nagios checks that exposes usernames/passwords in clear text
Posted: Thu Aug 31, 2017 8:30 am
Hi
100% nagios newbie here.
I've been asked to "look" at our nagios install. One of the first thing i notice, is that we have hundreds of users being able to log in to the system. They're able to manage hosts and checks. Now, some of the checks includes usernames and passwords in clear text. Some of the users are AD domain admins. From a security perspective, i'm pretty sure this is a no no.
One of the checks i'm talking about goes like this:
$USER1$/check_mssql_annonce -H $HOSTADDRESS$ --username LEETUSER --password YOURMOM --database $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
What can i do to avoid these things? How do you hide the usernames/passwords and instead use a hash or something?
Whats the golden best practice in terms of this?
100% nagios newbie here.
I've been asked to "look" at our nagios install. One of the first thing i notice, is that we have hundreds of users being able to log in to the system. They're able to manage hosts and checks. Now, some of the checks includes usernames and passwords in clear text. Some of the users are AD domain admins. From a security perspective, i'm pretty sure this is a no no.
One of the checks i'm talking about goes like this:
$USER1$/check_mssql_annonce -H $HOSTADDRESS$ --username LEETUSER --password YOURMOM --database $ARG1$ $ARG2$ -w $ARG3$ -c $ARG4$
What can i do to avoid these things? How do you hide the usernames/passwords and instead use a hash or something?
Whats the golden best practice in terms of this?