Hi calebh, thanks for writing all this up.
Just to say, I've been looking into alternative ways of doing this, which don't need xinetd or the filter cronjob.
One way is to add an SSH key to the User's Authorized Keys, e.g.
`restrict,command="/opt/bin/check_mk_agent" ssh-rsa AAAAB...`
And then set up an Agents > Other integrations > Individual program call instead of agent access rule, like: ssh admin@$HOSTADDRESS$ -i mysshkey
(Some more parameters might be needed to disable TTY or something, I can't remember.)
I've decided against this approach though, because the SSH connections end up spamming the System Logs.
I think a better way is to create a simple .php file that calls the agent:
/usr/local/www/check_mk_agent.php
<?php
header('Content-Type: text/plain; charset=utf-8');
system('/opt/bin/check_mk_agent');
?>
Then the Individual Program Call should look something like:
curl -ks https://$HOSTADDRESS$/check_mk_agent.php
It would be possible to modify the PHP to add some more security, perhaps some IP address filtering or to check for a secret parameter. But even without those steps, it at least has the advantage of encrypting the traffic over SSL so it can't be read by third parties.
Note, this will end up spamming the nginx log (System > GUI Service). Arguably that's better than spamming the System Log, but may still not be appreciated.
