[icinga-users] illegal_object_name_chars option

Michael Friedrich michael.friedrich at univie.ac.at
Wed Mar 7 10:39:03 CET 2012

Tomas Macek wrote:
> I know, that I can use "illegal_object_name_chars" option in icinga.cfg
> and I have there: "`~!$%^&*|'"<>?,()=". It's the default value.
> But the question for me is why shouldn't I just to leave this option
> blank? Why should I restrict the short name of the host name or service
> name?

imagine what such characters could cause in an interpreter / a shell 
being called by the given macros you are using in your commands.


the illegal macro chars only affect the macros which are dynamically 
generated by external input (such as a check or a comment (author)) and 
not being read from the configs.

> The documentation says "When used properly, the $HOSTNAME$ macro will
> contain this short name.". What means the "properly"?

given the examples above, you will learn that removing the ' from the 
illegal object name chars will let define the following.

define host {
     name foo'bar
     check_command check_foo

define command {
     name check_foo
     command_line /bin/echo '$HOSTNAME$'

will result in the command - see raw command line 

$ /bin/echo 'foo'bar'

run that and see yourself.

so given the example, you will most likely understand that such basic 
object attributes being reused as macros on commands (checks, 
notifications, eventhandlers) can cause *dangerous* things and it is NOT 
advised to blank this option.

kind regards,

DI (FH) Michael Friedrich

Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria

email:  michael.friedrich at univie.ac.at
phone:  +43 1 4277 14359
mobile: +43 664 60277 14359
fax:    +43 1 4277 14338
web:    http://www.univie.ac.at/zid

Lead Icinga Core Developer

More information about the icinga-users mailing list