Port net-mgmt/icinga2 provides gathering of status and monitoring informations via IDO in an appropriate DB backend, prefereably PostgreSQL or MySQL. For accessing the proper database, the module-configuration file has to be edited manually to match the correct login/database credetilas. This means one has to put the login and password for the DB access in /usr/local/etc/icinga2/feature-avalable/ido-pgsql.conf (or ido-mysql.conf, if MySQL backend is preferred). The access mode for all files is set to octal 644, so world has read access to the content. This is considered a security issue. I was able to prevent the file from being read by strangers by setting all access bits to 640 octal and change the group to "icinga" - which is the standard icinga user created when installing the port net-mgmt/icinga2 and under which ID the icinga2 daemon is running.
Maintainers CC'd
A commit references this bug: Author: lme Date: Mon Oct 27 20:07:02 UTC 2014 New revision: 371606 URL: https://svnweb.freebsd.org/changeset/ports/371606 Log: - Chown icinga:icinga and chmod 640 on etc/icinga2/feature-avalable/ido-{pgsql,mysql}.conf so normal users can't spy on the database passwords - Bump PORTREVISION PR: 194636 Submitted by: Oliver Hartmann <ohartman@zedat.fu-berlin.de> Changes: head/net-mgmt/icinga2/Makefile head/net-mgmt/icinga2/pkg-plist
Thanks for catching this! Fix committed.