Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

Bugfixes and password from file possibility in check_esxi_hardware
Thursday - May 5th 2011 - by - (0 comments)

There is a new release of the Nagios plugin check_esxi_hardware.py

Phil Randal made some minor changes in the code and added a bugfix for the output of the system board memory sensors on IBM servers (version 20110504).

Then, over the last couple of days, or meanwhile weeks, I've talked with Fredrik Åslund about using the plugin a bit more secure. Actually, if the root password of the ESX/ESXi server was used with the plugin, it could be seen in clear-text in the process list:

\_ -bash
nagios     14515  5.9  0.2  63960  9944 pts/1    S    16:49   0:00                          \_ /usr/bin/python ./check_esxi_hardware.py -H esxiserver -U root -P passincleartext -V unknown

A malicious local user could see the root password in clear text. To prevent this, Fredrik had the great idea to store the password in a file. It is now possible to use the -P (--password) parameter in combination with 'file:':

./check_esxi_hardware.py -H esxiserver -U root -P file:/usr/lib/nagios/libexec/.esxipass -V dell

Of course, the permissions of the file need to be secured. It is in general anyway recommended to not have any other users dancing around on central Nagios servers (duh!)!

Thanks to Fredrik for his contribution which was added in version 20110505!

 

Add a comment

Show form to leave a comment

Comments (newest first):

No comments yet.

Go to Homepage home
Linux Howtos how to's
Monitoring Plugins monitoring plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

7367 Days
until Death of Computers
Why?