Externals Commands
Hari Sekhon
hpsekhon at googlemail.com
Wed Aug 9 10:45:39 CEST 2006
Deborah Martin wrote:
> no idea! i use .htaccess and it works for me! my httpd.conf has the
> following which is what i extracted from the docs!
>
> ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
> <Directory "/usr/local/nagios/sbin">
> AllowOverride AuthConfig
> Options ExecCGI
> Order allow,deny
> Allow from all
> </Directory>
>
> <Directory /usr/local/nagios/sbin>
> AllowOverride AuthConfig
> order allow,deny
> allow from all
> Options ExecCGI
> </Directory>
>
>
> Alias /nagios /usr/local/nagios/share
> <Directory "/usr/local/nagios/share">
> Options None
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> </Directory>
>
> <Directory /usr/local/nagios/share>
> AllowOverride AuthConfig
> order allow,deny
> allow from all
> </Directory>
>
> Maybe there is something else that is fundamentally wrong!
>
>
> -----Original Message-----
> *From:* Justin Craig [mailto:jrcraig.email at gmail.com]
> *Sent:* 01 August 2006 16:22
> *To:* Deborah Martin
> *Cc:* Martin J. Green; Hari Sekhon; nagios-users at lists.sourceforge.net
> *Subject:* Re: [Nagios-users] Externals Commands
>
> okay so here is my output:
>
> in my httpd.conf file I have:
>
> ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
> <Directory "/usr/local/nagios/sbin">
> Options ExecCGI
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> AuthName "Nagios Access"
> AuthType Basic
> AuthUserFile /usr/local/nagios/etc/htpasswd.users
> Require valid-user
> </Directory>
>
> Alias /nagios "/usr/local/nagios/share"
> <Directory "/usr/local/nagios/share">
> Options None
> AllowOverride AuthConfig
> Order allow,deny
> Allow from all
> AuthName "Nagios Access"
> AuthType Basic
> AuthUserFile /usr/local/nagios/etc/htpasswd.users
> Require valid-user
> </Directory>
> #
>
> Where is my problem for not being able to execute external
> commands or schedule downtime for a host?
>
> On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
> <mailto:Deborah.Martin at kognitio.com>> wrote:
>
> actually you can use .htaccess or the httpd.conf file it
> doesn't matter. If you put in the httpd.conf you have to
> restart apache - not always convenient to
> do that. But using .htaccess means you don't have to do that
> and can simply add this file into the locations required with
> immediate effect.
>
> Also, htpasswd(2) does as you say come with apache but it has
> been known to be included with Nagios!
>
>
> -----Original Message-----
> *From:* Martin J. Green [mailto:mgreen at altien.com
> <mailto:mgreen at altien.com>]
> *Sent:* 01 August 2006 15:36
> *To:* Deborah Martin; Justin Craig
> *Cc:* Hari Sekhon; nagios-users at lists.sourceforge.net
> <mailto:nagios-users at lists.sourceforge.net>
> *Subject:* RE: [Nagios-users] Externals Commands
>
> The .htaccess is only required if you don't have root access
> to the server & thus can't add it to the main httpd.conf. If
> you have root access, its almost always better to add it
> there. In that case you would have no .htaccess file, it would
> all be in the server config.
>
>
>
> M
>
>
>
> ------------------------------------------------------------------------
>
> *From:* Deborah Martin [mailto:Deborah.Martin at kognitio.com
> <mailto:Deborah.Martin at kognitio.com>]
> *Sent:* 01 August 2006 15:32
> *To:* 'Justin Craig'
> *Cc:* Hari Sekhon; Martin J. Green;
> nagios-users at lists.sourceforge.net
> <mailto:nagios-users at lists.sourceforge.net>
> *Subject:* RE: [Nagios-users] Externals Commands
>
>
>
> ok - somewhere in the nagios docs are the details with regard
> to setting up .htaccess but
>
>
>
> I think there is a utility in the nagios install directory
> under bin called htpasswd or htpasswd2 and you run this util
> to generate a htpasswd.users file where
>
> all the users that have web interface access are stored
> including nagiosadmin. I store mine in the etc install directory.
>
>
>
> Then in my .htaccess file i have the following
>
>
>
> AuthName "Nagios Access"
> AuthType Basic
> AuthUserFile /usr/local/nagios/etc/htpasswd.users
> require valid-user
>
>
>
> This file resides in the sbin directory (which is also
> cgi-bin). Note though - change the AuthUserFile path to
> wherever you are storing the htpasswd.users file.
>
>
>
> When i was getting the 'return from whence you came error',
> this was exactly my problem - i hadn't set up authorisation
> correctly and the above was how i fixed it.
>
>
>
> hope this helps.
>
> -----Original Message-----
> *From:* Justin Craig [mailto:jrcraig.email at gmail.com
> <mailto:jrcraig.email at gmail.com>]
> *Sent:* 01 August 2006 15:07
> *To:* Deborah Martin
>
>
> *Cc:* Hari Sekhon; Martin J. Green;
> nagios-users at lists.sourceforge.net
> <mailto:nagios-users at lists.sourceforge.net>
> *Subject:* Re: [Nagios-users] Externals Commands
>
> so obviously I RTFM or I wouldn't have got this far. One part
> that I did have questions of was the .htaccess creation, as
> the documentation I read only provided information for
> setting up users via htpasswd -c and changing your
> authorization functionality in the CGI's to 1.
>
>
>
> So I did a find / -name *.htaccess* and that file doesn't
> exist. Sounds like I need one?
>
>
>
> Sorry, there isn't anything in my /var/www/cgi-bin directory
>
>
>
> Is there something missed here?
>
>
>
> On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
> <mailto:Deborah.Martin at kognitio.com>> wrote:
>
> can you forward the contents of the .htaccess file that
> resides in the cgi-bin directory ? and a listing of the rest
> of the directory including the permissions
>
> -----Original Message-----
> *From:* Justin Craig [mailto: jrcraig.email at gmail.com
> <mailto:jrcraig.email at gmail.com>]
> *Sent:* 01 August 2006 14:46
> *To:* Deborah Martin
> *Cc:* Hari Sekhon; Martin J. Green;
> nagios-users at lists.sourceforge.net
> <mailto:nagios-users at lists.sourceforge.net>
> *Subject:* Re: [Nagios-users] Externals Commands
>
> i'm logged in as nagiosadmin and i have that username in all
> my cgi's. I have the sameissue, can't schedule downtime or
> issue external commands with the same error. I'm running
> nagios 2.4
>
>
>
> On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
> <mailto:Deborah.Martin at kognitio.com>> wrote:
>
> look at your /usr/local/nagios/sbin directory and check a)
> file permissions are correct and also whether your .htaccess
> authrization file is present.
>
> This error is generally caused by not correctly using
> .htaccess and also not configuring apache properly - check
> your httpd.conf is correctly configured
>
>
>
> -----Original Message-----
> *From:* Hari Sekhon [mailto: hpsekhon at googlemail.com
> <mailto:hpsekhon at googlemail.com>]
> *Sent:* 01 August 2006 14:14
> *To:* Martin J. Green
> *Cc:* nagios-users at lists.sourceforge.net
> <mailto:nagios-users at lists.sourceforge.net>
> *Subject:* Re: [Nagios-users] Externals Commands
>
> Martin J. Green wrote:
>
> I can't get external commands to work either (appears it
> can't write to the file for some reason), but its so low
> on my list of priorities I haven't gotten to it yet.
>
> ------------------------------------------------------------------------
>
> *From:* nagios-users-bounces at lists.sourceforge.net
> <mailto:nagios-users-bounces at lists.sourceforge.net> [
> mailto:nagios-users-bounces at lists.sourceforge.net] *On
> Behalf Of *Hari Sekhon
> *Sent:* 01 August 2006 13:48
> *To:* nagios-users at lists.sourceforge.net
> <mailto:nagios-users at lists.sourceforge.net>
> *Subject: *[Nagios-users] Externals Commands
>
> I am having real difficulty getting external commands to
> work and don't full understand what's going wrong, despite
> having RTFMing several times.
