There is a new release of the Nagios plugin check_esxi_hardware.py:
Phil Randal made some minor changes in the code and added a bugfix for the output of the system board memory sensors on IBM servers (version 20110504).
Then, over the last couple of days, or meanwhile weeks, I've talked with Fredrik Åslund about using the plugin a bit more secure. Actually, if the root password of the ESX/ESXi server was used with the plugin, it could be seen in clear-text in the process list:
\_ -bash
nagios 14515 5.9 0.2 63960 9944 pts/1 S 16:49 0:00 \_ /usr/bin/python ./check_esxi_hardware.py -H esxiserver -U root -P passincleartext -V unknown
A malicious local user could see the root password in clear text. To prevent this, Fredrik had the great idea to store the password in a file. It is now possible to use the -P (--password) parameter in combination with 'file:':
./check_esxi_hardware.py -H esxiserver -U root -P file:/usr/lib/nagios/libexec/.esxipass -V dell
Of course, the permissions of the file need to be secured. It is in general anyway recommended to not have any other users dancing around on central Nagios servers (duh!)!
Thanks to Fredrik for his contribution which was added in version 20110505!
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder