Re: [Nagios-devel] [Nagiosplug-devel] RFC: Plugins config file (final proposal) (Nagios V3 object macros)

[Andreas E. <ae...@op...>]

Ethan Galstad wrote:
> 
> I prefer using the proposed config file solution to store passwords, 
> etc. over the idea of passing this info via stdin.  In my opinion, the 
> config file option is a much simpler/elegant solution.
> 

Agreed.

> It requires no mods to the Nagios daemon or plugin API.  Super-secret 
> info can be stored in the config file and locked down with standard file 
> permissions.   And a standard library/function set can be created to 
> allow Perl/C plugins to grab their appropriate entries out of the config 
> file.
> 

Agreed again.

> Now that I'm thinking about it, this type of file format seems like it 
> must be used by a number of apps.  There's probably a GPL'ed library out 
> there that can read/write config entries to a file in the proposed format.
> 

Yup, although it's not likely any API needs to actually write the files.
Explaining to a user how to use a tool to configure their other tools
is often harder than it is to just say "make sure your config has
	foo = bar

in the nitfol section".

I've got such a library which reads configs in the style of

section-name {
	variable = value
}

in a very generic way. I'd be happy to share it if anyone's interested.

> As for loosing the ability to keep private information in the Nagios 
> host/service definitions...  I guess that's a good reason to make sure 
> the monitoring server isn't used by normal users.  If its a dedicated 
> box, it shouldn't matter what information is being passed on the command 
> lines between the daemon and the plugins.
> 

There's no real difference between having the private info in the nagios
config or a separate file. If any, it'd be safer to have it in a
separate file, as it'd be clear that that file needs protecting.

-- 
Andreas Ericsson                   and...@op...
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231