Externals Commands

Hari Sekhon hpsekhon at googlemail.com
Wed Aug 9 10:45:39 CEST 2006


Deborah Martin wrote:
> no idea! i use .htaccess and it works for me! my httpd.conf has the 
> following which is what i extracted from the docs!
>  
> ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
> <Directory "/usr/local/nagios/sbin">
>         AllowOverride AuthConfig
>         Options ExecCGI
>         Order allow,deny
>         Allow from all
> </Directory>
>  
> <Directory /usr/local/nagios/sbin>
> AllowOverride AuthConfig
> order allow,deny
> allow from all
> Options ExecCGI
> </Directory>
>  
>
> Alias /nagios /usr/local/nagios/share
> <Directory "/usr/local/nagios/share">
>         Options None
>         AllowOverride AuthConfig
>         Order allow,deny
>         Allow from all
> </Directory>
>  
> <Directory /usr/local/nagios/share>
> AllowOverride AuthConfig
> order allow,deny
> allow from all
> </Directory> 
>  
> Maybe there is something else that is fundamentally wrong!
>  
>  
>  -----Original Message-----
> *From:* Justin Craig [mailto:jrcraig.email at gmail.com]
> *Sent:* 01 August 2006 16:22
> *To:* Deborah Martin
> *Cc:* Martin J. Green; Hari Sekhon; nagios-users at lists.sourceforge.net
> *Subject:* Re: [Nagios-users] Externals Commands
>
>     okay so here is my output:
>
>     in my httpd.conf file I have:
>
>     ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
>     <Directory "/usr/local/nagios/sbin">
>        Options ExecCGI
>        AllowOverride AuthConfig
>        Order allow,deny
>        Allow from all
>        AuthName "Nagios Access"
>        AuthType Basic
>        AuthUserFile /usr/local/nagios/etc/htpasswd.users
>        Require valid-user
>     </Directory>
>
>     Alias /nagios "/usr/local/nagios/share"
>     <Directory "/usr/local/nagios/share">
>        Options None
>        AllowOverride AuthConfig
>        Order allow,deny
>        Allow from all
>        AuthName "Nagios Access"
>        AuthType Basic
>        AuthUserFile /usr/local/nagios/etc/htpasswd.users
>        Require valid-user
>     </Directory>
>     #
>
>     Where is my problem for not being able to execute external
>     commands or schedule downtime for a host?
>
>     On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
>     <mailto:Deborah.Martin at kognitio.com>> wrote:
>
>         actually you can use .htaccess or the httpd.conf file it
>         doesn't matter. If you put in the httpd.conf you have to
>         restart apache - not always convenient to
>         do that. But using .htaccess means you don't have to do that
>         and can simply add this file into the locations required with
>         immediate effect.
>          
>         Also, htpasswd(2) does as you say come with apache but it has
>         been known to be included with Nagios!
>          
>          
>         -----Original Message-----
>         *From:* Martin J. Green [mailto:mgreen at altien.com
>         <mailto:mgreen at altien.com>]
>         *Sent:* 01 August 2006 15:36
>         *To:* Deborah Martin; Justin Craig
>         *Cc:* Hari Sekhon; nagios-users at lists.sourceforge.net
>         <mailto:nagios-users at lists.sourceforge.net>
>         *Subject:* RE: [Nagios-users] Externals Commands
>
>         The .htaccess is only required if you don't have root access
>         to the server & thus can't add it to the main httpd.conf. If
>         you have root access, its almost always better to add it
>         there. In that case you would have no .htaccess file, it would
>         all be in the server config.
>
>          
>
>         M
>
>          
>
>         ------------------------------------------------------------------------
>
>         *From:* Deborah Martin [mailto:Deborah.Martin at kognitio.com
>         <mailto:Deborah.Martin at kognitio.com>]
>         *Sent:* 01 August 2006 15:32
>         *To:* 'Justin Craig'
>         *Cc:* Hari Sekhon; Martin J. Green;
>         nagios-users at lists.sourceforge.net
>         <mailto:nagios-users at lists.sourceforge.net>
>         *Subject:* RE: [Nagios-users] Externals Commands
>
>          
>
>         ok - somewhere in the nagios docs are the details with regard
>         to setting up .htaccess but
>
>          
>
>         I think there is a utility in the nagios install directory
>         under bin called htpasswd or htpasswd2 and you run this util
>         to generate a htpasswd.users file where
>
>         all the users that have web interface access are stored
>         including nagiosadmin. I store mine in the etc install directory.
>
>          
>
>         Then in my .htaccess file i have the following
>
>          
>
>         AuthName "Nagios Access"
>         AuthType Basic
>         AuthUserFile /usr/local/nagios/etc/htpasswd.users
>         require valid-user
>
>          
>
>         This file resides in the sbin directory (which is also
>         cgi-bin). Note though - change the AuthUserFile path to
