Configuration files obfuscation
Andrew Davis
nccomp at gmail.com
Wed Jun 17 00:05:23 CEST 2009
One idea that we do here is to chroot the entire nagios dir and all
related components (mysql, apache, etc). The parent directory of the
chroot is owned by root and set to 700 perm's. It requires a bit of
tweaking to get it right and lots of reading through log files to work
out the inital bugs, but once that's done, it works. For that matter,
the server itself is virtualized... so its chrooted within a virtualized
container.
Are you concerned with users getting in through the web page and
accessing the raw files and then knowing about your inside network or
employees gaining physical access to the server? The approach to protect
each is different. Or perhaps you're passing username/password combos in
some of the cfg files (ie: http testing, etc), so you want to hide that?
Easier solution is a nagios user with limited access to use for this
purpose. If you can elaborate on your areas of concern, we could
probably offer further input.
A. Davis
Email: nccomp at gmail.com
"There is no limit to what a man can accomplish
if he doesn't care who gets the credit." - Ronald Reagan
Mat W wrote:
> if the idea is for others not to see it... why not just ensure proper
> file ownership and limited permissions?
>
> Assuming only Root and Nagios users can read the file... I'd think
> anyone that could become those users should be able to read them anyway.
>
> --
> Mat W. - http://www.techadre.com <http://www.techadre.com/>
>
>
>
> ------------------------------------------------------------------------
> Date: Tue, 16 Jun 2009 11:53:11 -0400
> From: ebaddouh at gmail.com
> To: nagios-users at lists.sourceforge.net
> Subject: [Nagios-users] Configuration files obfuscation
>
> Hi,
>
> is ther a way to obfuscate configuration files?
>
> edward
>
> ------------------------------------------------------------------------
> Bing™ brings you maps, menus, and reviews organized in one place. Try
> it now.
> <http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TEXT_MLOGEN_Core_tagline_local_1x1>
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ------------------------------------------------------------------------
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090616/cdf51094/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list