Avatar of sunhux
sunhux
 asked on

Unix nagios account : audit requires it to have password expiry : how to work around it?

We got an audit finding that our Solaris (& possibly Linux as well but I haven't
verify) OS account used for Nagios monitoring do not have password expiry.

Q1:
However, when a Solaris account got expired, it'll cause service disruption
(just like root's cron jobs): is there any way around this?

Q2:
Can we set the SHELL for the nagios account to   /bin/false or no shell so
that it's deemed as non-interactive account & don't require password
expiry?   Will Nagios still work with no shell or a false shell??

Q3:
if we change the password of this nagios account periodically, do we
need to change it in nagios (script or settings) somewhere?
Linux* NagiosOS SecurityUnix OS

Avatar of undefined
Last Comment
sunhux

8/22/2022 - Mon
SOLUTION
arnold

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
David Favor

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
sunhux

ASKER
or if it breaks Nagios when password gets changed (well, I don't even have one
such script that could change the password to a random one every 90 days, so
doing it manually is not feasible), does anyone do the following to fulfill audit:

2 persons from different departments key in their respective complex password
(so making up a combined password of at least 16 characters in length), write the
password separately on papers that are sealed in envelop.

Then once every 2 years, this password is renewed/reset & resealed in envelop.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes