NCPA - mytoken encryption

[kodlan]

Hi Guys

I have a question.

With NCPA you have to code the 'mytoken' in your services.cfg file right, Is there a way to encrypt this token as it is clear text in a file?
Is this not a security concern having a "password" in clear text?

[danjoh]

We put it in .../private/resource.cfg in a "USER-variable" higher then 10 (in the default configuration, "USER-variables" with an index of 10 or higher are "masked" in the CGI-output.

We have it like this:
In /etc/nagios/private/resource.cfg:

Code: Select all

# NCPA Token
$USER10$=<hostgroup-1 secret token>
$USER11$=<hostgroup-2 secret token>

and then in /etc/nagios/objects/commands.cfg:

Code: Select all

# 'check_ncpa' command definition
define command{
        command_name    check_ncpa
        command_line    $USER1$/contrib/check_ncpa.py -H $HOSTADDRESS$ -t $ARG1$ -M '$ARG2$' $ARG3$
        }

and last but not least in the service definition:

Code: Select all

define service {
        use                             local-service,srv-pnp
        service_description             Memory Usage
        host_name                       iddjo03
        check_command                   check_ncpa!$USER10$!memory/virtual
}

We are using the same token for multiple hosts, but have different tokens ($USER11$, $USER12$, ...) for different groups of hosts.