Hi,
Our security team have asked us if service checks arguments can be encrypted in any way?
For example a service check which uses the check_mysql_health plugin. This check requires user name and password arguments to authenticate against MySQL. Is there any way that these could not be stored on the Nagios server in plain text?
Regards,
Andy
Service check arguments - security question
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Service check arguments - security question
Hi Andy,
Currently, the best practice for minimizing exposure for password arguments is to define them as macros so they are not visible within Nagios XI or the database. Please see the guideline below.
Nagios XI - Plain Text Password Considerations
https://support.nagios.com/kb/article/n ... s-817.html
As far as encrypting resource.cfg, this is currently an open feature request for Nagios Core.
https://github.com/NagiosEnterprises/na ... issues/367
Let me know if you have any other questions.
Currently, the best practice for minimizing exposure for password arguments is to define them as macros so they are not visible within Nagios XI or the database. Please see the guideline below.
Nagios XI - Plain Text Password Considerations
https://support.nagios.com/kb/article/n ... s-817.html
As far as encrypting resource.cfg, this is currently an open feature request for Nagios Core.
https://github.com/NagiosEnterprises/na ... issues/367
Let me know if you have any other questions.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!