I am running 2.2.4 When a command times out the event includes, apparently, the complete command string used to run the check. In the case of WMI polls, this means the command string includes both the WMI privileged domain user account and its password. So the resulting email alert includes the user account and password in clear text as in the following example:
Subject: [zenoss] dcas0004.corp.ets-lindgren.com Command timed out on device dcas0004.corp.ets-lindgren.com: $ZENHOME/Products/WindowsWMIDeviceTemplateV2/libexec/check_wmic_disk Device: dcas0004.corp.ets-lindgren.com Component: Severity: Warning Time: 2008/10/13 20:26:58.000 Message: Command timed out on device dcas0004.corp.ets-lindgren.com: $ZENHOME/Products/WindowsWMIDeviceTemplateV2/libexec/check_wmic_disk.pl "10.254.0.70" "domain\userid" "password" Clearly this poses a potential security risk. Is there a way to screen or mask this information out of either the email alert or the event log itself? I've rummaged around but haven't found a way to get to it, but then I could just be looking in all the wrong places. Thanks -------------------- m2f -------------------- Read this topic online here: http://forums.zenoss.com/viewtopic.php?p=26287#26287 -------------------- m2f -------------------- _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
