[Pkg-nagios-devel] Bug#956214: icinga2-ido-mysql: Password stored in plain text

Nigel Horne njh at bandsman.co.uk
Wed Apr 8 14:38:56 BST 2020 

Package: icinga2-ido-mysql
Version: 2.11.3-2
Severity: normal

Dear Maintainer,

Installing icinga2 I looked at the file
/usr/share/icinga2-ido-mysql/schema/mysql.sql
and found, to my horror, that the icinga2 database password is stored in
that file in plain text. I see it's mode 0600 but that still shouldn't be
done in this day and age.


-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 4.3.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages icinga2-ido-mysql depends on:
ii  dbconfig-common        2.0.13
ii  debconf [debconf-2.0]  1.5.73
ii  icinga2-bin            2.11.3-2
ii  icinga2-common         2.11.3-2
ii  libmariadb3            1:10.3.22-1
ii  libstdc++6             10-20200402-1
ii  ucf                    3.0038+nmu1

Versions of packages icinga2-ido-mysql recommends:
ii  mysql-client-5.7 [virtual-mysql-client]  5.7.26-1

Versions of packages icinga2-ido-mysql suggests:
ii  mysql-server-5.7 [virtual-mysql-server]  5.7.26-1

-- debconf information:
  icinga2-ido-mysql/internal/skip-preseed: false
  icinga2-ido-mysql/database-type: mysql
  icinga2-ido-mysql/remote/host: localhost
  icinga2-ido-mysql/db/app-user: icinga2 at localhost
  icinga2-ido-mysql/upgrade-error: abort
  icinga2-ido-mysql/dbconfig-reinstall: false
* icinga2-ido-mysql/dbconfig-install: true
  icinga2-ido-mysql/dbconfig-upgrade: true
  icinga2-ido-mysql/internal/reconfiguring: false
* icinga2-ido-mysql/mysql/admin-user: debian-sys-maint
  icinga2-ido-mysql/remove-error: abort
  icinga2-ido-mysql/mysql/authplugin: default
  icinga2-ido-mysql/install-error: abort
* icinga2-ido-mysql/enable: false
  icinga2-ido-mysql/dbconfig-remove: true
  icinga2-ido-mysql/purge: false
  icinga2-ido-mysql/remote/port:
  icinga2-ido-mysql/mysql/method: Unix socket
  icinga2-ido-mysql/upgrade-backup: true
  icinga2-ido-mysql/remote/newhost:
  icinga2-ido-mysql/db/dbname: icinga2
* icinga2-ido-mysql/passwords-do-not-match:
  icinga2-ido-mysql/missing-db-package-error: abort

More information about the Pkg-nagios-devel mailing list