There is a new release of the Nagios plugin check_esxi_hardware.py:
Phil Randal made some minor changes in the code and added a bugfix for the output of the system board memory sensors on IBM servers (version 20110504).
Then, over the last couple of days, or meanwhile weeks, I've talked with Fredrik Åslund about using the plugin a bit more secure. Actually, if the root password of the ESX/ESXi server was used with the plugin, it could be seen in clear-text in the process list:
nagios 14515 5.9 0.2 63960 9944 pts/1 S 16:49 0:00 \_ /usr/bin/python ./check_esxi_hardware.py -H esxiserver -U root -P passincleartext -V unknown
A malicious local user could see the root password in clear text. To prevent this, Fredrik had the great idea to store the password in a file. It is now possible to use the -P (--password) parameter in combination with 'file:':
./check_esxi_hardware.py -H esxiserver -U root -P file:/usr/lib/nagios/libexec/.esxipass -V dell
Of course, the permissions of the file need to be secured. It is in general anyway recommended to not have any other users dancing around on central Nagios servers (duh!)!
Thanks to Fredrik for his contribution which was added in version 20110505!
No comments yet.
AWS Android Ansible Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Container Containers CouchDB DB DNS Database Databases Docker ELK ElasticSearch Elasticsearch Filebeat FreeBSD GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb2 InfluxDB Internet Java Kibana Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Rancher SSL Security Shell SmartOS Solaris Surveillance SystemD TLS Tomcat Ubuntu Unix VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder