[check_postgres] more secure nagios checks
Glyn Astill
glynastill at yahoo.co.uk
Tue Mar 10 11:34:55 UTC 2009
--- On Mon, 9/3/09, Robert Treat <xzilla at users.sourceforge.net> wrote:
> Howdy folks,
>
> I've got a system that has some relativly high security
> needs that I want to
> use check_postgres / nagios on. Currently some the checks
> I want to use
> require superuser acess (like check_postgres_wal_files),
> but I'd rather not
> put a superuser account into my nagios config. In theory it
> would be easy to
> wrap the checks into a security definer function and have a
> non-super user
> call them, but I'm not really eager to make a
> quasi-fork of check postgres.
> So, before I do that, I thought I'd ask if anyone here
> has had a similar need
> and come up with a work around for that? Alternativly, if I
> do have to go
> through rewriting the checks, does anyone have an interest
> in using them? TIA
>
I've not avoided putting account details in my nagios config, so this probably is not secure enough for you. However all my checks are done via the nrpe plugin, this way the superuser account is only used on the database server itself via a .pgpass file, i.e. no account details are on the external monitoring machines running nagios.
More information about the Check_postgres
mailing list