[Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Assaf Flatto 
As the user sent this mail to me - i am forwarding it to the list , so all will 
be able to know what 
he needs and may be able to help more.

Assaf


--  Forwarded Message  --

Subject: Re: [Nagios-users] Configuration files obfuscation
Date: Tuesday 16 June 2009
From: edward baddouh 
To: Assaf Flatto 

Yes, I want the configuration files to be worse (readable).
The idea is to difficult as-much-as-possible config-files theft from ohter
people who admin that server..

There have been times that configuration files were implemented on different
installations (different sites) with minor changes without the admin's
consent..

I don't want nobody to get credits for work I've done and receive no profit
at all..

That's my need for obfuscation. My idea is to keep an original
readable-configuration in a safe place and set the obfuscated config-file in
production.



2009/6/16 Assaf Flatto 

> On Tuesday 16 June 2009 15:53:11 edward baddouh wrote:
> > Hi,
> >
> > is ther a way to obfuscate configuration files?
> >
> > edward
>
>
> You want the files to be more confusing then they are now ???
> the easiest way is not to give self explanatory names to the files /
> directories .
>
> btw - i have a question about this ...
>
> Why ??
>
> Are you trying to make the work on the configuration worse for yourself ?
>
>
>
>
> --
> Assaf Flatto
>
>
>
>
>
> IMPORTANT . this email and the information in it may be confidential,
> legally
> privileged and/or protected by law. It is intended solely for the use of
> the
> person to whom it is addressed. If you are not the intended recipient,
> please
> notify the sender immediately and do not disclose the contents to any other
> person, use it for any purpose, or store or copy the information in any
> medium.
> Please also delete all copies of this email and any attachments from your
> system.
>
> We cannot guarantee the security or confidentiality of email
> communications. We
> do not accept any liability for losses or damages that you may suffer as a
> result of your receipt of this email including but not limited to computer
> service or system failure, access delays or interruption, data non-delivery
> or
> mis-delivery, computer viruses or other harmful components.
>
> Copyright in this email and any attachments belong to Select Service
> Partner UK
> Limited. Should you communicate with anyone at Select Service Partner UK
> Limited by
> email, you consent to us monitoring and reading any such correspondence.
>
> Nothing in this email shall be taken or read as suggesting, proposing or
> relating to any agreement concerted practice or other practice that could
> infringe UK or EC competition legislation.
>
> Select Service Partner UK Limited is a company registered in England and
> Wales
> (company number 05687183) whose registered office is at 1 The Heights,
> Brooklands, Weybridge. Surrey. KT13 0NY
>
>
>
>
> --
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ___
> Nagios-users mailing list
> Nagios-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>

---

-- 
Assaf Flatto
SSP Ops Team
Linux System Administrator
169 Euston Road, London, NW1 2AE

Along with a few colleagues I am doing The Three Peaks Challenge again 
this year to raise money for The Railway Children.
Please sponsor me by making a donation online, simply click on the link 
below and give via your switch/credit card. Thank you.
http://www.justgiving.com/londonnorththreepeaks




IMPORTANT . this email and the information in it may be confidential, legally
privileged and/or protected by law. It is intended solely for the use of the
person to whom it is addressed. If you are not the intended recipient, please
notify the sender immediately and do not disclose the contents to any other
person, use it for any purpose, or store or copy the information in any medium.
Please also delete all copies of this email and any attachments from your
system.

We cannot guarantee the security or confidentiality of email communications. We
do not accept any liability for losses or damages that you may suffer as a
result of your receipt of this email including but not limited to computer
service or system failure, access delays or interruption, data non-delivery or
mis-delivery, computer viruses or other harmful components.

Copyright in this email and any attachments belong to Select Service Partner UK
Limited. Should you communicate

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Kevin Keane 
Obfuscating the config files is going to be difficult, because almost 
everything in them is either a Nagios keyword, or something that shows 
up verbatim in the user interface, or an IP address. The only thing you 
could reasonably obfuscate is the names of the various commands.

But you may be able to use either encryption or permissions to 
accomplish the same goal even more securely.

Using permissions:

If you have problems trusting administrators, you shouldn't give them 
root access. Instead, give each administrator a personal non-root 
account, and use sudo to give them only access to what you want them to 
manage. With that approach, you can then give only the authorized 
administrator sudo access to the nagios config files.

It also lets you track, in the log files, who executed which command.