>
> As an example, I log in to the web interface as
> nagiosadmin via basic apache auth successfully as usual. I
> go to "comments" in the left hand pane and enter one for a
> host but when I click submit, I get the error:
>
> "Sorry, but you are not authorized to commit the specified
> command.
>
> Read the section of the documentation that deals with
> authentication and authorization in the CGIs for more
> information.
>
> Return from whence you came"
>
> As far as I can tell, I have all the perms set right
> according to the docs:
>
> cgi.cfg
>
> use_authentication=1
> authorized_for_system_information=nagiosadmin
> authorized_for_configuration_information=nagiosadmin
> authorized_for_system_commands=nagiosadmin
> authorized_for_all_services=nagiosadmin
> authorized_for_all_hosts=nagiosadmin
> authorized_for_all_service_commands=nagiosadmin
> authorized_for_all_host_commands=nagiosadmin
>
> nagios.cfg
>
> command_file=/var/nagios/rw/nagios.cmd
> check_external_commands=1
> # NOTE: Setting this value to -1 causes Nagios to check
> the external
> # command file as often as possible.
> command_check_interval=-1
>
> ll /var/nagios/ | grep rw/
> drwxrws--- 2 nagios apache 4096 Aug 1 13:28 rw/
>
> ll /var/nagios/rw/nagios.cmd
> prw-rw---- 1 nagios apache 0 Aug 1 13:28
> /var/nagios/rw/nagios.cmd|
>
> The apache process is run by the apache user, a member of
> the apache group, so has full perms to the directory and
> the pipe file nagios.cmd. Nagios is run by nagios who is
> also a member of the apache group.
>
> This all looks as it should be according to the docs as
> far as I can see.
>
> What am I missing?
>
>
> Hari
>
>
> I think quite a lot of people have trouble with this but a
> lot give up or are satisfied that the main bit is working
> and don't bother with this...
>
> does anybody have this working and if so could you post
> your configs so I can see anything you have different to me?
>
> are external commands generally broken or is there
> something missing in the docs/our configs/our brains?
>
> I'm using Version 1.4.1
>
> Hari
>
> ************************************************************************
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity to
> whom they are addressed. Any unauthorised distribution or
> copying is strictly prohibited. Whilst Kognitio Limited takes
> steps to prevent the transmission of viruses via e-mail, we
> can not guarantee that any email or attachment is free from
> computer viruses and you are strongly advised to undertake
> your own anti-virus precautions. Kognitio grants no warranties
> regarding performance, use or quality of any e-mail or
> attachment and undertakes no liability for loss or damage,
> howsoever caused.
> ***********************************************************************
>
>
>
> -------------------------------------------------------------------------
>
>
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance
> to share your
> opinions on IT & business topics through brief surveys -- and
> earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> <mailto:Nagios-users at lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> <https://lists.sourceforge.net/lists/listinfo/nagios-users>
> ::: Please include Nagios version, plugin version (-v) and OS
> when reporting any issue.
> ::: Messages without supporting info will risk being sent to
> /dev/null
>
>
>
>
> --
> - Justin
>
>
>
>
> --
> - Justin
>
>
>
>
> --
> - Justin
>
I'm still scratching my head on this, I can go to the scheduling queue
and disable checks, the command is processed and applied successfully.
However I still cannot enter a host/service comment or schedule downtime
without getting the not authorized, return from whence you came message...
I am logged in as nagiosadmin, here is my .htacccess file which is in
both my nagios/share and nagios/sbin directories:
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthGroupFile /etc/nagios/htpasswd.group
require group nagios
/etc/htaccess.users:
nagiosadmin: sOmeHaSh1234...
/etc/htaccess.group
nagios: nagiosadmin
I have repeatedly gone over the docs so this should work, I'm at a
complete loss by this point.
-h
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060809/8135a7d1/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list