Nagios CGI Authorization Problems

chris at kive.net chris at kive.net
Wed May 7 06:50:12 CEST 2003
Previous message: NSCA Timeouts
Next message: check_snmp timeout
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,

I have spent many hours searching through all available documentation,
FAQ's, reading the mailing list archives, and testing many ideas of my own
and from earlier posts to similar problems. At this point, I am genuinely
stuck, and would very much appreciate any help offered.

The Issue:

I can successfully login at http://mydomain.com/nagios/index.html, but the
Nagios CGI's dont appear to see who I am authorized as. I get the "Logged
in as ?" on most screens, and I receive this error on most screens as
well: "It appears as though you do not have permission to view information
for any of the hosts you requested... If you believe this is an error,
check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.

The Specs:

RedHat 7.2
Apache 1.3.27

Filesystem:

[root at srv01 nagios]# pwd
/usr/local/nagios
[root at srv01 nagios]# ls -la
total 32
drwxr-xr-x    8 root     root         4096 May  5 12:28 .
drwxr-xr-x   19 root     root         4096 May  5 12:19 ..
drwxrwxr-x    2 nagios   nagios       4096 May  5 12:27 bin
drwxrwxr-x    2 nagios   nagios       4096 May  5 13:32 etc
drwx------    2 nagios   nagios       4096 May  5 12:32 libexec
drwxrwxr-x    2 nagios   nagios       4096 May  7 00:24 sbin
drwxrwxr-x    8 nagios   nagios       4096 May  5 12:46 share
drwxrwxr-x    3 nagios   nagios       4096 May  5 13:52 var

[root at srv01 etc]# pwd
/usr/local/nagios/etc
[root at srv01 etc]# ls -la
total 144
drwxrwxr-x    2 nagios   nagios       4096 May  5 13:32 .
drwxr-xr-x    8 root     root         4096 May  5 12:28 ..
-rw-r--r--    1 nagios   nagios      17076 May  6 23:26 cgi.cfg
-rw-------    1 root     root        17180 May  5 13:32 cgi.cfg.save
-rw-r--r--    1 nagios   nagios       4478 May  5 12:50 checkcommands.cfg
-rw-r--r--    1 nagios   nagios        814 May  5 13:25 contactgroups.cfg
-rw-r--r--    1 nagios   nagios       1387 May  5 13:20 contacts.cfg
-rw-r--r--    1 nagios   nagios       1673 May  5 13:23 dependencies.cfg
-rw-r--r--    1 nagios   nagios       2050 May  5 13:28 escalations.cfg
-rw-r--r--    1 nagios   nagios        807 May  5 13:24 hostgroups.cfg
-rw-r--r--    1 nagios   nagios       1942 May  5 13:22 hosts.cfg
-rw-r--r--    1 root     root           20 May  5 12:47 htpasswd.users
-rw-r--r--    1 nagios   nagios       4255 May  5 12:51 misccommands.cfg
-rw-r--r--    1 nagios   nagios      21330 May  5 12:50 nagios.cfg
-rw-r-----    1 nagios   nagios       3072 May  5 12:51 resource.cfg
-rw-r--r--    1 nagios   nagios      18322 May  5 13:38 services.cfg
-rw-r--r--    1 nagios   nagios       1592 May  5 12:51 timeperiods.cfg

[root at srv01 sbin]# pwd
/usr/local/nagios/sbin
[root at srv01 sbin]# ls -la
total 2048
drwxrwxr-x    2 nagios   nagios       4096 May  7 00:24 .
drwxr-xr-x    8 root     root         4096 May  5 12:28 ..
-rwxr-xr-x    1 apache   apache     145788 May  5 12:27 avail.cgi
-rwxr-xr-x    1 apache   apache     148504 May  5 12:27 cmd.cgi
-rwxr-xr-x    1 apache   apache     115996 May  5 12:27 config.cgi
-rwxr-xr-x    1 apache   apache     161336 May  5 12:27 extinfo.cgi
-rwxr-xr-x    1 apache   apache     126524 May  5 12:27 histogram.cgi
-rwxr-xr-x    1 apache   apache     106284 May  5 12:27 history.cgi
-rw-r--r--    1 nagios   nagios        110 May  7 00:24 .htaccess
lrwxrwxrwx    1 root     root            8 May  5 12:58 nagios -> ./nagios
-rwxr-xr-x    1 apache   apache     103468 May  5 12:27 notifications.cgi
-rwxr-xr-x    1 apache   apache     100796 May  5 12:27 outages.cgi
-rwxr-xr-x    1 apache   apache     101260 May  5 12:27 showlog.cgi
-rwxr-xr-x    1 apache   apache     147416 May  5 12:27 status.cgi
-rwxr-xr-x    1 apache   apache     130076 May  5 12:27 statusmap.cgi
-rwxr-xr-x    1 apache   apache     117116 May  5 12:27 statuswml.cgi
-rwxr-xr-x    1 apache   apache     111516 May  5 12:27 statuswrl.cgi
-rwxr-xr-x    1 apache   apache     121276 May  5 12:27 summary.cgi
-rwxr-xr-x    1 apache   apache     125400 May  5 12:27 tac.cgi
-rwxr-xr-x    1 apache   apache     128412 May  5 12:27 trends.cgi

Log Data:

/var/www/error_log contains no relevant information
/var/www/access_log contains what appears to be successful transactions,
but I do see that the .cgi get's are not logged as authenticated. Here is
a typical transaction entry:

12.91.237.228 - - [07/May/2003:00:37:27 -0400] "GET
/cgi-bin/nagios/status.cgi?hostgroup=all&style=hostdetail HTTP/1.1" 200
7109
12.91.237.228 - chris [07/May/2003:00:37:27 -0400] "GET
/nagios/stylesheets/status.css HTTP/1.1" 304 -
12.91.237.228 - chris [07/May/2003:00:37:28 -0400] "GET
/nagios/images/contexthelp1.gif HTTP/1.1" 304 -
12.91.237.228 - chris [07/May/2003:00:37:28 -0400] "GET
/nagios/images/up.gif HTTP/1.1" 304 -
12.91.237.228 - chris [07/May/2003:00:37:28 -0400] "GET
/nagios/images/down.gif HTTP/1.1" 304 -
12.91.237.228 - - [07/May/2003:00:37:49 -0400] "GET
/cgi-bin/nagios/status.cgi?host=all HTTP/1.1" 200 7138
12.91.237.228 - - [07/May/2003:00:37:57 -0400] "GET
/cgi-bin/nagios/tac.cgi HTTP/1.1" 200 11138

Relevant Files:

[root at srv01 etc]# grep use_auth /usr/local/nagios/etc/cgi.cfg
use_authentication=1

[root at srv01 etc]# cat /usr/local/nagios/share/.htaccess
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user

[root at srv01 etc]# cat /usr/local/nagios/sbin/.htaccess
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user

/usr/local/nagios/etc/htpasswd.users exists, is world-readable, and
contains a single entry for "chris:(encrypted data)"

Relevant Entries from /etc/httpd/conf/httpd.conf:

Alias /nagios/ /usr/local/nagios/share/
<Directory "/usr/local/nagios/share">
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/
<Directory "/usr/local/nagios/sbin">
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

Other Miscellaneous Information:

- the nagios group contains both the nagios and apache users
- The nagios userID is over 100
- This is a fresh installation from Nagios 1.0 source
- Other CGI-BIN directories on the same server are known to work using
this same authentication method.
- I tested with use_authentication = 0, and everything worked fine.

Again, your help is greatly appreciated. I'll keep troubleshooting, and
will let you know if I learn anything else.

Best Regards,

-Chris




-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: NSCA Timeouts
Next message: check_snmp timeout
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list