Another option is to put the configuration files onto a different 
machine that the untrusted admins do not have access to. Export that 
directory using NFS and make it only accessible to user nagios. NFS 
prevents root from accessing the directory.

Using Encryption:

Here are a few methods I could think of. They all take advantage of the 
fact that Nagios doesn't read the config files once it is running (at 
least, I believe that's the case).

- Use some form of encrypted file system that only user nagios can read.
- Put the configuration files into an ISO or a cramfs file system. 
Encrypt the file using gpg. Decrypt and mount that file system only 
right before Nagios starts up, and umount it and delete the decrypted 
version right away (you may even be able to mount the encrypted version 
somehow and decrypt on the fly - I'm not an expert on that). Modify the 
nagios.cfg to point to the mount point, as appropriate.
- Put the configuration files into an ISO, burn an actual CD, and put 
the CD into the machine only right before starting up Nagios. That way, 
the config files physically aren't there at all. Something that is not 
on the machine can't be stolen.
- I'm not sure if Nagios is able to read config files from a script 
instead of a file - if it is, you could encrypt the config files using 
gpg, and have Nagios decrypt it on the fly. Or you could modify the 
Nagios startup script to decrypt the config files right before starting 
Nagios, and delete the decrypted config files after Nagios has started 
successfully.

Assaf Flatto wrote:
> As the user sent this mail to me - i am forwarding it to the list , so all 
> will be able to know what 
> he needs and may be able to help more.
>
> Assaf
>
>
> --  Forwarded Message  --
>
> Subject: Re: [Nagios-users] Configuration files obfuscation
> Date: Tuesday 16 June 2009
> From: edward baddouh 
> To: Assaf Flatto 
>
> Yes, I want the configuration files to be worse (readable).
> The idea is to difficult as-much-as-possible config-files theft from ohter
> people who admin that server..
>
> There have been times that configuration files were implemented on different
> installations (different sites) with minor changes without the admin's
> consent..
>
> I don't want nobody to get credits for work I've done and receive no profit
> at all..
>
> That's my need for obfuscation. My idea is to keep an original
> readable-configuration in a safe place and set the obfuscated config-file in
> production.
>
>
>
> 2009/6/16 Assaf Flatto 
>
>   
>> On Tuesday 16 June 2009 15:53:11 edward baddouh wrote:
>> 
>>> Hi,
>>>
>>> is ther a way to obfuscate configuration files?
>>>
>>> edward
>>>   
>> You want the files to be more confusing then they are now ???
>> the easiest way is not to give self explanatory names to the files /
>> directories .
>>
>> btw - i have a question about this ...
>>
>> Why ??
>>
>> Are you trying to make the work on the configuration worse for yourself ?
>>
>>
>>
>>
>> --
>> Assaf Flatto
>> 

-- 
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About

Office: 866-642-7116
http://www.4nettech.com

This e-mail and attachments, if any, may contain confidential and/or 
proprietary information. Please be advised that the unauthorized use or 
disclosure of the information is strictly prohibited. The information herein is 
intended only for use by the intended recipient(s) named above. If you have 
received this transmission in error, please notify the sender immediately and 
permanently delete the e-mail and any copies, printouts or attachments thereof.


--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Andreas Ericsson 
edward baddouh wrote:
> Yes, I want the configuration files to be worse (readable).
> The idea is to difficult as-much-as-possible config-files theft from ohter
> people who admin that server..
> 
> There have been times that configuration files were implemented on different
> installations (different sites) with minor changes without the admin's
> consent..
> 
> I don't want nobody to get credits for work I've done and receive no profit
> at all..
> 

This is just stupid imo and would be far better solved with some social
conventions. The problem is that there's a limited way of configuring
Nagios for a particular setup, so it's always entirely possible that
whoever you *think* is "stealing" configuration from you has actually
read the nagios docs for 15-30 minutes and then figured out how to do
it themselves. It's not exactly rocket science, and a nagios config
isn't a super-fast cryptographically secure hash algorithm that you
(sometimes) need to jealously protect. The fact that you're trying
makes me feel dirty all over, to be honest.

Why you want an opensource community help you *not* share your work,
I really do not fathom, but you'll get absolutely no help from me.

