Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
Hey Andreas, don't misunderstand me. It isn't my intention *not to share*, I do share all my work. I just wanted if it was possible to do that. edward 2009/6/17 Andreas Ericsson a...@op5.se edward baddouh wrote: Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. This is just stupid imo and would be far better solved with some social conventions. The problem is that there's a limited way of configuring Nagios for a particular setup, so it's always entirely possible that whoever you *think* is stealing configuration from you has actually read the nagios docs for 15-30 minutes and then figured out how to do it themselves. It's not exactly rocket science, and a nagios config isn't a super-fast cryptographically secure hash algorithm that you (sometimes) need to jealously protect. The fact that you're trying makes me feel dirty all over, to be honest. Why you want an opensource community help you *not* share your work, I really do not fathom, but you'll get absolutely no help from me. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Fwd: Re: Configuration files obfuscation
As the user sent this mail to me - i am forwarding it to the list , so all will be able to know what he needs and may be able to help more. Assaf -- Forwarded Message -- Subject: Re: [Nagios-users] Configuration files obfuscation Date: Tuesday 16 June 2009 From: edward baddouh ebadd...@gmail.com To: Assaf Flatto assaf.fla...@ssp-intl.com Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. That's my need for obfuscation. My idea is to keep an original readable-configuration in a safe place and set the obfuscated config-file in production. 2009/6/16 Assaf Flatto assaf.fla...@ssp-intl.com On Tuesday 16 June 2009 15:53:11 edward baddouh wrote: Hi, is ther a way to obfuscate configuration files? edward You want the files to be more confusing then they are now ??? the easiest way is not to give self explanatory names to the files / directories . btw - i have a question about this ... Why ?? Are you trying to make the work on the configuration worse for yourself ? -- Assaf Flatto IMPORTANT . this email and the information in it may be confidential, legally privileged and/or protected by law. It is intended solely for the use of the person to whom it is addressed. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Please also delete all copies of this email and any attachments from your system. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email including but not limited to computer service or system failure, access delays or interruption, data non-delivery or mis-delivery, computer viruses or other harmful components. Copyright in this email and any attachments belong to Select Service Partner UK Limited. Should you communicate with anyone at Select Service Partner UK Limited by email, you consent to us monitoring and reading any such correspondence. Nothing in this email shall be taken or read as suggesting, proposing or relating to any agreement concerted practice or other practice that could infringe UK or EC competition legislation. Select Service Partner UK Limited is a company registered in England and Wales (company number 05687183) whose registered office is at 1 The Heights, Brooklands, Weybridge. Surrey. KT13 0NY -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null --- -- Assaf Flatto SSP Ops Team Linux System Administrator 169 Euston Road, London, NW1 2AE Along with a few colleagues I am doing The Three Peaks Challenge again this year to raise money for The Railway Children. Please sponsor me by making a donation online, simply click on the link below and give via your switch/credit card. Thank you. http://www.justgiving.com/londonnorththreepeaks IMPORTANT . this email and the information in it may be confidential, legally privileged and/or protected by law. It is intended solely for the use of the person to whom it is addressed. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Please also delete all copies of this email and any attachments from your system. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email including but not limited to computer service or system failure, access delays or interruption, data non-delivery or mis-delivery, computer viruses or other harmful components. Copyright in this email and any attachments belong to Select Service Partner UK Limited. Should you communicate with anyone at
Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
Obfuscating the config files is going to be difficult, because almost everything in them is either a Nagios keyword, or something that shows up verbatim in the user interface, or an IP address. The only thing you could reasonably obfuscate is the names of the various commands. But you may be able to use either encryption or permissions to accomplish the same goal even more securely. Using permissions: If you have problems trusting administrators, you shouldn't give them root access. Instead, give each administrator a personal non-root account, and use sudo to give them only access to what you want them to manage. With that approach, you can then give only the authorized administrator sudo access to the nagios config files. It also lets you track, in the log files, who executed which command. Another option is to put the configuration files onto a different machine that the untrusted admins do not have access to. Export that directory using NFS and make it only accessible to user nagios. NFS prevents root from accessing the directory. Using Encryption: Here are a few methods I could think of. They all take advantage of the fact that Nagios doesn't read the config files once it is running (at least, I believe that's the case). - Use some form of encrypted file system that only user nagios can read. - Put the configuration files into an ISO or a cramfs file system. Encrypt the file using gpg. Decrypt and mount that file system only right before Nagios starts up, and umount it and delete the decrypted version right away (you may even be able to mount the encrypted version somehow and decrypt on the fly - I'm not an expert on that). Modify the nagios.cfg to point to the mount point, as appropriate. - Put the configuration files into an ISO, burn an actual CD, and put the CD into the machine only right before starting up Nagios. That way, the config files physically aren't there at all. Something that is not on the machine can't be stolen. - I'm not sure if Nagios is able to read config files from a script instead of a file - if it is, you could encrypt the config files using gpg, and have Nagios decrypt it on the fly. Or you could modify the Nagios startup script to decrypt the config files right before starting Nagios, and delete the decrypted config files after Nagios has started successfully. Assaf Flatto wrote: As the user sent this mail to me - i am forwarding it to the list , so all will be able to know what he needs and may be able to help more. Assaf -- Forwarded Message -- Subject: Re: [Nagios-users] Configuration files obfuscation Date: Tuesday 16 June 2009 From: edward baddouh ebadd...@gmail.com To: Assaf Flatto assaf.fla...@ssp-intl.com Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. That's my need for obfuscation. My idea is to keep an original readable-configuration in a safe place and set the obfuscated config-file in production. 2009/6/16 Assaf Flatto assaf.fla...@ssp-intl.com On Tuesday 16 June 2009 15:53:11 edward baddouh wrote: Hi, is ther a way to obfuscate configuration files? edward You want the files to be more confusing then they are now ??? the easiest way is not to give self explanatory names to the files / directories . btw - i have a question about this ... Why ?? Are you trying to make the work on the configuration worse for yourself ? -- Assaf Flatto -- Kevin Keane Owner The NetTech Find the Uncommon: Expert Solutions for a Network You Never Have to Think About Office: 866-642-7116 http://www.4nettech.com This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin
Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
edward baddouh wrote: Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. This is just stupid imo and would be far better solved with some social conventions. The problem is that there's a limited way of configuring Nagios for a particular setup, so it's always entirely possible that whoever you *think* is stealing configuration from you has actually read the nagios docs for 15-30 minutes and then figured out how to do it themselves. It's not exactly rocket science, and a nagios config isn't a super-fast cryptographically secure hash algorithm that you (sometimes) need to jealously protect. The fact that you're trying makes me feel dirty all over, to be honest. Why you want an opensource community help you *not* share your work, I really do not fathom, but you'll get absolutely no help from me. -- Andreas Ericsson andreas.erics...@op5.se OP5 AB www.op5.se Tel: +46 8-230225 Fax: +46 8-230231 Considering the successes of the wars on alcohol, poverty, drugs and terror, I think we should give some serious thought to declaring war on peace. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
On Wed, Jun 17, 2009 at 11:09:10AM +0200, Andreas Ericsson wrote: edward baddouh wrote: Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. This is just stupid imo and would be far better solved with some social conventions. The problem is that there's a limited way of configuring Nagios for a particular setup, so it's always entirely possible that whoever you *think* is stealing configuration from you has actually read the nagios docs for 15-30 minutes and then figured out how to do it themselves. It's not exactly rocket science, and a nagios config isn't a super-fast cryptographically secure hash algorithm that you (sometimes) need to jealously protect. The fact that you're trying makes me feel dirty all over, to be honest. Why you want an opensource community help you *not* share your work, I really do not fathom, but you'll get absolutely no help from me. +1 And who knows ... one of the people who takes your config might improve it and tell you how! -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php Past chairman of UKUUG: http://www.ukuug.org/ #include std_disclaimer.h -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
Hi, I have installed the nagios on fedora 10 OS. how can i get alerts from nagios? where to configure the nagios alerts on contacts group for my mail ID(pr.sekharre...@gmail.com). Please let me know your suggestions. thanks in advance. Thanks Sekhar Reddy P R On Wed, Jun 17, 2009 at 2:48 PM, Alain Williams a...@phcomp.co.uk wrote: On Wed, Jun 17, 2009 at 11:09:10AM +0200, Andreas Ericsson wrote: edward baddouh wrote: Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. This is just stupid imo and would be far better solved with some social conventions. The problem is that there's a limited way of configuring Nagios for a particular setup, so it's always entirely possible that whoever you *think* is stealing configuration from you has actually read the nagios docs for 15-30 minutes and then figured out how to do it themselves. It's not exactly rocket science, and a nagios config isn't a super-fast cryptographically secure hash algorithm that you (sometimes) need to jealously protect. The fact that you're trying makes me feel dirty all over, to be honest. Why you want an opensource community help you *not* share your work, I really do not fathom, but you'll get absolutely no help from me. +1 And who knows ... one of the people who takes your config might improve it and tell you how! -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php Past chairman of UKUUG: http://www.ukuug.org/ #include http://www.ukuug.org/%0A#include std_disclaimer.h -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- P.R.Sekhar Reddy +91-9916727650 -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
I want to add new windows server on nagios. how can i configure that let me know. on hosts.cfg file Thanks Sekhar Reddy P R On Wed, Jun 17, 2009 at 3:26 PM, Julian Hein jh...@netways.de wrote: Am 17.06.09 11:09 schrieb Andreas Ericsson unter a...@op5.se: edward baddouh wrote: Yes, I want the configuration files to be worse (readable). The idea is to difficult as-much-as-possible config-files theft from ohter people who admin that server.. There have been times that configuration files were implemented on different installations (different sites) with minor changes without the admin's consent.. I don't want nobody to get credits for work I've done and receive no profit at all.. This is just stupid imo and would be far better solved with some social conventions. The problem is that there's a limited way of configuring Nagios for a particular setup, so it's always entirely possible that whoever you *think* is stealing configuration from you has actually read the nagios docs for 15-30 minutes and then figured out how to do it themselves. It's not exactly rocket science, and a nagios config isn't a super-fast cryptographically secure hash algorithm that you (sometimes) need to jealously protect. The fact that you're trying makes me feel dirty all over, to be honest. Why you want an opensource community help you *not* share your work, I really do not fathom, but you'll get absolutely no help from me. And it would not work, because the config always gets de-obfuscated in the objects cache and is visible in the Webinterface with view config Makes no sense to me as well. Julian -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null -- P.R.Sekhar Reddy +91-9916727650 -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Fwd: Re: Configuration files obfuscation
On Jun 17, 2009, at 5:04 AM, Pallavolu Reddi Sekhar Reddy wrote: Hi, I have installed the nagios on fedora 10 OS. how can i get alerts from nagios? where to configure the nagios alerts on contacts group for my mail ID(pr.sekharre...@gmail.com). How is this related to configuration obfuscation? -- Marc -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null