R: How limit external commands to no-admin users?

Marco Borsani m.borsani at it.net
Tue Mar 22 09:13:00 CET 2005


Well,

I try to follow this way but, if I do this I will be unable to see at all
the menu of nagios (Host detail, Service detail, Status grid, Service
Problems....and so on).
It is useless.

Marco

-}-----Messaggio originale-----
-}Da: nagios-users-admin at lists.sourceforge.net
-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di Ben Polson
-}Inviato: lunedi 21 marzo 2005 17.51
-}A: Marco Borsani; nagios-users
-}Oggetto: RE: [Nagios-users] How limit external commands to no-admin
-}users?
-}
-}
-}I think I see the issue.  The apache is only protecting the webserver from
-}displaying content in the /usr/local/nagios/var/rw folder.  This
-}configuration has nothing to do with the execution of cgi's which call to
-}that folder outside of the apache server's controls.  To protect the
-}execution of cgi's, you need to protect the cgi folder:
-}
-}    <Directory /usr/local/nagios/sbin>
-}        AllowOverride None
-}        Options None
-}        Order Allow,Deny
-}        Allow from 10.212.0.0/255.255.255.0
-}    </Directory>
-}
-}Adjust the folder path above to reflect your cgi-bin directory.
-}
-}-Ben.
-}
-}
-}-----Original Message-----
-}From: Marco Borsani [mailto:m.borsani at it.net]
-}Sent: Monday, March 21, 2005 12:33 AM
-}To: Ben Polson; nagios-users
-}Subject: R: [Nagios-users] How limit external commands to no-admin
-}users?
-}
-}
-}Nothing change...
-}I still can perform external commands
-}
-}Marco
-}
-}-}-----Messaggio originale-----
-}-}Da: nagios-users-admin at lists.sourceforge.net
-}-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di Ben Polson
-}-}Inviato: venerdi 18 marzo 2005 18.08
-}-}A: nagios-users
-}-}Oggetto: RE: [Nagios-users] How limit external commands to no-admin
-}-}users?
-}-}
-}-}
-}-}Try:
-}-}
-}-}    <Directory /usr/local/nagios/var/rw>
-}-}        AllowOverride None
-}-}        Options None
-}-}        Order Allow,Deny
-}-}        Allow from 10.212.0.0/255.255.255.0
-}-}    </Directory>
-}-}
-}-}-Ben.
-}-}
-}-}
-}-}-----Original Message-----
-}-}From: nagios-users-admin at lists.sourceforge.net
-}-}[mailto:nagios-users-admin at lists.sourceforge.net]On Behalf Of Marco
-}-}Borsani
-}-}Sent: Friday, March 18, 2005 8:37 AM
-}-}To: nagios-users
-}-}Subject: R: [Nagios-users] How limit external commands to no-admin
-}-}users?
-}-}
-}-}
-}-}I try to limit all users connected from a specific network, with the
-}-}followinf lines inside the httpd.conf, but nothing happen!
-}-}
-}-}    <Directory /usr/local/nagios/var/rw>
-}-}        AllowOverride None
-}-}        Options None
-}-}        Order Deny,Allow
-}-}        Deny from all
-}-}        Allow from 10.212.0.0/255.255.255.0
-}-}    </Directory>
-}-}
-}-}Why these lines have not impact on my environment?
-}-}
-}-}Marco
-}-}
-}-}-}-----Messaggio originale-----
-}-}-}Da: nagios-users-admin at lists.sourceforge.net
-}-}-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di Marco
-}-}-}Borsani
-}-}-}Inviato: giovedi 17 marzo 2005 11.33
-}-}-}A: nagios-users
-}-}-}Oggetto: [Nagios-users] How limit external commands to no-admin users?
-}-}-}
-}-}-}
-}-}-}
-}-}-}Hi all
-}-}-}
-}-}-}My environment is quite complex, specially regarding security
-}policies.
-}-}-}
-}-}-}I would use external commands via CGI interface, but I can not
-}-}-}permit to ALL
-}-}-}nagios users.
-}-}-}
-}-}-}My httpd have been started from www (unix user); putting this
-}-}user in the
-}-}-}nagios group I permit to write the nagios.cmd file to everyone !
-}-}-}
-}-}-}I need to limit this "write access" only to a unix/apache user only.
-}-}-}
-}-}-}Is it possible? How?
-}-}-}
-}-}-}I try to modify httpd.conf file, but .... I do not know how !
-}-}-}
-}-}-}Thanks
-}-}-}Marco
-}-}-}
-}-}-}
-}-}-}
-}-}-}-------------------------------------------------------
-}-}-}SF email is sponsored by - The IT Product Guide
-}-}-}Read honest & candid reviews on hundreds of IT Products from
-}real users.
-}-}-}Discover which products truly live up to the hype. Start reading now.
-}-}-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}-}-}_______________________________________________
-}-}-}Nagios-users mailing list
-}-}-}Nagios-users at lists.sourceforge.net
-}-}-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}-}-}::: Please include Nagios version, plugin version (-v) and OS
-}-}-}when reporting any issue.
-}-}-}::: Messages without supporting info will risk being sent to /dev/null
-}-}
-}-}
-}-}
-}-}-------------------------------------------------------
-}-}SF email is sponsored by - The IT Product Guide
-}-}Read honest & candid reviews on hundreds of IT Products from real users.
-}-}Discover which products truly live up to the hype. Start reading now.
-}-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}-}_______________________________________________
-}-}Nagios-users mailing list
-}-}Nagios-users at lists.sourceforge.net
-}-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}-}::: Please include Nagios version, plugin version (-v) and OS
-}-}when reporting
-}-}any issue.
-}-}::: Messages without supporting info will risk being sent to /dev/null
-}-}
-}-}
-}-}
-}-}
-}-}
-}-}-------------------------------------------------------
-}-}SF email is sponsored by - The IT Product Guide
-}-}Read honest & candid reviews on hundreds of IT Products from real users.
-}-}Discover which products truly live up to the hype. Start reading now.
-}-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}-}_______________________________________________
-}-}Nagios-users mailing list
-}-}Nagios-users at lists.sourceforge.net
-}-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}-}::: Please include Nagios version, plugin version (-v) and OS
-}-}when reporting any issue.
-}-}::: Messages without supporting info will risk being sent to /dev/null
-}
-}
-}
-}
-}
-}
-}-------------------------------------------------------
-}SF email is sponsored by - The IT Product Guide
-}Read honest & candid reviews on hundreds of IT Products from real users.
-}Discover which products truly live up to the hype. Start reading now.
-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}_______________________________________________
-}Nagios-users mailing list
-}Nagios-users at lists.sourceforge.net
-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}::: Please include Nagios version, plugin version (-v) and OS
-}when reporting any issue.
-}::: Messages without supporting info will risk being sent to /dev/null



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list