WMIC deprecated by Microsoft - agentless monitoring - nagios wmi+

hello folks,

we were wondering if anyone else was affected by microsofts decision to deprecate WMIC. At the moment we are using check_mk raw on a linux system agentless monitoring our Windows Servers with the nagios plugin check_wmi plus.

Within the newest updates for our windows servers microsoft deactivated WMIC so we don’t get data like CPU, RAM, Storage usage or running services any more.

Does any one else don’t want to use the agent and has an idea how to make that queries without WMIC?

Maybe it’s possible to reactivate WMIC?

We thought about a query with powershell by using Cim providers (Get-CimInstance) but powershell on linux doesn’t support that cmdlets.

Ideas would be appreciated.

Thank you for your time and help best regards

This is announced long time ago. The alternative is winrm.
In Nagios we use pywinrm instead:

regards

Michael

Can you explain a little more you usecase, i.e. why you are not using the Agent?

BR

hello Michael,

pywinrm looks promising i will take a look into it. It would be a great help if you could give me a code sample how you managed to get the values back into check_mk.

Did you write a check_plugin by your own and use the pywinrm commands inside of it or did you write a own python script for pywinrm and somehow pipe the resulsts from there into a check_plugin?

thank you and have a nice day

We developed nagios plugins with pywinrm. Until now no checkmk plugins written. See checkmk docs to get an idea how to develop a checkmk plugin. What you finally may need is a special agent. See the official code of the special agents in Agent → Other integrations.

regards

Michael

what @wittmannthom said: Why not use an agent?
Both from a security and performance perspective, this would most likely be preferable…

hello elias,

it’s a good question. I’m not shure that i can answer it seasonable. To make a long story short, the installation of the agent on our servers is not desired. I’m aware of the pros and cons but sadly it’s not an option for us.

I’m greatful for your effort.

Best Regars Matthias

I know such discussions with OP teams from the past Nagios times the Windows agent was not allowed to be used and we had been forced to use SNMP instead. Basically you have to accept that if the responsible team made such a decision. Finally they have to live with the consequences and that we cannot do certain things in monitoring.
What needs to be understood in such discussions is that SNMP is also a monitoring agent, a very old one and until version 2.0 without security. In worst scenario if SNMP agent is not well configured, it also can damage a system. I have seen UPS systems running SNMP in default configuration with community private for write access and no further limitations. From remote I can shutdown a complete datacenter in that case. Same issue with interfaces on a host.
Same security issues exist with WINRM! You have to spend a certain amount if time to build and test a secure configuration on the Windows servers.
The good thing with the checkmk agent is that its fairly secure, lightweight and open source. So in case of doubts check the code :wink:

regards

Michael

3 Likes

Let me just add, it is readonly. No data can be injected to harm the system it is installed on.

1 Like

Not necessarily true. It depends if automatic agent updates are used or not. If yes, everyone with access to the Bakery and OS can inject arbitrary code which is run, if not otherwise changed, with root or system account.

BR

MF

True.
But you have to explicitly enable that feature, which implies, that you understand and are ok with the ramifications. If ‘security’ is a topic of that much concern, the original poster can simply not use the updater function.
Not to mention, that we ensure the highest level of security possible there, and the agent pulls the updates, there is no pushing. Of course, if your central site is compromised, the agents can be compromised. But that is a completely different story, isn’t it?

1 Like

Even if the CMK server is compromised, the invader also has to have the Bakery’s signature key and the related secret to modify the baked agents.
And it’s even possible to keep the key itself on a USB stick and only insert it for signing the agents.

4 Likes