Check_oracle - Confidenciality

Voon, Ton Ton.Voon at egg.com
Fri May 16 15:00:35 CEST 2003

Previous message: Check_oracle - Confidenciality
Next message: Check_oracle - Confidenciality
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think you are referring to the tablespace and cache tests in check_oracle.
Usual techniques of hiding usernames and passwords is to use a file, but
that would mean a config file on each server. Another trick is passing it
through the environment variables, but we can't really do that here, unless
you enter it in nrpe.cfg. Both these offer no security if the filesystem is
exposed.

I suggest you create a user on Oracle that is only allowed to do minimum
checks with readonly access. This way, if the username and password are
found, the database is not comprimised.

Ton

> -----Original Message-----
> From:	Pascal RENAUT/GROUPE-ES
> [SMTP:pascal.renaut at electricite-strasbourg.fr]
> Sent:	Friday, May 16, 2003 1:12 PM
> To:	nagios-users at lists.sourceforge.net
> Subject:	[Nagios-users] Check_oracle - Confidenciality
> 
> Hi all,
> 
> I use nrpe for checking database on remote server with check_oracle. In my
> nrpe.cfg on my remote server, i 've enterer the commands with all
> arguments
> like login, password,...
> That's the problem
> Can you help me please ?
> ..........................................................................
> ..........................
> Pascal RENAUT / Département Ingénierie Réseaux (I.R.) / Groupe Electricité
> de Strasbourg / 67953 Strasbourg Cedex 9
> Tél : 33 (0) 369 20 6138 / Fax : 33 (0) 369 20 6045 / Email :
> pascal.renaut at electricite-strasbourg.fr
> 
> 
> 
> -------------------------------------------------------
> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
> The only event dedicated to issues related to Linux enterprise solutions
> www.enterpriselinuxforum.com
> 
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null


This private and confidential e-mail has been sent to you by Egg.
The Egg group of companies includes Egg Banking plc
(registered no. 2999842), Egg Financial Products Ltd (registered
no. 3319027) and Egg Investments Ltd (registered no. 3403963) which
carries out investment business on behalf of Egg and is regulated
by the Financial Services Authority.  
Registered in England and Wales. Registered offices: 1 Waterhouse Square,
138-142 Holborn, London EC1N 2NA.
If you are not the intended recipient of this e-mail and have
received it in error, please notify the sender by replying with
'received in error' as the subject and then delete it from your
mailbox.



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Check_oracle - Confidenciality
Next message: Check_oracle - Confidenciality
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list