How to set passwords for Nagios plugins

Hello,

how can passwords be set for Nagios plugins checks (“Integrate Nagios plugins”)? If I set them as “custom service attribute” they are shown in the GUI at the service which anyone can see.

1 Like

As far as I know there is no other way to do this.

There is the old “resource.cfg” file inside “~/etc/nagios”.
Inside this file you can define user variables and these can then be uses as “$USER6$” inside your plugin command.

1 Like

@andreas-doehler Thank you. My colleague was doing it like that already but wasn’t sure if that is the “correct” way. At least is not the “best” way… but better than seeing the credentials in GUI.
All those many settings via rule are and not be able to set them in the file directly is bad enough, so thats good that I can set those attributes there… but there are still so many other attributes which need to be set all via rule which is imho quite risky…

I just recognised that now using resource.cfg I must create a rule for each check of the same type…
So I cannot create one rule like: “check_pgsql -H $HOSTADDRESS$ -P 5432 -l nagios -d nagios -p $_SERVICEPASSWORD$”…
Instead I must create many and many rules because the password variable in resource.cfg will be different… Anyone know how to solve that?

Kind regards
Mathias

1 Like

If every check uses different values for the variables then there is no easy way.
Sooner or later I would do things differently here.
Wrapper script that uses the custom variables set for every host.
At the moment i don’t know what is available as environment variables.
The wrapper then calls the real active check. This way it would be possible to not expose the variables on the check command inside the GUI.

Thanks for sharing @andreas-doehler. I will think about it and maybe there is some day a solution provided by checkmk.