check_disk_smb security

Hi,

Just wanted to see if anyone had any comments about this. In order to get check_disk_smb to work on hidden shares such as C$ and D$, you have to provide a windows Administrator password in the nagios config files. That means anyone who gets access to the nagios config files will be able to see the windows Administrator password in cleartext. Security here is problematic. It looks like the nagios config files have to be well protected. Any suggestions about dealing with this?

Thanks,
Sam

I will answer my own question. Put the values into resource.cfg and make strict permissions on this file.

Hi Sam,

Putting the login credentials into the resource.cfg file and tightening permissions does help.

However, if one checks the “process status” of the nagios process as thus : ps -ef | grep nagios …it displays all the current activity including ‘check_disk_smb’ along with the user-id and the password to the remote shared drive.

To override that problem, one would have to restrict executable permissons on the binary " ps ".

Hope that helps.