Page 1 of 2
Query on NSClient authentication details
Posted: Fri Apr 13, 2018 3:36 am
by bsivavani
Hi,
We have observed that check_nt plugin using password using -s option and it is in decrypt format (plain text).
Kindly let us know if there is any way to encrypt the password as the user don't want to see the nsclient password in nsclient.ini file due to some security reasons.
Kindly let us know if there is any process to encrypt the nsclient password or any suggestions on this request.
Re: Query on NSClient authentication details
Posted: Fri Apr 13, 2018 9:23 am
by lmiltchev
I don't believe there is a method to encrypt the NSClient++ password (for check_nt), however you could place it in a
user macro. This way, it won't be in "plain sight" - it will be stored in a file (/usr/local/nagios/etc/resource.cfg) on the Nagios XI server.
To find out how to implement user macros in Nagios XI, please review our documentation on the topic below:
https://assets.nagios.com/downloads/nag ... Macros.pdf
Re: Query on NSClient authentication details
Posted: Sat Apr 14, 2018 3:41 pm
by manojkonda
Hi lmiltchev,
Thanks for the reply.
If i'm not wrong, looks like this Macros are created on the Nagios XI server to hide the passwords mentioned in the commands.
But what we are looking is to hide/encrypt the password that is mentioned in the nsclient.ini file due to some security issues.
Is that possible to hide or encrypt that password ?
Re: Query on NSClient authentication details
Posted: Mon Apr 16, 2018 8:10 am
by mcapra
You should be able to run the agent with the
-encrypt flag to
obfuscate the password in the NSClient++ configuration file. This isn't actually "encrypting" anything, but the password will at least not be stored in plain-text.
[Settings]
;# OBFUSCATED PASSWORD
; This is the same as the password option but here you can store the password in an obfuscated manner.
; *NOTICE* obfuscation is *NOT* the same as encryption, someone with access to this file can still figure out the
; password. Its just a bit harder to do it at first glance.
;obfuscated_password=Jw0KAUUdXlAAUwASDAAB
More info here:
https://sourceforge.net/p/nscplus/discu ... /1be0e533/
Re: Query on NSClient authentication details
Posted: Mon Apr 16, 2018 9:34 am
by lmiltchev
Thanks @mcapra!
@manojkonda, did mcapra answer your question?
Re: Query on NSClient authentication details
Posted: Mon Apr 16, 2018 12:41 pm
by manojkonda
@mcapra, thank you for the response. We will check this option.
Is it possible to Encrypt the password completely than just obfuscating it ? As we have a setup which is completely secured and the client doesn't want any of these passwords to be mentioned any where without encrypting them.
Any help on this is much appreciated
Thank You !
Re: Query on NSClient authentication details
Posted: Mon Apr 16, 2018 4:48 pm
by lmiltchev
Again, I don't think it is possible to encrypt the check_nt password in NSClient++.
https://sourceforge.net/p/nscplus/discu ... /1be0e533/
I would recommend asking the developer of NSClient++ directly. He should be able to clarify this for you.
Re: Query on NSClient authentication details
Posted: Wed Apr 18, 2018 7:47 am
by bsivavani
Re: Query on NSClient authentication details
Posted: Wed Apr 18, 2018 9:56 am
by lmiltchev
This is an old post. The executable is called nscp.exe now (not NSClient++.exe). It is usually located in the "C:\Program Files\NSClient++" directory.
Having said that, I tried running "nscp -encrypt", but this didn't work for me. It seems like this option is no longer available (in the newer versions of NSClient++), at least I don't see it in the help menu. There have been a push towards deprecating check_nt, and using check_nrpe instead, so it is possible that the "-encrypt" option has been removed.
Again, I would recommend posting your question on the NSClient++ support forum, and getting some clarification by the developer. Thank you!
Re: Query on NSClient authentication details
Posted: Wed Apr 18, 2018 12:07 pm
by bsivavani
Thanks for the update. We have posted on to NSClient++ forum.