How to set passwords for Nagios plugins

matze218 · July 15, 2022, 4:08pm

Hello,

how can passwords be set for Nagios plugins checks (“Integrate Nagios plugins”)? If I set them as “custom service attribute” they are shown in the GUI at the service which anyone can see.

BeatONE · July 15, 2022, 7:32pm

As far as I know there is no other way to do this.

andreas-doehler · July 15, 2022, 7:53pm

There is the old “resource.cfg” file inside “~/etc/nagios”.
Inside this file you can define user variables and these can then be uses as “$USER6$” inside your plugin command.

matze218 · July 15, 2022, 8:12pm

@andreas-doehler Thank you. My colleague was doing it like that already but wasn’t sure if that is the “correct” way. At least is not the “best” way… but better than seeing the credentials in GUI.
All those many settings via rule are and not be able to set them in the file directly is bad enough, so thats good that I can set those attributes there… but there are still so many other attributes which need to be set all via rule which is imho quite risky…

matze218 · July 16, 2022, 4:17pm

I just recognised that now using resource.cfg I must create a rule for each check of the same type…
So I cannot create one rule like: “check_pgsql -H $HOSTADDRESS$ -P 5432 -l nagios -d nagios -p $_SERVICEPASSWORD$”…
Instead I must create many and many rules because the password variable in resource.cfg will be different… Anyone know how to solve that?

Kind regards
Mathias

andreas-doehler · July 17, 2022, 8:08pm

If every check uses different values for the variables then there is no easy way.
Sooner or later I would do things differently here.
Wrapper script that uses the custom variables set for every host.
At the moment i don’t know what is available as environment variables.
The wrapper then calls the real active check. This way it would be possible to not expose the variables on the check command inside the GUI.

matze218 · July 18, 2022, 5:49am

Thanks for sharing @andreas-doehler. I will think about it and maybe there is some day a solution provided by checkmk.

system · July 18, 2023, 5:49am

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.

philippe · March 20, 2024, 9:18am

these variables/macros can they be used in MRPE also ?

I am trying to add MRPE checks to an agent and want to use create a template where I can replace the hosts, pwds and users with macros defined in CMK env or in that resource.cfg file but so far I’m unsuccessful, it just pasts the variable name and not the values …