Windows Plugins: DLL, EXE & PY Side loading

[markuslf]

Describe the bug For example, when starting users.exe, Windows tries to load the following non-existent DLL's:

• C:\ProgramData\icinga2\usr\lib64\nagios\plugins\VERSION.dll
• C:\ProgramData\icinga2\usr\lib64\nagios\plugins\CRYPTSP.dll
• C:\ProgramData\icinga2\usr\lib64\nagios\plugins\bcrypt.dll
• C:\ProgramData\icinga2\usr\lib64\nagios\plugins\CRYPTBASE.dll
• C:\ProgramData\icinga2\usr\lib64\nagios\plugins\users.py
• C:\ProgramData\icinga2\usr\lib64\nagios\plugins\users.py

A local attacker may be able to abuse this for privilege escalation (gaining admin rights) or persistence (installing a backdoor): https://attack.mitre.org/techniques/T1574/002/

[markuslf]

Have a look at https://github.com/Linuxfabrik/monitoring-plugins/blob/main/.github/workflows/nuitka-compile.yml on how we compile the plugins for Windows using Nuitka. We cannot further fine-tune the compile or loading behavior. Therefore closing this issue.