, that does noting to prevent others from looking at my
smokeping data [which I may not want to allow] or worse, attacking the
smokeping.cgi in an attempt to crack the master machine. [And from
what I can see, I can't easily use .htaccess files over https to
limit access, because the slaves don't grok that.]
This is obviously bad.
I've considered building VPN's or SSH tunnels between the slave(s) and
masters - but does anyone have any tried-and-true methods that are
perhaps less cumbersome - that I haven't considered?
-Greg
More information about the smokeping-users
mailing list