Auditing External Commands
Ton Voon
ton.voon at altinity.com
Thu Sep 18 22:36:20 CEST 2008
On 18 Sep 2008, at 20:15, Laack,Jacob C wrote:
> I'm running Nagios 3.0.3 with httpd on RHEL 5. I have CGI
> Authentication enabled for a couple dozen users. Some of them make
> "mistakes" when issuing External Commands and I'm looking for a way
> to log or know who turned of notifications for a server that
> shouldn't have been modified, etc. I see that the /usr/local/nagios/
> var/nagios.log file shows…
>
>
>
> [1221748066] EXTERNAL COMMAND:
> DISABLE_SVC_NOTIFICATIONS;fileserv;Download-WellsFargoBP
>
>
>
> …while the apache logs show…
>
>
>
> 160.76.51.177 - ekaj [18/Sep/2008:09:27:46 -0500] "POST /cgi-bin/
> cmd.cgi HTTP/1.1" 200 1961
>
>
>
> Is there a native way for Nagios to attach to attach the CGI user,
> ekaj in this case, to the DISABLE_SVC_NOTIFICATIONS command in
> either the nagios.log file or somewhere else? Any non-native way to
> do it?
>
We had this request from a customer to add into Opsview. Patch is
here: http://trac.opsview.org/browser/trunk/opsview-base/patches/nagios_store_cmd_cgi_submissions.patch
This tells the CGIs to write an additional line API LOG: to the
nagios.log file and includes the user's name.
Beware, you need to provide permissions to the nagios.log file for the
apache user to write to it.
Ton
http://www.altinity.com
UK: +44 (0)870 787 9243
US: +1 866 879 9184
Fax: +44 (0)845 280 1725
Skype: tonvoon
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list