>         wherever you are storing the htpasswd.users file.
>
>          
>
>         When i was getting the 'return from whence you came error',
>         this was exactly my problem - i hadn't set up authorisation
>         correctly and the above was how i fixed it.
>
>          
>
>         hope this helps.
>
>             -----Original Message-----
>             *From:* Justin Craig [mailto:jrcraig.email at gmail.com
>             <mailto:jrcraig.email at gmail.com>]
>             *Sent:* 01 August 2006 15:07
>             *To:* Deborah Martin
>
>
>         *Cc:* Hari Sekhon; Martin J. Green;
>         nagios-users at lists.sourceforge.net
>         <mailto:nagios-users at lists.sourceforge.net>
>         *Subject:* Re: [Nagios-users] Externals Commands
>
>         so obviously I RTFM or I wouldn't have got this far.  One part
>         that I did have questions of was the .htaccess creation, as
>         the documentation I read only provided  information for
>         setting up users via htpasswd -c and changing your
>         authorization functionality in the CGI's to 1.
>
>          
>
>         So I did a find / -name *.htaccess* and that file doesn't
>         exist.  Sounds like I need one?
>
>          
>
>         Sorry, there isn't anything in my /var/www/cgi-bin directory 
>
>          
>
>         Is there something missed here?
>
>          
>
>         On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
>         <mailto:Deborah.Martin at kognitio.com>> wrote:
>
>         can you forward the contents of the .htaccess file that
>         resides in the cgi-bin directory ? and a listing of the rest
>         of the directory including the permissions
>
>         -----Original Message-----
>         *From:* Justin Craig [mailto: jrcraig.email at gmail.com
>         <mailto:jrcraig.email at gmail.com>]
>         *Sent:* 01 August 2006 14:46
>         *To:* Deborah Martin
>         *Cc:* Hari Sekhon; Martin J. Green;
>         nagios-users at lists.sourceforge.net
>         <mailto:nagios-users at lists.sourceforge.net>
>         *Subject:* Re: [Nagios-users] Externals Commands
>
>         i'm logged in as nagiosadmin and i have that username in all
>         my cgi's.  I have the sameissue, can't schedule downtime or
>         issue external commands with the same error.  I'm running
>         nagios 2.4
>
>          
>
>         On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
>         <mailto:Deborah.Martin at kognitio.com>> wrote:
>
>         look at your /usr/local/nagios/sbin directory and check a)
>         file permissions are correct and also whether your .htaccess
>         authrization file is present.
>
>         This error is generally caused by not correctly using
>         .htaccess and also not configuring apache properly - check
>         your httpd.conf is correctly configured
>
>          
>
>             -----Original Message-----
>             *From:* Hari Sekhon [mailto: hpsekhon at googlemail.com
>             <mailto:hpsekhon at googlemail.com>]
>             *Sent:* 01 August 2006 14:14
>             *To:* Martin J. Green
>             *Cc:* nagios-users at lists.sourceforge.net
>             <mailto:nagios-users at lists.sourceforge.net>
>             *Subject:* Re: [Nagios-users] Externals Commands
>
>             Martin J. Green wrote:
>
>             I can't get external commands to work either (appears it
>             can't write to the file for some reason), but its so low
>             on my list of priorities I haven't gotten to it yet.
>
>             ------------------------------------------------------------------------
>
>             *From:* nagios-users-bounces at lists.sourceforge.net
>             <mailto:nagios-users-bounces at lists.sourceforge.net> [
>             mailto:nagios-users-bounces at lists.sourceforge.net] *On
>             Behalf Of *Hari Sekhon
>             *Sent:* 01 August 2006 13:48
>             *To:* nagios-users at lists.sourceforge.net
>             <mailto:nagios-users at lists.sourceforge.net>
>             *Subject: *[Nagios-users] Externals Commands
>
>             I am having real difficulty getting external commands to
>             work and don't full understand what's going wrong, despite
>             having RTFMing several times.
>
>             As an example, I log in to the web interface as
>             nagiosadmin via basic apache auth successfully as usual. I
>             go to "comments" in the left hand pane and enter one for a
>             host but when I click submit, I get the error:
>
>             "Sorry, but you are not authorized to commit the specified
>             command.
>
>             Read the section of the documentation that deals with
>             authentication and authorization in the CGIs for more
>             information.
>
>             Return from whence you came"
>
>             As far as I can tell, I have all the perms set right
