R: How limit external commands to no-admin users?

Marco Borsani m.borsani at it.net
Mon Mar 21 11:55:00 CET 2005


No, nagios does not work in that way.

That "option is s a comma-delimited list of all usernames that
have access to viewing the Nagios process information", also the options
"authorized_for_all_service_commands=...." and
"authorized_for_all_host_commands=..." are not strong enought for me.

I need that only one user can schedul downtime, add comments, disable
checks...and so on. Right now the users can do it on theirs hosts/services.
This could be very dangerous because permit to "ingenuous" users to make
modifications which can stop the monitoring/notification.

Marco



-}-----Messaggio originale-----
-}Da: nagios-users-admin at lists.sourceforge.net
-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di Balestra,
-}Roberto
-}Inviato: lunedì 21 marzo 2005 11.08
-}A: nagios-users
-}Oggetto: RE: [Nagios-users] How limit external commands to no-admin
-}users?
-}
-}
-}Hi,
-}you can limit who write in nagios.cmd using variable in cgi.cfg
-}     authorized_for_system_information=user_can_write_nagios.cmd
-}where "user_can_write_nagios.cmd" is the user you want.
-}Bye
-}	Roberto
-}
-}> -----Original Message-----
-}> From: nagios-users-admin at lists.sourceforge.net
-}> [mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Marco
-}> Borsani
-}> Sent: lunedì 21 marzo 2005 9.33
-}> To: Ben Polson; nagios-users
-}> Subject: R: [Nagios-users] How limit external commands to no-admin
-}> users?
-}>
-}>
-}> Nothing change...
-}> I still can perform external commands
-}>
-}> Marco
-}>
-}> -}-----Messaggio originale-----
-}> -}Da: nagios-users-admin at lists.sourceforge.net
-}> -}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto
-}> di Ben Polson
-}> -}Inviato: venerdi 18 marzo 2005 18.08
-}> -}A: nagios-users
-}> -}Oggetto: RE: [Nagios-users] How limit external commands to no-admin
-}> -}users?
-}> -}
-}> -}
-}> -}Try:
-}> -}
-}> -}    <Directory /usr/local/nagios/var/rw>
-}> -}        AllowOverride None
-}> -}        Options None
-}> -}        Order Allow,Deny
-}> -}        Allow from 10.212.0.0/255.255.255.0
-}> -}    </Directory>
-}> -}
-}> -}-Ben.
-}> -}
-}> -}
-}> -}-----Original Message-----
-}> -}From: nagios-users-admin at lists.sourceforge.net
-}> -}[mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Marco
-}> -}Borsani
-}> -}Sent: Friday, March 18, 2005 8:37 AM
-}> -}To: nagios-users
-}> -}Subject: R: [Nagios-users] How limit external commands to no-admin
-}> -}users?
-}> -}
-}> -}
-}> -}I try to limit all users connected from a specific network, with the
-}> -}followinf lines inside the httpd.conf, but nothing happen!
-}> -}
-}> -}    <Directory /usr/local/nagios/var/rw>
-}> -}        AllowOverride None
-}> -}        Options None
-}> -}        Order Deny,Allow
-}> -}        Deny from all
-}> -}        Allow from 10.212.0.0/255.255.255.0
-}> -}    </Directory>
-}> -}
-}> -}Why these lines have not impact on my environment?
-}> -}
-}> -}Marco
-}> -}
-}> -}-}-----Messaggio originale-----
-}> -}-}Da: nagios-users-admin at lists.sourceforge.net
-}> -}-}[mailto:nagios-users-admin at lists.sourceforge.net]Per
-}> conto di Marco
-}> -}-}Borsani
-}> -}-}Inviato: giovedi 17 marzo 2005 11.33
-}> -}-}A: nagios-users
-}> -}-}Oggetto: [Nagios-users] How limit external commands to
-}> no-admin users?
-}> -}-}
-}> -}-}
-}> -}-}
-}> -}-}Hi all
-}> -}-}
-}> -}-}My environment is quite complex, specially regarding
-}> security policies.
-}> -}-}
-}> -}-}I would use external commands via CGI interface, but I can not
-}> -}-}permit to ALL
-}> -}-}nagios users.
-}> -}-}
-}> -}-}My httpd have been started from www (unix user); putting this
-}> -}user in the
-}> -}-}nagios group I permit to write the nagios.cmd file to everyone !
-}> -}-}
-}> -}-}I need to limit this "write access" only to a unix/apache
-}> user only.
-}> -}-}
-}> -}-}Is it possible? How?
-}> -}-}
-}> -}-}I try to modify httpd.conf file, but .... I do not know how !
-}> -}-}
-}> -}-}Thanks
-}> -}-}Marco
-}> -}-}
-}> -}-}
-}> -}-}
-}> -}-}-------------------------------------------------------
-}> -}-}SF email is sponsored by - The IT Product Guide
-}> -}-}Read honest & candid reviews on hundreds of IT Products
-}> from real users.
-}> -}-}Discover which products truly live up to the hype. Start
-}> reading now.
-}> -}-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}> -}-}_______________________________________________
-}> -}-}Nagios-users mailing list
-}> -}-}Nagios-users at lists.sourceforge.net
-}> -}-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}> -}-}::: Please include Nagios version, plugin version (-v) and OS
-}> -}-}when reporting any issue.
-}> -}-}::: Messages without supporting info will risk being sent
-}> to /dev/null
-}> -}
-}> -}
-}> -}
-}> -}-------------------------------------------------------
-}> -}SF email is sponsored by - The IT Product Guide
-}> -}Read honest & candid reviews on hundreds of IT Products
-}> from real users.
-}> -}Discover which products truly live up to the hype. Start
-}> reading now.
-}> -}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}> -}_______________________________________________
-}> -}Nagios-users mailing list
-}> -}Nagios-users at lists.sourceforge.net
-}> -}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}> -}::: Please include Nagios version, plugin version (-v) and OS
-}> -}when reporting
-}> -}any issue.
-}> -}::: Messages without supporting info will risk being sent
-}> to /dev/null
-}> -}
-}> -}
-}> -}
-}> -}
-}> -}
-}> -}-------------------------------------------------------
-}> -}SF email is sponsored by - The IT Product Guide
-}> -}Read honest & candid reviews on hundreds of IT Products
-}> from real users.
-}> -}Discover which products truly live up to the hype. Start
-}> reading now.
-}> -}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}> -}_______________________________________________
-}> -}Nagios-users mailing list
-}> -}Nagios-users at lists.sourceforge.net
-}> -}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}> -}::: Please include Nagios version, plugin version (-v) and OS
-}> -}when reporting any issue.
-}> -}::: Messages without supporting info will risk being sent
-}> to /dev/null
-}>
-}>
-}>
-}> -------------------------------------------------------
-}> SF email is sponsored by - The IT Product Guide
-}> Read honest & candid reviews on hundreds of IT Products from
-}> real users.
-}> Discover which products truly live up to the hype. Start reading now.
-}> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}> _______________________________________________
-}> Nagios-users mailing list
-}> Nagios-users at lists.sourceforge.net
-}> https://lists.sourceforge.net/lists/listinfo/nagios-users
-}> ::: Please include Nagios version, plugin version (-v) and OS
-}> when reporting any issue.
-}> ::: Messages without supporting info will risk being sent to /dev/null
-}>
-}
-}
-}-------------------------------------------------------
-}SF email is sponsored by - The IT Product Guide
-}Read honest & candid reviews on hundreds of IT Products from real users.
-}Discover which products truly live up to the hype. Start reading now.
-}http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
-}_______________________________________________
-}Nagios-users mailing list
-}Nagios-users at lists.sourceforge.net
-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}::: Please include Nagios version, plugin version (-v) and OS
-}when reporting any issue.
-}::: Messages without supporting info will risk being sent to /dev/null



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list