Page 1 of 1
Securing Mysql Password
Posted: Thu Aug 11, 2016 4:58 am
by postel
Hi, i am new with Nagios XI. We had a vulnerability assestment and it reported the plain mysql password. How can i crypt and secure it? Is there a way?
Thanks.
Paolo
Re: Securing Mysql Password
Posted: Thu Aug 11, 2016 9:38 am
by rkennedy
This document outlines how to change the passwords from the default in XI -
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Is that what you were looking for? If not, could you be more specific as to where the vulnerability was reported?
Re: Securing Mysql Password
Posted: Thu Aug 11, 2016 9:54 am
by postel
Thanks for the reply. I see the plain mysql password in config files.... anyone can read it. So we need to crypt it. Is it possibile with nagios XI?
Re: Securing Mysql Password
Posted: Thu Aug 11, 2016 9:56 am
by tmcdonald
The problem with encrypting a password is that it needs to be unencrypted in order to be used, and in order to unencrypt it you need the key. The key needs to be stored in plaintext otherwise it can't be used to decrypt the password. Then if you try to encrypt the key, you run into the same problem all over again.
One solution is to change the permissions on the file with the password in it to disallow anyone who is not the owner or in the correct group from reading it. Typically this would be something like chmod 660 /path/to/file but I can't say we've tested this.