Busy times these days but I managed to get a user request to be built into the Nagios plugin check_esxi_hardware.
As most of you know, since 20110505 it is possible to use a file as "password-holder", as described in this blog post. 'Robiwan' from Vienna, Austria contacted me with the idea that not only the password but also the username could be read from the file. This allows a central stockage of username and password in a file only accessible by root and nagios (for example).
Todays released version 20110614 allows both. If the parameter -U (--user) contains the path to a file, the first string of the given file will be read and used as user. The second string will be used as password. Both strings must be separated by a space (" "):
# cat /home/nagios/.esxipass
root mypass123
But it is still possible to only use the password from the given file. In this case the first string will be used as password:
# cat /home/nagios/.esxipass
mypass123
As a reminder why this is a good solution: Security !!
If the plugin is launched with the username and password as values (standard), they will be shown in cleartext in the process list on the Nagios server:
# ./check_esxi_hardware.py -H 10.1.1.50 -U root -P myesxipass -V dell
# ps auxf | grep esxi_hardware
\_ /usr/bin/python ./check_esxi_hardware_test.py -H 10.1.1.50 -U root -P myesxipass -V dell -v
But if the plugin is launched to use files as user and/or password values, only the filename will be shown:
./check_esxi_hardware_test.py -H 10.1.1.50 -U file:/home/nagios/.esxipass -P file:/home/nagios/.esxipass -V dell
# ps auxf | grep esxi_hardware
\_ /usr/bin/python ./check_esxi_hardware_test.py -H 10.1.1.50 -U file:/home/nagios/.esxipass -P file:/home/nagios/.esxipass -V dell
Of course the given file needs to have the correct security permissions so only the wanted users are allowed to read the file ;-).
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder