Is it possible to store MONUSER's password in encrypted form instead of default plaintext?
Issue
In oracle resource agent the MONUSER is used to perform "low privilege query" during monitoring operation. MONUSER creates a minimal-privileged database account that can access the DB frequently for monitoring operations without triggering a log message to /var/log/audit/audit.log as accesses by the sysdba account would do.
The MONUSER credentials, specifically the password, are stored in clear text by the cluster, which might be considered violation of security protocols. Even though it is designed to be a minimally privileged account, some organizations have policies prohibiting plain text passwords outright.
Environment
- Red Hat Enterprise Linux 7
- resource-agents-3.9.5-105.el7.x86_64 or older
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.