[hobbit] client file check

Brand, Thomas R. TRBrand at cvs.com
Mon Jul 6 22:30:38 CEST 2009


> -----Original Message-----
> From: dOCtoR MADneSs [mailto:doctor at makelofine.org]
> 
> You could try something like this :
> in local-client.cfg add a section for this host :
> [my_host]
> file:`sudo ls /your/file`
> and in hobbit-clients.cfg add a line in your host section :
> HOST=my_host
> FILE /your/file YOUR_SWITCHES
> 
> anyone disagree with it ?

Somewhat of a security risk; when using sudo, I recommend using 
full path to the executable: 
sudo /bin/ls /your/file

and in your /etc/sudoers file:

# Hobbit may run /bin/ls but flags are not allowed
hobbit   ALL = NOPASSWD: /bin/ls [!-]*


t09trbrxs# su - hobbit
hobbit at t09trbrxs:~> sudo /bin/ls /root/.ssh/authorized_keys
/root/.ssh/authorized_keys
hobbit at t09trbrxs:~> sudo /bin/ls --color=always
/root/.ssh/authorized_keys
hobbit's password:
hobbit at t09trbrxs:~>



More information about the Xymon mailing list