>             according to the docs:
>
>             cgi.cfg
>
>             use_authentication=1
>             authorized_for_system_information=nagiosadmin
>             authorized_for_configuration_information=nagiosadmin
>             authorized_for_system_commands=nagiosadmin
>             authorized_for_all_services=nagiosadmin
>             authorized_for_all_hosts=nagiosadmin
>             authorized_for_all_service_commands=nagiosadmin
>             authorized_for_all_host_commands=nagiosadmin
>
>             nagios.cfg
>
>             command_file=/var/nagios/rw/nagios.cmd
>             check_external_commands=1
>             # NOTE: Setting this value to -1 causes Nagios to check
>             the external
>             # command file as often as possible.
>             command_check_interval=-1
>
>             ll /var/nagios/ | grep rw/
>             drwxrws--- 2 nagios apache  4096 Aug  1 13:28 rw/
>
>             ll /var/nagios/rw/nagios.cmd
>             prw-rw---- 1 nagios apache 0 Aug  1 13:28
>             /var/nagios/rw/nagios.cmd|
>
>             The apache process is run by the apache user, a member of
>             the apache group, so has full perms to the directory and
>             the pipe file nagios.cmd. Nagios is run by nagios who is
>             also a member of the apache group.
>
>             This all looks as it should be according to the docs as
>             far as I can see.
>
>             What am I missing?
>
>
>             Hari
>
>
>             I think quite a lot of people have trouble with this but a
>             lot give up or are satisfied that the main bit is working
>             and don't bother with this...
>
>             does anybody have this working and if so could you post
>             your configs so I can see anything you have different to me?
>
>             are external commands generally broken or is there
>             something missing in the docs/our configs/our brains?
>
>             I'm using Version 1.4.1
>
>             Hari
>
>         ************************************************************************
>         This email and any files transmitted with it are confidential
>         and intended solely for the use of the individual or entity to
>         whom they are addressed. Any unauthorised distribution or
>         copying is strictly prohibited. Whilst Kognitio Limited takes
>         steps to prevent the transmission of viruses via e-mail, we
>         can not guarantee that any email or attachment is free from
>         computer viruses and you are strongly advised to undertake
>         your own anti-virus precautions. Kognitio grants no warranties
>         regarding performance, use or quality of any e-mail or
>         attachment and undertakes no liability for loss or damage,
>         howsoever caused.
>         ***********************************************************************
>
>
>
>         -------------------------------------------------------------------------
>
>
>         Take Surveys. Earn Cash. Influence the Future of IT
>         Join SourceForge.net's Techsay panel and you'll get the chance
>         to share your
>         opinions on IT & business topics through brief surveys -- and
>         earn cash
>         http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>         <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>
>
>         _______________________________________________
>         Nagios-users mailing list
>         Nagios-users at lists.sourceforge.net
>         <mailto:Nagios-users at lists.sourceforge.net>
>         https://lists.sourceforge.net/lists/listinfo/nagios-users
>         <https://lists.sourceforge.net/lists/listinfo/nagios-users>
>         ::: Please include Nagios version, plugin version (-v) and OS
>         when reporting any issue.
>         ::: Messages without supporting info will risk being sent to
>         /dev/null
>
>
>
>
>         -- 
>         - Justin
>
>
>
>
>         -- 
>         - Justin
>
>
>
>
>     -- 
>     - Justin 
>

I'm still scratching my head on this, I can go to the scheduling queue 
and disable checks, the command is processed and applied successfully. 
However I still cannot enter a host/service comment or schedule downtime 
without getting the not authorized, return from whence you came message...

I am logged in as nagiosadmin, here is my .htacccess file which is in 
both my nagios/share and nagios/sbin directories:

AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthGroupFile /etc/nagios/htpasswd.group
require group nagios


/etc/htaccess.users:

nagiosadmin: sOmeHaSh1234...


/etc/htaccess.group

nagios: nagiosadmin



I have repeatedly gone over the docs so this should work, I'm at a 
complete loss by this point.


-h
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060809/8135a7d1/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list