-- 
Andreas Ericsson   andreas.erics...@op5.se
OP5 AB www.op5.se
Tel: +46 8-230225  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Alain Williams 
On Wed, Jun 17, 2009 at 11:09:10AM +0200, Andreas Ericsson wrote:
> edward baddouh wrote:
> > Yes, I want the configuration files to be worse (readable).
> > The idea is to difficult as-much-as-possible config-files theft from ohter
> > people who admin that server..
> > 
> > There have been times that configuration files were implemented on different
> > installations (different sites) with minor changes without the admin's
> > consent..
> > 
> > I don't want nobody to get credits for work I've done and receive no profit
> > at all..
> > 
> 
> This is just stupid imo and would be far better solved with some social
> conventions. The problem is that there's a limited way of configuring
> Nagios for a particular setup, so it's always entirely possible that
> whoever you *think* is "stealing" configuration from you has actually
> read the nagios docs for 15-30 minutes and then figured out how to do
> it themselves. It's not exactly rocket science, and a nagios config
> isn't a super-fast cryptographically secure hash algorithm that you
> (sometimes) need to jealously protect. The fact that you're trying
> makes me feel dirty all over, to be honest.
> 
> Why you want an opensource community help you *not* share your work,
> I really do not fathom, but you'll get absolutely no help from me.

+1

And who knows ... one of the people who takes your config might improve it
and tell you how!

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
http://www.phcomp.co.uk/contact.php
Past chairman of UKUUG: http://www.ukuug.org/
#include 

--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Julian Hein 


Am 17.06.09 11:09 schrieb "Andreas Ericsson" unter :

> edward baddouh wrote:
>> Yes, I want the configuration files to be worse (readable).
>> The idea is to difficult as-much-as-possible config-files theft from ohter
>> people who admin that server..
>> 
>> There have been times that configuration files were implemented on different
>> installations (different sites) with minor changes without the admin's
>> consent..
>> 
>> I don't want nobody to get credits for work I've done and receive no profit
>> at all..
>> 
> 
> This is just stupid imo and would be far better solved with some social
> conventions. The problem is that there's a limited way of configuring
> Nagios for a particular setup, so it's always entirely possible that
> whoever you *think* is "stealing" configuration from you has actually
> read the nagios docs for 15-30 minutes and then figured out how to do
> it themselves. It's not exactly rocket science, and a nagios config
> isn't a super-fast cryptographically secure hash algorithm that you
> (sometimes) need to jealously protect. The fact that you're trying
> makes me feel dirty all over, to be honest.
> 
> Why you want an opensource community help you *not* share your work,
> I really do not fathom, but you'll get absolutely no help from me.

And it would not work, because the config always gets de-obfuscated in the
objects cache and is visible in the Webinterface with "view config"

Makes no sense to me as well.

Julian


--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Pallavolu Reddi Sekhar Reddy 
Hi,

I have installed the nagios on fedora 10 OS.
how can i get alerts from nagios? where to configure the nagios alerts on
contacts group for my mail ID(pr.sekharre...@gmail.com).

Please let me know your suggestions. thanks in advance.

Thanks
Sekhar Reddy P R


On Wed, Jun 17, 2009 at 2:48 PM, Alain Williams  wrote:

> On Wed, Jun 17, 2009 at 11:09:10AM +0200, Andreas Ericsson wrote:
> > edward baddouh wrote:
> > > Yes, I want the configuration files to be worse (readable).
> > > The idea is to difficult as-much-as-possible config-files theft from
> ohter
> > > people who admin that server..
> > >
> > > There have been times that configuration files were implemented on
> different
> > > installations (different sites) with minor changes without the admin's
> > > consent..
> > >
> > > I don't want nobody to get credits for work I've done and receive no
> profit
> > > at all..
> > >
> >
> > This is just stupid imo and would be far better solved with some social
> > conventions. The problem is that there's a limited way of configuring
> > Nagios for a particular setup, so it's always entirely possible that
> > whoever you *think* is "stealing" configuration from you has actually
> > read the nagios docs for 15-30 minutes and then figured out how to do
> > it themselves. It's not exactly rocket science, and a nagios config
> > isn't a super-fast cryptographically secure hash algorithm that you
> > (sometimes) need to jealously protect. The fact that you're trying
> > makes me feel dirty all over, to be honest.
> >
> > Why you want an opensource community help you *not* share your work,
> > I really do not fathom, but you'll get absolutely no help from me.
>
> +1
>
> And who knows ... one of the people who takes your config might improve it
> and tell you how!
>
> --
> Alain Williams
> Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT
> Lecturer.
> +44 (0) 787 668 0256  http://www.phcomp.co.uk/
> Parliament Hill Computers Ltd. Registration Information:
> http://www.phcomp.co.uk/contact.php
> Past chairman of UKUUG: http://www.ukuug.org/
> #include  
>
>
> --
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ___
> Nagios-users mailing list
> Nagios-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>



