There is a new release of the Nagios plugin check_esxi_hardware.py:
Phil Randal made some minor changes in the code and added a bugfix for the output of the system board memory sensors on IBM servers (version 20110504).
Then, over the last couple of days, or meanwhile weeks, I've talked with Fredrik Åslund about using the plugin a bit more secure. Actually, if the root password of the ESX/ESXi server was used with the plugin, it could be seen in clear-text in the process list:
nagios 14515 5.9 0.2 63960 9944 pts/1 S 16:49 0:00 \_ /usr/bin/python ./check_esxi_hardware.py -H esxiserver -U root -P passincleartext -V unknown
A malicious local user could see the root password in clear text. To prevent this, Fredrik had the great idea to store the password in a file. It is now possible to use the -P (--password) parameter in combination with 'file:':
./check_esxi_hardware.py -H esxiserver -U root -P file:/usr/lib/nagios/libexec/.esxipass -V dell
Of course, the permissions of the file need to be secured. It is in general anyway recommended to not have any other users dancing around on central Nagios servers (duh!)!
Thanks to Fredrik for his contribution which was added in version 20110505!
No comments yet.
Personal Internet VMware PHP Linux Shell Bluecoat Proxy Windows Hardware Virtualization Nagios MySQL DB Monitoring Mail Android Network Wyse Hacks Tomcat Postgres Apple Mac Surveillance Backup BSD ZFS Solaris SmartOS Unix Multimedia Perl Database MongoDB CMS OTRS FreeBSD Wordpress LXC Nginx Proxmox DNS Graphics GlusterFS Security Chef HAProxy Icinga Ansible HTML MariaDB Containers Rancher Docker AWS ELK Kibana Logstash Filebeat Varnish PGSQL PostgreSQL ElasticSearch CouchDB Bash Macintosh Container Minio Grafana InfluxDB Databases NFS OSSEC SystemD Java Zoneminder Elasticsearch SSL TLS Icingaweb2 Cloud Wireless Kubernetes Ubuntu