Hidding SNMP credentials from the process list

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
nicholashadaway
Posts: 31
Joined: Thu Sep 05, 2019 1:03 pm

Hidding SNMP credentials from the process list

Post by nicholashadaway »

I have a couple of custom plugins from the nagios exchange (perl scripts) which are doing well collecting data for me, but the problem is that the scripts are exposing SNMP authentication data (username, authpass and privpass) in the output of "ps".

I supply the arguments to the script via $USERXX$ macros which helps obfuscate things in the GUI but I haven't been able to find how some of the stock plugins censor the credentials in its commandline output. I have tried searching through nagios plugin development documentation but I have come up to a dead end.

Can you point me in the right direction for how I can mask output to ps so I am not exposing my SNMP authentication information?
User avatar
mbellerue
Posts: 1403
Joined: Fri Jul 12, 2019 11:10 am

Re: Hidding SNMP credentials from the process list

Post by mbellerue »

Unfortunately that's just how Linux works. If you have a new enough Linux kernel (I think starting with kernel 3.2?), you can use the hidepid flag when mounting /proc, and this will limit the output of ps, top and similar commands when run by users. Root, of course, will still see everything.
https://www.cyberciti.biz/faq/linux-hid ... her-users/

Your next best bet is an SNMP plugin that allows the use of an authfile. I'm not aware of any off the top of my head, but I haven't really searched them out.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked