There is a new release of the Nagios plugin check_esxi_hardware.py:
Phil Randal made some minor changes in the code and added a bugfix for the output of the system board memory sensors on IBM servers (version 20110504).
Then, over the last couple of days, or meanwhile weeks, I've talked with Fredrik Åslund about using the plugin a bit more secure. Actually, if the root password of the ESX/ESXi server was used with the plugin, it could be seen in clear-text in the process list:
nagios 14515 5.9 0.2 63960 9944 pts/1 S 16:49 0:00 \_ /usr/bin/python ./check_esxi_hardware.py -H esxiserver -U root -P passincleartext -V unknown
A malicious local user could see the root password in clear text. To prevent this, Fredrik had the great idea to store the password in a file. It is now possible to use the -P (--password) parameter in combination with 'file:':
./check_esxi_hardware.py -H esxiserver -U root -P file:/usr/lib/nagios/libexec/.esxipass -V dell
Of course, the permissions of the file need to be secured. It is in general anyway recommended to not have any other users dancing around on central Nagios servers (duh!)!
Thanks to Fredrik for his contribution which was added in version 20110505!