From: Andreas E. <ae...@op...> - 2007-01-30 08:50:25
|
Ethan Galstad wrote: > > I prefer using the proposed config file solution to store passwords, > etc. over the idea of passing this info via stdin. In my opinion, the > config file option is a much simpler/elegant solution. > Agreed. > It requires no mods to the Nagios daemon or plugin API. Super-secret > info can be stored in the config file and locked down with standard file > permissions. And a standard library/function set can be created to > allow Perl/C plugins to grab their appropriate entries out of the config > file. > Agreed again. > Now that I'm thinking about it, this type of file format seems like it > must be used by a number of apps. There's probably a GPL'ed library out > there that can read/write config entries to a file in the proposed format. > Yup, although it's not likely any API needs to actually write the files. Explaining to a user how to use a tool to configure their other tools is often harder than it is to just say "make sure your config has foo = bar in the nitfol section". I've got such a library which reads configs in the style of section-name { variable = value } in a very generic way. I'd be happy to share it if anyone's interested. > As for loosing the ability to keep private information in the Nagios > host/service definitions... I guess that's a good reason to make sure > the monitoring server isn't used by normal users. If its a dedicated > box, it shouldn't matter what information is being passed on the command > lines between the daemon and the plugins. > There's no real difference between having the private info in the nagios config or a separate file. If any, it'd be safer to have it in a separate file, as it'd be clear that that file needs protecting. -- Andreas Ericsson and...@op... OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 |