WMI wizard - how to hide password?

[lavignp]

Does anyone know how to hide the password when using the WMI wizard to set up monitoring? After I configure the service, if I go in to edit it, I can clearly see the username and password in the command string. Not cool.

I have dug through as much documentation as I could find, and I do see an option to create an authentication file for the Check WMI Plus plugin. How in the world would I make these two work together, in terms of the syntax, which appears to be different from the command line options that are available? Plus, even the idea of having the password in plain text on the Nagios server is still not ideal, but better than the current setup.

Does anyone have any better ideas?

Thanks

[slansing]

If you do want to hide your password.. you can use USER macros. All you need to do is edit your resource.cfg file and add a new $USER$ macro as they are shown there. These macros can contain information that you would rather keep hidden, or to transport information that would not normally work when passed through the CCM in check commands.

Code: Select all

/usr/local/nagios/etc/resource.cfg

[lavignp]

Thing is, it seems I would have to go though each WMI service, one by one, and click through to edit each and every command string, right? My Linux chops are rusty, so I'm, talking about going though the management interface.

[slansing]

Well you may be able to supply $USERx$ in the password field of the wizard. If you have already set these hosts/services up why not just re-run the wizard using the exact same host name, that will then change the objects to use your new password.

[inkognitos]

We would like to use USER macros for WMI check and actualy it works for single checks. But not for a wizard.
Is there a way how to use user macros inside of WMI wizard to be able discover host? In case I would use real connection information they would be in all checks then and I would have to hide them one by one.

Currently I have altered WMI command to use USER macro, so check it self can have anything and it is just ignored. And the same thing would like to to do for wizard.

[rkennedy]

When you mention using the USER macros, are you using them on the first page that asks for the IP / user / password? Just trying to make sure we're on the same page here.

[inkognitos]

Yes, we would like to use it there and prevent that way of saving credentials into checks.
We changed default command now : "$USER1$/check_wmi_plus.pl -H $HOSTADDRESS$ -u $USER9$ -p $USER10$ -m $ARG3$ $ARG4$ -y 60"
So all current checks could be without arg1 and 2 or with non-existing user.

We tried also authentication file, but that one is not working correctly together with event log checks. Which are failing because of whatever reason.

Ideal would be if username and password wouldn't be required at all in wizard and would be used internal USER macros.

[rkennedy]

You should be able to use the $USER#$ macro's in the wizard, for the password field. It currently won't work for the username part, but I've added a feature request for this. ID #8196.