What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Can we execute SSH script from another location than the default?

Votes:

0

Hello,

One of my server is a third party managed linux server. For this reason I do not have access, nor can I create a /var/prtg/scripts folder on that machine.

Is there a way I can use the SSH script sensor from another location (like user root directory) on the machine than the default one?

custom-sensor default ssh ssh-script

Created on Jul 16, 2018 1:48:48 PM



6 Replies

Votes:

0

Dear webmaster_mooji,

the folder cannot be changed. This is a security measure. No other folder is supported as PRTG wants to make sure that one cannot execute code on a computer without having write access for /var.

Created on Jul 16, 2018 4:53:51 PM by  Arne Seifert [Paessler Support]



Votes:

0

Though I understand that, somehow it disables the ssh sensor possibility for all of us who have (strictly) managed servers.

Besides, if I have ssh access to the server, and can run the script as I please, what's the added security of locking PRTG possibility to only /var?

Created on Jul 16, 2018 5:02:23 PM



Votes:

0

Dear webmaster_mooji,

yes, the approach of PRTG disables that for servers managed by a third party. We rather have this limitation than possibilities for a security weakness through PRTG. (PRTG cannot block you from manually logging in via SSH, but it is strict about running scripts via the SSH Script sensor.)

A workaround would be to run a powershell locally through the Exe/Script sensor, which then connects via SSH to a remote machine.

Created on Jul 17, 2018 2:32:02 PM by  Arne Seifert [Paessler Support]



Votes:

0

Hello,

could you please answer the last question of "webmaster_mooji": "what's the added security of locking PRTG possibility to only /var?"

You are breaking Unix-conventions with this approach. The "/var"-Directory should only contain files to which the system writes data during the course of its operation.

I do not see any security-imrovements with this approach but only more comfort in implementing the sensor.

Best regards, Uwe

Created on Nov 25, 2019 2:58:37 PM



Votes:

0

Dear Uwe,

we picked /var because of its default access rights being 755. Everyone can execute, but only root can write, meaning putting a script there.

Supporting just one directory allow us to keep the SSH Script sensor interface simple.

Created on Nov 25, 2019 6:07:03 PM by  Arne Seifert [Paessler Support]



Votes:

0

Dear Arne,

just a hint: the "/opt" - directory has exactly the same default permissions (0755).

But I agree - its to much effort to change it for existing installations.

Created on Nov 28, 2019 9:02:56 AM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.