I Do see an urgent need to have a proper MS-SQL Plugin with better Authentication Method. Currently check-mssql-health has a very poor encoding mechanism of password and is easily visible over the network. Internal Security Team hacked the password in no time. Yes we are using TDS = 8.0 and it use a weak encoding mechanism. Also since the checks need “VIEW SERVER STATE” and it can therefore view the DMV states/execute DMV queries on objects such as as“.s.y.s…d.m..o.s..p.e.r.f.o.r.m.a.n.c.e._.c.o.u.n.t.e.r.s.”, this can potentially reveal confidential data/passwords depending on what processes are running in the master database at that point over the network.
Q1: Is there a way we can convert this plugin to a .exe to be able to executed on the same SQL server with icinga agent
Q2: If not possible in Q1. has anybody tried to convert this to a TLS mechanism instead of TDS