Configure the Nagios Web Server

In order to use the webserver of Nagios, some configuration has to be done. The webserver is designed to use the Apache webserver, on SLES it's Apache version 2. By default, access to the webserver is only allowed from localhost. The configuration file is /etc/apache2/conf.d/nagios.conf:

ScriptAlias /nagios/cgi-bin/ /usr/lib/nagios/cgi/ <Directory /usr/lib/nagios/cgi/> Options ExecCGI order deny,allow deny from all allow from 127.0.0.1 </Directory>

Alias /nagios/ /usr/share/nagios/ <Directory /usr/share/nagios/> Options None order deny,allow deny from all allow from 127.0.0.1 </Directory>

In order to facilitate access to the CGI scripts (see below) it is advisable to require user authentication when accessing the Nagios webserver. If security reasons require to limit access to the webserver to special IP addresses, this can be defined as well.

The easiest way to configure user authentication is done modifying /etc/apache2/conf.d/nagios.conf in this way:

ScriptAlias /nagios/cgi-bin/ /usr/lib/nagios/cgi/ <Directory /usr/lib/nagios/cgi/> AllowOverride AuthConfig Options ExecCGI order deny,allow allow from all </Directory>

Alias /nagios/ /usr/share/nagios/ <Directory /usr/share/nagios/> AllowOverride AuthConfig Options None order deny,allow allow from all </Directory>

The line AllowOverride AuthConfig allows to use a file .htaccess in the directoy which should be protected. The contents of this file could look like this:

AuthName "Nagios Access" AuthType Basic

AuthUserFile /etc/apache2/nagios require valid-user

Only valid users which are defined in the file /etc/apache2/nagios are allowed to connect to the Nagios webserver. You create this file with the command htpasswd2:

da2:~# htpasswd2 -c /etc/apache2/nagios nagiosadmin New password: Re-type new password:

Adding password for user nagiosadmin

Adding more users to the file is done using htpasswd2 without the option -c.

The directory /usr/lib/nagios/cgi/ contains a collection of CGI scripts which are used to access the Nagios webserver and to display the status of the services and hosts monitored by Nagios. By default, access to these CGI scripts is denied for everybody. You have to allow access to the scripts by modifying the file /etc/nagios/cgi.cfg.

If you use the username nagiosadmin for connecting to the webserver, there is not much to modify in order to allow accessing the CGI scripts.

By default, user authentication is required to access the CGI scripts:

use authentication^

All configuration lines defining authorized usernames start with authorized_for_ . An example is

#authorized_for_system_information=nagiosadmin,theboss,jdoe

To activate the statement, just remove the comment character (#) in the first column and modify the list of allowed usernames. This list is a comma separated list of usernames. By default, they all include the username nagiosadmin.

Was this article helpful?

0 0

Post a comment