Re: [Nagios-devel] Need a way to prevent custom object variables (e.g. password) from going into en
Nagios network monitoring software is enterprise server monitoring
Brought to you by:
egalstad,
sawolf-nagios
From: <rou...@cs...> - 2006-12-30 02:25:41
|
In message <200...@ed...>, Joerg Linge writes: >Am Freitag, 29. Dezember 2006 18:36 schrieb rou...@cs...: >> Hi all: >[...] >> It also mentions that custom object vars are available as >> environmental variables. Is there a way to turn that off? I.E. if the >> variable was a password you don't want that being passed in the >> environment where it is viewable by everybody. > >The ENV Vars are only available for new processes forked by the Nagios Daemon. >So the vars are not available for everybody. Using ps I can dump the environment of any/all processes by default under linux (ps -auxew for example), so unless you are running a security enhanced linux that restricts that, any user on the system can see the environment including passwords. -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions. |