Re: Query on OS hardening

[John Adams <jna () retina net>]

On Thu, 20 Feb 2003, Carson Gaspar wrote:

> Ah yes... and how much CPU do you have to spare for SSH session setup (on 
> both the systemn being monitored and your monitoring server)? And how often 
> do you want to collect the data? Doing this correctly requires something 
> better than:
>
> result="`ssh server-to-monitor test-script`"
>
> At least, it does if you want it to scale.

Enh, don't knock this approach. We had 9700 machines on (an unnamed large
Internet Search company's) Search Cluster running this sort of a solution
plus some custom code to fork multiple ssh processes when things needed to 
get done quickly.

I've also used similar solutions with Orca (for collection of host
statistics) and RRDTool. You need to determine how many hosts you really
want to support, and then how many machines you'll be connecting to. The
SSH connection and startup expense is far outweighed by the advantages you
receive -- encrypted connections, non-repudiation, and control over the
connection.

-john

-- 
J. Adams                                        http://www.retina.net/~jna

The secret of knowing where you are, is knowing what time it is. -- Anonymous


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards