Allowing unauthenticated access to Nagios from select hosts

up at 3.am up at 3.am
Wed Jul 20 15:39:38 CEST 2011


Thanks for your response.  I looked at the docs for that and I'm not sure what it
does.  After experimenting with it, it appears to just disable authentication for
the cgi, leaving just the apache config to protect you.

Is this the same as disabling authentication in cgi.cfg?  Would we still be
vulnerable to attacks directly at the cgi (bypassing basic apache authentication)?
 Or would the attacker have to somehow know the default_user_name?

Thanks again!

> try "default_user_name" in cgi.cfg
>
>
> On Wed, Jul 20, 2011 at 3:35 AM,  <up at 3.am> wrote:
>> We use Nagios with normal authentication (the nagios apache config file, much
>> like
>> .htaccess combined with Nagios's cgi.cfg) and want to allow a few internal hosts
>> (with RFC1918 addresses) to access nagios withOUT user authentication.  These
>> are
>> basically large displays with no keyboard input.
>>
>> Doing the apache config for this was pretty straightforward:
>>
>>   AuthType Basic
>>   Require valid-user
>>   Allow from 192.168.199.99
>>   Satisfy any
>>
>> However, although the main Nagios page come up fine, one cannot access any of
>> the
>> Monitoring links.  You get:
>>
>>  It appears as though you do not have permission to view information for any of
>>  the services you requested
>>
>> Googling for docs on this, I figured the cgi.cfg was the culprit, but there does
>> not seem to be any way in there to define hosts or IP addresses to give them
>> unauthenticated access.  We already have this:
>>
>>  authorized_for_all_services=*
>>  authorized_for_all_hosts=*
>>
>> We obviously need to leave authentication/authorization enabled for all other
>> hosts.  Is there a way around this?
>>
>> Thanks in advance!
>>
>> ------------------------------------------------------------------------------
>> Magic Quadrant for Content-Aware Data Loss Prevention
>> Research study explores the data loss prevention market. Includes in-depth
>> analysis on the changes within the DLP market, and the criteria used to
>> evaluate the strengths and weaknesses of these DLP solutions.
>> http://www.accelacomm.com/jaw/sfnl/114/51385063/
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when reporting any
>> issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
>
> ------------------------------------------------------------------------------
> 10 Tips for Better Web Security
> Learn 10 ways to better secure your business today. Topics covered include:
> Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
> security Microsoft Exchange, secure Instant Messaging, and much more.
> http://www.accelacomm.com/jaw/sfnl/114/51426210/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any
> issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>


------------------------------------------------------------------------------
10 Tips for Better Web Security
Learn 10 ways to better secure your business today. Topics covered include:
Web security, SSL, hacker attacks & Denial of Service (DoS), private keys,
security Microsoft Exchange, secure Instant Messaging, and much more.
http://www.accelacomm.com/jaw/sfnl/114/51426210/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list