On Fri, 2006-10-13 at 08:31 +0200, Henrik Stoerner wrote:
On Thu, Oct 12, 2006 at 04:00:41PM -0400, Schwimmer, Eric E *HS wrote:
- The possibility that someone might compromise one machine running a hobbit client and use that machine to send false reports or DOS the hobbit server.
Someone with access to a machine with the Hobbit client could still run the "bb" program and send in a status report. Unless you protect the client-side certificate with a passphrase that is kept only in memory
- i.e. you'll have to enter it on the console whenever the machine is rebooted or the Hobbit client is restarted - then an attacker will have access to the client certificate, and therefore he can send forged data to the Hobbit server.
The client certificate does provide authentication, though - so you know what server the (forged) data originates from. And rogue clients - i.e. anyone with a network connection to your Hobbit server - are kept out.
But you could use the client certificates to limit who can send updates for a particular host. Thus bar.example.com could not send a status message for foo.example.com. That would go a long way to solving Eric's problem.
You would still need some sort of method for trusted proxies - for example, I run bb-mrtg which provides updates for 600 "hosts" that can't report on their own.
-- Daniel J McDonald, CCIE #2495 Linux mcdonalddj-dc.austin-energy.net 2.6.17-5mdv #1 SMP Wed Sep 13 14:32:31 EDT 2006 i686 Intel(R) Pentium(R) 4 CPU 3.40GHz GNU/Linux