Hi, The help message of the check_mysql plugin clearly tells there is a risk to use the -p option, which requires to specify the password on the command line. Indeed : any look at the process table while the check is being processed would show the password in its plain form.
I tried to use the [client] sections of the MySQL configuration, be them either in the system-wide or user's configuration files, which MySQL client actually uses, but check_mysql does not seem to use their contents. However, tracing a check_mysql run shows that (probably because it uses the libmysqlclient library) opens and reads each .cnf file of MySQL, even the user's one. I did not find any documentation regarding this capability. So I do not know if it is finally not possible to do this way, if this is a known bug being corrected, or if I this is possible but I am doing wrong. I also found articles on the web talking about the $USERn$ macros. I understand that using these would help to secure password storage by setting restrictive permissions on the resource configuration files defining them, but what about the appearance of the plain password in the process list ? I would very appreciate some explanation and advices by those who already faced the same requirements. Thanks in advance. Regards, -- Fabien Malfoy Systems engineer - Ullink 23 rue de Provence - 75009 Paris - FRANCE Phone: +33 (0)1.44.50.77.55 - 2108 E-mail: fabien DOT malfoy AT ullink DOT com ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
