Hi
100% nagios newbie here.
I've been asked to "look" at our nagios install. One of the first thing i notice, is that we have hundreds of users being able to log in to the system. They're able to manage hosts and checks. Now, some of the checks includes usernames and passwords in clear text. Some of the users are AD domain admins. From a security perspective, i'm pretty sure this is a no no.
One of the checks i'm talking about goes like this:
$USER1$/check_mssql_annonce -H $HOSTADDRESS$ --username LEETUSER --password YOURMOM --database $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
What can i do to avoid these things? How do you hide the usernames/passwords and instead use a hash or something?
Whats the golden best practice in terms of this?
nagios checks that exposes usernames/passwords in clear text
-
whateverman
- Posts: 2
- Joined: Fri Aug 26, 2016 4:57 am
Re: nagios checks that exposes usernames/passwords in clear
Using a monitoring agent to execute local plugins is an option. https://exchange.nagios.org/directory/A ... ing-Agents has a list of monitoring agents that would secure the connection between Nagios and the server.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.