Externals Commands
Hari Sekhon
hpsekhon at googlemail.com
Wed Aug 9 10:53:02 CEST 2006
Hari Sekhon wrote:
> Deborah Martin wrote:
>> no idea! i use .htaccess and it works for me! my httpd.conf has the
>> following which is what i extracted from the docs!
>>
>> ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
>> <Directory "/usr/local/nagios/sbin">
>> AllowOverride AuthConfig
>> Options ExecCGI
>> Order allow,deny
>> Allow from all
>> </Directory>
>>
>> <Directory /usr/local/nagios/sbin>
>> AllowOverride AuthConfig
>> order allow,deny
>> allow from all
>> Options ExecCGI
>> </Directory>
>>
>>
>> Alias /nagios /usr/local/nagios/share
>> <Directory "/usr/local/nagios/share">
>> Options None
>> AllowOverride AuthConfig
>> Order allow,deny
>> Allow from all
>> </Directory>
>>
>> <Directory /usr/local/nagios/share>
>> AllowOverride AuthConfig
>> order allow,deny
>> allow from all
>> </Directory>
>>
>> Maybe there is something else that is fundamentally wrong!
>>
>>
>> -----Original Message-----
>> *From:* Justin Craig [mailto:jrcraig.email at gmail.com]
>> *Sent:* 01 August 2006 16:22
>> *To:* Deborah Martin
>> *Cc:* Martin J. Green; Hari Sekhon; nagios-users at lists.sourceforge.net
>> *Subject:* Re: [Nagios-users] Externals Commands
>>
>> okay so here is my output:
>>
>> in my httpd.conf file I have:
>>
>> ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
>> <Directory "/usr/local/nagios/sbin">
>> Options ExecCGI
>> AllowOverride AuthConfig
>> Order allow,deny
>> Allow from all
>> AuthName "Nagios Access"
>> AuthType Basic
>> AuthUserFile /usr/local/nagios/etc/htpasswd.users
>> Require valid-user
>> </Directory>
>>
>> Alias /nagios "/usr/local/nagios/share"
>> <Directory "/usr/local/nagios/share">
>> Options None
>> AllowOverride AuthConfig
>> Order allow,deny
>> Allow from all
>> AuthName "Nagios Access"
>> AuthType Basic
>> AuthUserFile /usr/local/nagios/etc/htpasswd.users
>> Require valid-user
>> </Directory>
>> #
>>
>> Where is my problem for not being able to execute external
>> commands or schedule downtime for a host?
>>
>> On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
>> <mailto:Deborah.Martin at kognitio.com>> wrote:
>>
>> actually you can use .htaccess or the httpd.conf file it
>> doesn't matter. If you put in the httpd.conf you have to
>> restart apache - not always convenient to
>> do that. But using .htaccess means you don't have to do that
>> and can simply add this file into the locations required with
>> immediate effect.
>>
>> Also, htpasswd(2) does as you say come with apache but it has
>> been known to be included with Nagios!
>>
>>
>> -----Original Message-----
>> *From:* Martin J. Green [mailto:mgreen at altien.com
>> <mailto:mgreen at altien.com>]
>> *Sent:* 01 August 2006 15:36
>> *To:* Deborah Martin; Justin Craig
>> *Cc:* Hari Sekhon; nagios-users at lists.sourceforge.net
>> <mailto:nagios-users at lists.sourceforge.net>
>> *Subject:* RE: [Nagios-users] Externals Commands
>>
>> The .htaccess is only required if you don't have root access
>> to the server & thus can't add it to the main httpd.conf. If
>> you have root access, its almost always better to add it
>> there. In that case you would have no .htaccess file, it
>> would all be in the server config.
>>
>>
>>
>> M
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> *From:* Deborah Martin [mailto:Deborah.Martin at kognitio.com
>> <mailto:Deborah.Martin at kognitio.com>]
>> *Sent:* 01 August 2006 15:32
>> *To:* 'Justin Craig'
>> *Cc:* Hari Sekhon; Martin J. Green;
>> nagios-users at lists.sourceforge.net
>> <mailto:nagios-users at lists.sourceforge.net>
>> *Subject:* RE: [Nagios-users] Externals Commands
>>
>>
>>
>> ok - somewhere in the nagios docs are the details with regard
>> to setting up .htaccess but
>>
>>
>>
>> I think there is a utility in the nagios install directory
>> under bin called htpasswd or htpasswd2 and you run this util
>> to generate a htpasswd.users file where
>>
>> all the users that have web interface access are stored
>> including nagiosadmin. I store mine in the etc install
>> directory.