-- 
P.R.Sekhar Reddy
+91-9916727650
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Pallavolu Reddi Sekhar Reddy 
I want to add new windows server on nagios.
how can i configure that let me know. on hosts.cfg file


Thanks
Sekhar Reddy P R


On Wed, Jun 17, 2009 at 3:26 PM, Julian Hein  wrote:

>
>
> Am 17.06.09 11:09 schrieb "Andreas Ericsson" unter :
>
> > edward baddouh wrote:
> >> Yes, I want the configuration files to be worse (readable).
> >> The idea is to difficult as-much-as-possible config-files theft from
> ohter
> >> people who admin that server..
> >>
> >> There have been times that configuration files were implemented on
> different
> >> installations (different sites) with minor changes without the admin's
> >> consent..
> >>
> >> I don't want nobody to get credits for work I've done and receive no
> profit
> >> at all..
> >>
> >
> > This is just stupid imo and would be far better solved with some social
> > conventions. The problem is that there's a limited way of configuring
> > Nagios for a particular setup, so it's always entirely possible that
> > whoever you *think* is "stealing" configuration from you has actually
> > read the nagios docs for 15-30 minutes and then figured out how to do
> > it themselves. It's not exactly rocket science, and a nagios config
> > isn't a super-fast cryptographically secure hash algorithm that you
> > (sometimes) need to jealously protect. The fact that you're trying
> > makes me feel dirty all over, to be honest.
> >
> > Why you want an opensource community help you *not* share your work,
> > I really do not fathom, but you'll get absolutely no help from me.
>
> And it would not work, because the config always gets de-obfuscated in the
> objects cache and is visible in the Webinterface with "view config"
>
> Makes no sense to me as well.
>
> Julian
>
>
>
> --
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ___
> Nagios-users mailing list
> Nagios-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>



-- 
P.R.Sekhar Reddy
+91-9916727650
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-17 Thread Marc Powell 

On Jun 17, 2009, at 5:04 AM, Pallavolu Reddi Sekhar Reddy wrote:

> Hi,
>
> I have installed the nagios on fedora 10 OS.
> how can i get alerts from nagios? where to configure the nagios  
> alerts on contacts group for my mail ID(pr.sekharre...@gmail.com).

How is this related to configuration obfuscation?

--
Marc


--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Re: [Nagios-users] Fwd: Re: Configuration files obfuscation

2009-06-18 Thread edward baddouh 
Hey Andreas, don't misunderstand me. It isn't my intention *not to share*, I
do share all my work.

I just wanted if it was possible to do that.

edward

2009/6/17 Andreas Ericsson 

> edward baddouh wrote:
> > Yes, I want the configuration files to be worse (readable).
> > The idea is to difficult as-much-as-possible config-files theft from
> ohter
> > people who admin that server..
> >
> > There have been times that configuration files were implemented on
> different
> > installations (different sites) with minor changes without the admin's
> > consent..
> >
> > I don't want nobody to get credits for work I've done and receive no
> profit
> > at all..
> >
>
> This is just stupid imo and would be far better solved with some social
> conventions. The problem is that there's a limited way of configuring
> Nagios for a particular setup, so it's always entirely possible that
> whoever you *think* is "stealing" configuration from you has actually
> read the nagios docs for 15-30 minutes and then figured out how to do
> it themselves. It's not exactly rocket science, and a nagios config
> isn't a super-fast cryptographically secure hash algorithm that you
> (sometimes) need to jealously protect. The fact that you're trying
> makes me feel dirty all over, to be honest.
>
> Why you want an opensource community help you *not* share your work,
> I really do not fathom, but you'll get absolutely no help from me.
>
> --
> Andreas Ericsson   andreas.erics...@op5.se
> OP5 AB www.op5.se
> Tel: +46 8-230225  Fax: +46 8-230231
>
> Considering the successes of the wars on alcohol, poverty, drugs and
> terror, I think we should give some serious thought to declaring war
> on peace.
>
>
> --
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> ___
> Nagios-users mailing list
> Nagios-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting 
any issue. 
::: Messages without supporting info will risk being sent to /dev/null