A number of problems


#1

Compiled on Linux RHES30
Version Nagios 2.0b2

I’m having a number of issues with Nagios after install
The web page looks great, except for a few issues:

  1. statusmap.cgi was not included. Nowhere to be found.
  2. One of my hosts (out of four I’m testing with) is showing as ‘down’ even though it is plainly up.
  3. The check_disk gives errors (for an AIX host):
    check_disk: Warning threshold must be integer or percentage!
  4. All of the ‘host commands’ under the hostname on the website tell me that they won’t function unless I enable ‘use_authentication’
  5. when I enable ‘use_authentication’ I am not able to authenticate.

If you require a copy/paste of my configs please let me know. This is driving me insane. :cry:


#2

For the authentication side of things, have you followed the instructions here nagios.sourceforge.net/docs/2_0/cgiauth.html


#3

Yes, indeed I have.

The only thing I can’t seem to find is cmd.cgi - I don’t have one.

Neither a “make fullinstall” (nor) “make install-commandmode” seems to get that one file for me.
A copy/paste of someone’s cmd.cgi would solve that. :shock:


#4

the statusmap.cgi file wont be included unless the ./configure command that you initialy run in your source code directory finds that you have the right binaries installed. Check out the FAQ at the nagios home page (www.nagios.org/faq/ i think) - theres somthing about it there.


#5

What about this error whenever I try to change something via the web interface? I’ve READ ALL the documentation. But whenever I enable authentication in cgi.cfg I lose all access to everything. When I disable it, I get this error:

Sorry Dave, I can’t let you do that…

It seems that you have chosen to not use the authentication functionality of the CGIs.

I don’t want to be personally responsible for what may happen as a result of allowing unauthorized users to issue commands to Nagios,so you’ll have to disable this safeguard if you are really stubborn and want to invite trouble.

Read the section on … (BLAH BLAH BLAH) :idea:


#6

Read the section "Set Proper Permissions On The External Command File " in nagios/docs/security.html
The section nagios/docs/commandfile.html
explains how to setup the var/rw permission’s for external comand.

But your problem sounds a bit like a compile issue. If cmd.cgi is not created, then your compile wasn’t correct. Try again and pay closer attention to the stuff that says “no”.
example: gdlib installed: no
stuff like that.


#7

I viewed those instructions for setting proper permissions on the /usr/local/nagios/var/rw command file.
Nothing has changed. When I enable authorization (=1) I see even less than I did before. My authorization settings completely prevent me from viewing everything. I get that ‘not authorized’ error on every single page I view (except the left frame, of course).

As for the cmd.cgi I’ll try a recompile.


#8

Sounds easy enough. Let’s see if this works.
Now that you have authenticated, give yourself the authority to view those pages.
authorized_for_system_information=nagiosadmin,theboss
authorized_for_system_commands=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_all_hosts=nagiosadmin,theboss
authorized_for_all_host_commands=nagiosadmin
authorized_for_all_services=nagiosadmin,theboss
authorized_for_all_service_commands=nagiosadmin

Of course, you would need to authenticate as “nagiosadmin”, or else change the above to suit your login.
nagios.sourceforge.net/docs/2_0/configcgi.html


#9

Man, that was a copy/paste right out of the instructions.
It appears as though we are all under the impression that I have not read the manual.

Believe me, it is not working. It is broken. I’ll post the solution when I find it.


#10

OK, sorry, I was just triing to help. since you stated that “you don’t have the authority” errors, i thought perhaps you didn’t define you as an “authorized person”. but if you would reather work it out alone, great. I was just triing to help. If you find that you would like more help, then paster your cgi.cfg entries here and state who you are logging in as.


#11

I was already aggrevated. Sorry. My apologies.

Here is my cgi.cfg - I’m using the ‘nagios’ login

main_config_file=/usr/local/nagios/etc/nagios.cfg
nagios_check_command=/usr/local/nagios/libexec/check_nagios /usr/local/nagios/var/status.log 5 '/usr/local/nagios/bin/nagios
physical_html_path=/usr/local/nagios/share
url_html_path=/nagios
show_context_help=1

use_authentication=0
authorized_for_configuration_information=tsteele,nagios
authorized_for_system_information=tsteele,nagios
authorized_for_all_hosts=tsteele,nagios
authorized_for_all_services=tsteele,nagios
authorized_for_system_commands=tsteele,nagios
authorized_for_all_host_commands=tsteele,nagios
authorized_for_all_service_commands=tsteele,nagios

default_statusmap_layout=3
default_statuswrl_layout=4
ping_syntax=/usr/local/nagios/libexec/check_ping $HOSTADDRESS$
refresh_rate=30


