n00b trying to set up on freebsd

[Marc Powell]

On Jan 25, 2010, at 1:51 PM, Kurt Buff wrote:

> Using lynx on localhost, I get prompted for a login to nagios and get
> to the home page and subsidiary pages just fine, but from FF on a
> remote box I get no login prompt, and the home page just comes up, and
> it shows as me being logged in as nagiosadmin for any of the pages I
> then select. While this works, it's a bit insecure.

Interesting... I'd have to say that the httpd.conf snippet below is not what's being used or is incomplete. It seems that there is some configuration that references source IP's that would lead to this different behavior (prompted v.s. unprompted). The 'nagiosadmin' bit  is something else entirely I bet, but can't entirely be explained by the httpd.conf snippets below.

> I'd like to set it up so that 1) we get prompted for login and 2) only
> logins from authorized subnets are allowed, though if I can only have
> one, I'll take a login prompt.

Both are achievable, I expect.

> Below is the snippet of httpd.conf for
> nagios. I was terribly unsuccessful trying to 'Deny from all' and then
> specify, for instance, 'Allow from 192.168.24.0/24'.
> 
> My google-fu is weak, and other's expertise is desired. If I need to
> provide any further information, I'll be happy to provide it.
> 
> Kurt
> 
> 
> ---------- begin snippet of httpd.conf----------
> <Directory "/usr/local/www/nagios">
>  Options None
>  AllowOverride None
>  Order deny,allow
>  Allow from all
>  AuthName "Nagios Access"
>  AuthType Basic
>  AuthUserFile /usr/local/etc/nagios/htpasswd.users
>  Require valid-user
>  php_flag engine on
>  php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
> </Directory>

Change this to --

<Directory "/usr/local/www/nagios/share">
 Options None
 AllowOverride None
 Order deny,allow 
 Deny from all
 Allow from 192.168.24.0/24 # or 192.168.24.
 AuthName "Nagios Access"
 AuthType Basic
 AuthUserFile /usr/local/etc/nagios/htpasswd.users
 Require valid-user
 Satisfy all
 php_flag engine on
 php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
</Directory>

> <Directory "/usr/local/www/nagios/cgi-bin">
>  Options ExecCGI
>  AllowOverride None
>  Order allow,deny
>  Allow from all
>  AuthName "Nagios Access"
>  AuthType Basic
>  AuthUserFile /usr/local/etc/nagios/htpasswd.users
>  Require valid-user
> </Directory>

If you're using anything like a normal install, this one will never match, and it's the only one that really matters. Do you really have the directory '/usr/local/www/nagios/cgi-bin' on your server and it contains the *.cgi files? I expect not because of the nagiosadmin bit above. That implies that the CGI's are not being passed a username from your web server because there is no htaccess policy that applies to the directory that contains the CGI's. I expect that this should really be '/usr/local/www/nagios/sbin'. Adjust the following as necessary --

<Directory "/usr/local/www/nagios/sbin">
 Options ExecCGI
 AllowOverride None
 Order deny,allow
 Deny from all
 Allow from 192.168.24.0/24 # or 192.168.24.
 AuthName "Nagios Access"
 AuthType Basic
 AuthUserFile /usr/local/etc/nagios/htpasswd.users
 Require valid-user
 Satisfy all
</Directory>

If this doesn't work, what errors do you see in error_log?

--
Marc


------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null