- Operating System and version
RH8
Problem:
Icinga-director allows to hide information for security-sensitive data. At the moment there seems to be a bug there. When for instance, a service-template is created the password-field is displayed as ***** like this
whereas when viewing the same field in icingaweb (Overview,Dashboard) the field is displayed like this:
Can someone else confirm this?
At least it should be the other way round otherwise this is pointless. Every User having view access to the monitoring can see all passwords. Can somone look into this?
Hey,
we have our Passwords in /etc/icinga2/constant.conf.
const GlobalVars = {
Password = βXYZβ
}
Then You can use the Variable $Password$ in Your director argument config.
icingadb/denylist/variables will block users from accessing certain custom variables. A user affected by this wonβt see that those variables even exist. This should be a comma separated list of variable paths. It is possible to use match patterns.
icingadb/protect/variables will replace certain custom variable values with *** . A user affected by this will still be able to see the variable names though. This should be a comma separated list of variable paths. It is possible to use match patterns.
https://icinga.com/docs/icinga-db-web/latest/doc/04-Security/
1 Like
As far as i know it used to be only the icinga-director setting when defining fields (hide) which changed with icingadb*. However, thank you both for your input! WORKS perfectly!