>>
>>
>>
>> Then in my .htaccess file i have the following
>>
>>
>>
>> AuthName "Nagios Access"
>> AuthType Basic
>> AuthUserFile /usr/local/nagios/etc/htpasswd.users
>> require valid-user
>>
>>
>>
>> This file resides in the sbin directory (which is also
>> cgi-bin). Note though - change the AuthUserFile path to
>> wherever you are storing the htpasswd.users file.
>>
>>
>>
>> When i was getting the 'return from whence you came error',
>> this was exactly my problem - i hadn't set up authorisation
>> correctly and the above was how i fixed it.
>>
>>
>>
>> hope this helps.
>>
>> -----Original Message-----
>> *From:* Justin Craig [mailto:jrcraig.email at gmail.com
>> <mailto:jrcraig.email at gmail.com>]
>> *Sent:* 01 August 2006 15:07
>> *To:* Deborah Martin
>>
>>
>> *Cc:* Hari Sekhon; Martin J. Green;
>> nagios-users at lists.sourceforge.net
>> <mailto:nagios-users at lists.sourceforge.net>
>> *Subject:* Re: [Nagios-users] Externals Commands
>>
>> so obviously I RTFM or I wouldn't have got this far. One
>> part that I did have questions of was the .htaccess creation,
>> as the documentation I read only provided information for
>> setting up users via htpasswd -c and changing your
>> authorization functionality in the CGI's to 1.
>>
>>
>>
>> So I did a find / -name *.htaccess* and that file doesn't
>> exist. Sounds like I need one?
>>
>>
>>
>> Sorry, there isn't anything in my /var/www/cgi-bin directory
>>
>>
>>
>> Is there something missed here?
>>
>>
>>
>> On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
>> <mailto:Deborah.Martin at kognitio.com>> wrote:
>>
>> can you forward the contents of the .htaccess file that
>> resides in the cgi-bin directory ? and a listing of the rest
>> of the directory including the permissions
>>
>> -----Original Message-----
>> *From:* Justin Craig [mailto: jrcraig.email at gmail.com
>> <mailto:jrcraig.email at gmail.com>]
>> *Sent:* 01 August 2006 14:46
>> *To:* Deborah Martin
>> *Cc:* Hari Sekhon; Martin J. Green;
>> nagios-users at lists.sourceforge.net
>> <mailto:nagios-users at lists.sourceforge.net>
>> *Subject:* Re: [Nagios-users] Externals Commands
>>
>> i'm logged in as nagiosadmin and i have that username in all
>> my cgi's. I have the sameissue, can't schedule downtime or
>> issue external commands with the same error. I'm running
>> nagios 2.4
>>
>>
>>
>> On 8/1/06, *Deborah Martin* < Deborah.Martin at kognitio.com
>> <mailto:Deborah.Martin at kognitio.com>> wrote:
>>
>> look at your /usr/local/nagios/sbin directory and check a)
>> file permissions are correct and also whether your .htaccess
>> authrization file is present.
>>
>> This error is generally caused by not correctly using
>> .htaccess and also not configuring apache properly - check
>> your httpd.conf is correctly configured
>>
>>
>>
>> -----Original Message-----
>> *From:* Hari Sekhon [mailto: hpsekhon at googlemail.com
>> <mailto:hpsekhon at googlemail.com>]
>> *Sent:* 01 August 2006 14:14
>> *To:* Martin J. Green
>> *Cc:* nagios-users at lists.sourceforge.net
>> <mailto:nagios-users at lists.sourceforge.net>
>> *Subject:* Re: [Nagios-users] Externals Commands
>>
>> Martin J. Green wrote:
>>
>> I can't get external commands to work either (appears it
>> can't write to the file for some reason), but its so low
>> on my list of priorities I haven't gotten to it yet.
>>
>> ------------------------------------------------------------------------
>>
>> *From:* nagios-users-bounces at lists.sourceforge.net
>> <mailto:nagios-users-bounces at lists.sourceforge.net> [
>> mailto:nagios-users-bounces at lists.sourceforge.net] *On
>> Behalf Of *Hari Sekhon
>> *Sent:* 01 August 2006 13:48
>> *To:* nagios-users at lists.sourceforge.net
>> <mailto:nagios-users at lists.sourceforge.net>
>> *Subject: *[Nagios-users] Externals Commands
>>
>> I am having real difficulty getting external commands to
>> work and don't full understand what's going wrong,
>> despite having RTFMing several times.
>>
>> As an example, I log in to the web interface as
>> nagiosadmin via basic apache auth successfully as usual.
>> I go to "comments" in the left hand pane and enter one
>> for a host but when I click submit, I get the error:
>>
>> "Sorry, but you are not authorized to commit the
>> specified command.
