Configuration files obfuscation

Andrew Davis nccomp at gmail.com
Wed Jun 17 00:05:23 CEST 2009


One idea that we do here is to chroot the entire nagios dir and all 
related components (mysql, apache, etc). The parent directory of the 
chroot is owned by root and set to 700 perm's. It requires a bit of 
tweaking to get it right and lots of reading through log files to work 
out the inital bugs, but once that's done, it works. For that matter, 
the server itself is virtualized... so its chrooted within a virtualized 
container.

Are you concerned with users getting in through the web page and 
accessing the raw files and then knowing about your inside network or 
employees gaining physical access to the server? The approach to protect 
each is different. Or perhaps you're passing username/password combos in 
some of the cfg files (ie: http testing, etc), so you want to hide that? 
Easier solution is a nagios user with limited access to use for this 
purpose. If you can elaborate on your areas of concern, we could 
probably offer further input.

  A. Davis
  Email:     nccomp at gmail.com

  "There is no limit to what a man can accomplish
   if he doesn't care who gets the credit." - Ronald Reagan



Mat W wrote:
> if the idea is for others not to see it... why not just ensure proper 
> file ownership and limited permissions?
>  
> Assuming only Root and Nagios users can read the file... I'd think 
> anyone that could become those users should be able to read them anyway.
>
> -- 
> Mat W. - http://www.techadre.com <http://www.techadre.com/>
>
>
>  
> ------------------------------------------------------------------------
> Date: Tue, 16 Jun 2009 11:53:11 -0400
> From: ebaddouh at gmail.com
> To: nagios-users at lists.sourceforge.net
> Subject: [Nagios-users] Configuration files obfuscation
>
> Hi,
>
> is ther a way to obfuscate configuration files?
>
> edward
>
> ------------------------------------------------------------------------
> Bing™ brings you maps, menus, and reviews organized in one place. Try 
> it now. 
> <http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TEXT_MLOGEN_Core_tagline_local_1x1> 
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing 
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090616/cdf51094/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list