Nagios
Nagios Enterprisesmonitoring3 credentials
CGI Web User Password
nagios / cgi-basic-auth-user
Nagios Core CGIs rely on web server authentication. Nagios documents authenticated users as users who authenticate to the web server with a username and password and then receive Nagios CGI authorization according to contacts and configuration.
Looks like
pattern^[^:\r\n]+:\$apr1\$[^:\r\n]+$^[^:\r\n]+:\$2[aby]\$[^:\r\n]+$Location
htpasswd.users, nagios.conf, cgi.cfgweb server Basic-auth password file and Nagios CGI authorization config
/nagios, /nagios/cgi-binNagios web interface and CGI endpoints
web server password stores and configuration management vaults
deployment scripts, Ansible roles, Docker Compose files, and committed Nagios configs
web server access/error logs and authentication troubleshooting output
Notes
nagiosadmin is a commonly created administrator username in quickstart guides, but its password is user-defined and not a universal default.
resource.cfg $USERn$ Macro Secret
nagios / resource-file-secret
Nagios Core resource files can contain $USERn$ macro definitions. Nagios documents these macros as useful for storing usernames, passwords, and common command-definition items, and notes that CGIs do not read resource files so restrictive permissions can protect them.
Looks like
pattern^\$USER\d+\$\s*=\s*[^\r\n]+Location
resource.cfgNagios resource file containing $USERn$ macro definitions
configuration management vaults and deployment secrets that render resource.cfg
committed monitoring configs, plugin command definitions, and infrastructure repositories
plugin debug output and command-line traces if macros are expanded into commands
Notes
Resource macros often contain credentials for monitored systems or notification services rather than Nagios login credentials.
Plugin Command Credential
nagios / plugin-command-credential
Nagios checks and notification commands frequently embed credentials for monitored services, agents, or APIs. Nagios command definitions can expand resource macros or arguments into plugin command lines.
Location
commands.cfg, services.cfg, resource.cfg, NRPE configs, and custom plugin config
monitoring repositories, custom plugins, shell scripts, and committed command definitions
vault entries and configuration management secrets used to render Nagios configs
debug logs, process listings, and plugin output containing command arguments
Notes
These credentials can be database passwords, SNMP communities, API tokens, or service-account passwords used by monitoring plugins.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.