[icinga-users] illegal_object_name_chars option

Tomas Macek macek at fortech.cz
Wed Mar 7 12:09:08 CET 2012


On Wed, 7 Mar 2012, Michael Friedrich wrote:

> Tomas Macek wrote:
>> I know, that I can use "illegal_object_name_chars" option in icinga.cfg
>> and I have there: "`~!$%^&*|'"<>?,()=". It's the default value.
>> But the question for me is why shouldn't I just to leave this option
>> blank? Why should I restrict the short name of the host name or service
>> name?
>
> imagine what such characters could cause in an interpreter / a shell
> being called by the given macros you are using in your commands.
>
> http://docs.icinga.org/latest/en/configmain.html#configmain-illegal_object_name_chars
>
> the illegal macro chars only affect the macros which are dynamically
> generated by external input (such as a check or a comment (author)) and
> not being read from the configs.
>
>
>> The documentation says "When used properly, the $HOSTNAME$ macro will
>> contain this short name.". What means the "properly"?
>
> given the examples above, you will learn that removing the ' from the
> illegal object name chars will let define the following.
>
> define host {
>     name foo'bar
>     ...
>     check_command check_foo
> }
>
> define command {
>     name check_foo
>     command_line /bin/echo '$HOSTNAME$'
> }
>
> will result in the command - see raw command line
> https://wiki.icinga.org/display/testing/Icinga+Plugin+Testing
>
> $ /bin/echo 'foo'bar'
>
> run that and see yourself.
>
> so given the example, you will most likely understand that such basic
> object attributes being reused as macros on commands (checks,
> notifications, eventhandlers) can cause *dangerous* things and it is NOT
> advised to blank this option.
>
> kind regards,
> michael
>

Thank you for explanation! It seems now like a stupid question... :-/

Regards, Tomas





More information about the icinga-users mailing list