On Wed, 2015-05-27 at 16:58 +0100, Colin Watson wrote: > Nagios is fine if you're running a server farm. It's useless if your > purpose is to perform friendly probing of a large heterogeneous network > most of which consists of desktop-type systems not run by professional > sysadmins. We have thousands of nodes at the university,.. within clusters, as workstations and dedicates experiment servers... For none of them we use the Banner to determine whether it's up to date... is the banner not even secured? If not this would be completely useless to check whether an installation is "secure" as an attacker could simply try to forge the banner. Anyway... even for desktop nodes there are better ways (including nagios and loads of other apt notifiers/etc.) to keep software up to date... Anyway... I don't think this is that much of an security issue - but since there could be attacks where it's helpful to know the exact version in order to save time... better remove it than being sorry later. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature