check_esxi_hardware now reads file for username AND password

Written by - 0 comments

Published on - Listed in VMware Nagios Hardware Virtualization Monitoring

Busy times these days but I managed to get a user request to be built into the Nagios plugin check_esxi_hardware.
As most of you know, since 20110505 it is possible to use a file as "password-holder", as described in this blog post. 'Robiwan' from Vienna, Austria contacted me with the idea that not only the password but also the username could be read from the file. This allows a central stockage of username and password in a file only accessible by root and nagios (for example).

Todays released version 20110614 allows both. If the parameter -U (--user) contains the path to a file, the first string of the given file will be read and used as user. The second string will be used as password. Both strings must be separated by a space (" "):

# cat /home/nagios/.esxipass
root mypass123

But it is still possible to only use the password from the given file. In this case the first string will be used as password:

# cat /home/nagios/.esxipass

As a reminder why this is a good solution: Security !!
If the plugin is launched with the username and password as values (standard), they will be shown in cleartext in the process list on the Nagios server:

# ./ -H -U root -P myesxipass -V dell

# ps auxf | grep esxi_hardware
\_ /usr/bin/python ./ -H -U root -P myesxipass -V dell -v

But if the plugin is launched to use files as user and/or password values, only the filename will be shown:

./ -H -U file:/home/nagios/.esxipass -P file:/home/nagios/.esxipass -V dell

# ps auxf | grep esxi_hardware
\_ /usr/bin/python ./ -H -U file:/home/nagios/.esxipass -P file:/home/nagios/.esxipass -V dell

Of course the given file needs to have the correct security permissions so only the wanted users are allowed to read the file ;-).

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.