>>
>> Read the section of the documentation that deals with
>> authentication and authorization in the CGIs for more
>> information.
>>
>> Return from whence you came"
>>
>> As far as I can tell, I have all the perms set right
>> according to the docs:
>>
>> cgi.cfg
>>
>> use_authentication=1
>> authorized_for_system_information=nagiosadmin
>> authorized_for_configuration_information=nagiosadmin
>> authorized_for_system_commands=nagiosadmin
>> authorized_for_all_services=nagiosadmin
>> authorized_for_all_hosts=nagiosadmin
>> authorized_for_all_service_commands=nagiosadmin
>> authorized_for_all_host_commands=nagiosadmin
>>
>> nagios.cfg
>>
>> command_file=/var/nagios/rw/nagios.cmd
>> check_external_commands=1
>> # NOTE: Setting this value to -1 causes Nagios to check
>> the external
>> # command file as often as possible.
>> command_check_interval=-1
>>
>> ll /var/nagios/ | grep rw/
>> drwxrws--- 2 nagios apache 4096 Aug 1 13:28 rw/
>>
>> ll /var/nagios/rw/nagios.cmd
>> prw-rw---- 1 nagios apache 0 Aug 1 13:28
>> /var/nagios/rw/nagios.cmd|
>>
>> The apache process is run by the apache user, a member of
>> the apache group, so has full perms to the directory and
>> the pipe file nagios.cmd. Nagios is run by nagios who is
>> also a member of the apache group.
>>
>> This all looks as it should be according to the docs as
>> far as I can see.
>>
>> What am I missing?
>>
>>
>> Hari
>>
>>
>> I think quite a lot of people have trouble with this but
>> a lot give up or are satisfied that the main bit is
>> working and don't bother with this...
>>
>> does anybody have this working and if so could you post
>> your configs so I can see anything you have different to me?
>>
>> are external commands generally broken or is there
>> something missing in the docs/our configs/our brains?
>>
>> I'm using Version 1.4.1
>>
>> Hari
>>
>> ************************************************************************
>> This email and any files transmitted with it are confidential
>> and intended solely for the use of the individual or entity
>> to whom they are addressed. Any unauthorised distribution or
>> copying is strictly prohibited. Whilst Kognitio Limited takes
>> steps to prevent the transmission of viruses via e-mail, we
>> can not guarantee that any email or attachment is free from
>> computer viruses and you are strongly advised to undertake
>> your own anti-virus precautions. Kognitio grants no
>> warranties regarding performance, use or quality of any
>> e-mail or attachment and undertakes no liability for loss or
>> damage, howsoever caused.
>> ***********************************************************************
>>
>>
>>
>> -------------------------------------------------------------------------
>>
>>
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the
>> chance to share your
>> opinions on IT & business topics through brief surveys -- and
>> earn cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>> <http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV>
>>
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> <mailto:Nagios-users at lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> <https://lists.sourceforge.net/lists/listinfo/nagios-users>
>> ::: Please include Nagios version, plugin version (-v) and OS
>> when reporting any issue.
>> ::: Messages without supporting info will risk being sent to
>> /dev/null
>>
>>
>>
>>
>> --
>> - Justin
>>
>>
>>
>>
>> --
>> - Justin
>>
>>
>>
>>
>> --
>> - Justin
>>
>
> I'm still scratching my head on this, I can go to the scheduling queue
> and disable checks, the command is processed and applied successfully.
> However I still cannot enter a host/service comment or schedule
> downtime without getting the not authorized, return from whence you
> came message...
>
> I am logged in as nagiosadmin, here is my .htacccess file which is in
> both my nagios/share and nagios/sbin directories:
>
> AuthName "Nagios Access"
> AuthType Basic
> AuthUserFile /etc/nagios/htpasswd.users
> AuthGroupFile /etc/nagios/htpasswd.group
> require group nagios
>
>
> /etc/htaccess.users:
>
> nagiosadmin: sOmeHaSh1234...
>
>
> /etc/htaccess.group
>
> nagios: nagiosadmin
>
>
>
> I have repeatedly gone over the docs so this should work, I'm at a
> complete loss by this point.
>
>
> -h
>
something else that might be of use is the nagios section of my apache
configuration:
ScriptAlias /nagios/cgi-bin/ /usr/nagios/sbin/
<Directory "/usr/nagios/sbin/">
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from 192.168.1.0/24
</Directory>
Alias /nagios /usr/nagios/share/
<Directory "/usr/nagios/share">
AllowOverride AuthConfig
Order allow,deny
Allow from 192.168.1.0/24
</Directory>
(My Nagios installation is at /usr/nagios)
HTH
-h
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20060809/afcf6d68/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list