We're implementing some WMI based checks on a new XI install, we've found that the WMI method exposes clear text passwords in both the authfile or resource.cfg file when using user macros. When running a "ps -ef" these are also exposed to all users from the Linux shell. We have implemented openssl encrypt/decrypt within the perl script however this still shows in the "ps -ef" output where the perl script executes the wmic commands, this shows it in 2 instead of 3 of the command outputs now. Has anyone got a solution to this problem that our InfoSec team has with this risk.
Code: Select all
$ grep password check_wmi_plus.pl
our $opt_password=`/bin/openssl rsautl -decrypt -inkey /home/nagios/nagiosxi_priv.pem -in /home/nagios/svcNagios.encrypt`;
Code: Select all
nagios 14190 14187 0 14:11 pts/1 00:00:00 /usr/bin/perl -w /usr/local/nagios/libexec/check_wmi_plus.pl -H hostname -u DOMAIN/USER -d -m checkcpu -w 80 -c 90
nagios 14267 14190 0 14:11 pts/1 00:00:00 sh -c /usr/bin/wmic '-U' DOMAIN/USER%PASS' '--namespace' 'root/cimv2' '//hostname' 'select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"' 2>&1
nagios 14271 14267 0 14:11 pts/1 00:00:00 /usr/bin/wmic -U DOMAIN/USER%PASS --namespace root/cimv2 //hostname select PercentProcessorTime,Timestamp_Sys100NS from Win32_PerfRawData_PerfOS_Processor where Name="_Total"