Using user Macros

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
ocolin
Posts: 9
Joined: Mon Dec 23, 2013 5:02 pm

Using user Macros

Post by ocolin »

Hi again!

I am trying to use macros to store information in host definitions that then get used by a service definition. So far I have this working. My next step is to then uses a few user macros to store the sensitive data such as community string or passwords used by the hosts. So I am trying to use a user macro from the resource.cfg file in a host as a variable to a customer macro which is then used by a service. Not sure if that makes sense. When I checked the docs it wasn't completely clear as to all the allowed usage so my fear is that maybe the way I am using the user macro is not allowed. Does anyone mind looking at my code to see if there are any problems with it or things that I am not allowed to do (usually the validation process tells me if it doesn't like something).

The last time I had an issue like this it went away after I manually re-entered the configuration and was likely some sort of space somewhere. The same could be true here, but it would be nice to confirm if my configuration is valid or not.

Code: Select all

$USER2$=mycommunitystring

define command {
        command_name                    check_vyatta_ospf
        command_line                    /usr/local/nagios/libexec/check_vyatta_ospf.php $HOSTADDRESS$ $ARG1$
        register                        1
}

define service {
        #NAGIOSQL_CONFIG_NAME           vyatta_ospf
        host_name                       local_switch
        service_description             Check OSPF on Vyatta
        use                             ospf_template
        check_command                   check_vyatta_ospf!$_HOSTCOMMUNITY$
        register                        1
}

define host {
        host_name                       local_switch
        alias                           Local Vyatta Router
        address                         127.0.0.1
        use                             router_template
        _COMMUNITY                      $USER2$
        register                        1
}
My hope with this setup is not just that the sensitive variables can have stricter permissions, but that when ever they get updated I can change them from one location instead of on the config for each host in Nagios CORE 4. Right now when I have the script output the variable it's being sent it just shows me '$' only. Thanks for any input!
Top
User avatar
Box293
Too Basu
Posts: 5126
Joined: Sun Feb 07, 2010 10:55 pm
Location: Deniliquin, Australia
Contact:
Contact Box293

Re: Using user Macros

Post by Box293 »

I can see what you are trying to do but I'm not sure it's possible.

http://nagios.sourceforge.net/docs/3_0/macros.html

Macro Cleansing

Some macros are stripped of potentially dangerous shell metacharacters before being substituted into commands to be executed. Which characters are stripped from the macros depends on the setting of the illegal_macro_output_chars directive. The following macros are stripped of potentially dangerous characters:

$HOSTOUTPUT$
$LONGHOSTOUTPUT$
$HOSTPERFDATA$
$HOSTACKAUTHOR$
$HOSTACKCOMMENT$
$SERVICEOUTPUT$
$LONGSERVICEOUTPUT$
$SERVICEPERFDATA$
$SERVICEACKAUTHOR$
$SERVICEACKCOMMENT$

Additionally, any macros that contain custom variables are stripped for safety and security.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
ocolin
Posts: 9
Joined: Mon Dec 23, 2013 5:02 pm

Re: Using user Macros

Post by ocolin »

That makes sense, otherwise things could be injected. I can easily write a find/replace script to update all of the host config files as needed. That might be a better way than using User macros. None of the passwords/community strings (read only) I use for the monitoring are very high security ones. Thank you for your help!
Top
Locked

Return to “Open Source Nagios Projects”