[Nagiosplug-devel] Checking for unknown NIS servers?

[John P. Rouillard]

In message <43F0BF02.6070005 at op5.se>, Andreas Ericsson writes:
>C. Bensend wrote:
> [some other attributions lost in response]
>>>contact the individual addresses?  my assumption was that for
>>>NIS broadcasting you simply put some noise on the wire, and any
>>>masters on the local network segment responded.
>> Personally, I need something like:
>> 
>> check_nis -d domain1,domain2 -x -s server1,server2
>> 
>> ... that will return a non-OK value if any _more_ servers respond,
>
>And this is where the trouble lies. How long should we wait for any 
>other server to respond, and how many broadcasts should we send?
>
>> other than server1 or server2, such as an unintentional or rogue
>> server3 answering the broadcast.
>> 
>> I know I can't code it, but I could certainly help test it if
>> someone were to take a shot.  :)
>A much better way is to set up a daemon which listens to broadcasts and 
>shouts out loud if it hears one from the wrong server.

IIRC the client broadcasts for the server. The server replies using
the client's IP address. So it's not a broadcast response but a
niswatch (doesn't look like google knows of a niswatch that does this)
type daemon (sort of like arpwatch) would work if you have a port on
your switches than can be used to monitor all traffic looking for the
response.

You can probably cobble something together from tcpdump and nagios
passive service results.

>You still have to 
>implement the NIS protocol (partially) but you can get rid of the 
>problem of having plugins run with elevated privileges and determining 
>how long to wait.

Well you can use regular network NIS traffic as your probe and just
look for incorrect responses.

				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.