#12

“When I enable authorization (=1) I see even less than I did before. My authorization settings completely prevent me from viewing everything. I get that ‘not authorized’ error on every single page I view”

Since you report that you are “not authorized”, let’s work on that then ok?
use_authentication=0 of course should be =1
Since tsteele is setup in the cgi.cfg to be able to do everything, login as him. When you login, do you get an error that you can’t login, like bad password, etc. Assuming you have logged in, and apache doesn’t complain, then that should mean that yo have done htpasswd -c /usr/local/nagios/etc/htpasswd.users correctly, and there is a tsteele in the .users file.
Now that you have shown yourself that you can successfully login, there should be nothing that you can’t view or execute. please paste the exact error you get, instead of “not authorized” if you don’t find your problem by then. From what others have stated, they had problems by using some other application to secure there website, such as selinux. If that is the case, then it has nothing to do with nagios, and it’s this other app, that is causing you grief.
Since you report that you are using Redhat, then fixing selinux was how they fixed there problem, and just might be yours also. do a search for selinux in this forum, and you might find the exact solution.


#13

Make sure you only have one instance of the webserver installed on your bo:evil:solaris 9 installs a copy of apache in /usr/apache whether you asked it to or not) . In the web server config file httpd.conf make sure you have added the lines in order. turn off the use authentication, check to see in the upper right corner what your login name is. if there isnt one then you are not authenticating.
When accessing the Plugins you should be prompted for a user name. if you have not made it to this step then the httpd.conf file is incorrect in some fashion or you dont have .htaccess in the sbin directory, If you are using something other than apache then you need to confgure an authorization method for that directory If nagios doesnt see a name then it cant authenticate.
a good indication you are authenticated, is if you see a name in the upper right corner of the tactical overview CGI,
if the “?” is there then you are not passing a name to Nagios.


#14

apache authentication is not the problem.


#15

[quote=“jakkedup”]“When I enable authorization (=1) I see even less than I did before. My authorization settings completely prevent me from viewing everything. I get that ‘not authorized’ error on every single page I view”

Since you report that you are “not authorized”, let’s work on that then ok?
use_authentication=0 of course should be =1
Since tsteele is setup in the cgi.cfg to be able to do everything, login as him. When you login, do you get an error that you can’t login, like bad password, etc. Assuming you have logged in, and apache doesn’t complain, then that should mean that yo have done htpasswd -c /usr/local/nagios/etc/htpasswd.users correctly, and there is a tsteele in the .users file.
Now that you have shown yourself that you can successfully login, there should be nothing that you can’t view or execute. please paste the exact error you get, instead of “not authorized” if you don’t find your problem by then. From what others have stated, they had problems by using some other application to secure there website, such as selinux. If that is the case, then it has nothing to do with nagios, and it’s this other app, that is causing you grief.
Since you report that you are using Redhat, then fixing selinux was how they fixed there problem, and just might be yours also. do a search for selinux in this forum, and you might find the exact solution.
[/quote]


#16

I feel your pain: I’m having the exact same problem using Apache2 with a compiled version of Nagios 2.0b3 on Ubuntu. With authentication off every cgi works, with it on I get the following message:

It appears as though you do not have permission to view information for any of the hosts you requested...

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.

I get a similar message for each cgi I try to access.

If I check my apache2 log:

###.###.###.## - nagiosadmin [25/Apr/2005:01:46:09 -0400] "GET /nagios/cgi-bin/status.cgi?host=all HTTP/1.1" 200 7191 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" ###.###.###.## - - [25/Apr/2005:01:46:09 -0400] "GET /nagios/stylesheets/common.css HTTP/1.1" 200 - "http://128.153.144.74/nagios/cgi-bin/status.cgi?host=all" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" ###.###.###.## - - [25/Apr/2005:01:46:09 -0400] "GET /nagios/stylesheets/status.css HTTP/1.1" 200 8070 "http://128.153.144.74/nagios/cgi-bin/status.cgi?host=all" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" ###.###.###.## - - [25/Apr/2005:01:46:09 -0400] "GET /nagios/images/up.gif HTTP/1.1" 200 848 "http://128.153.144.74/nagios/cgi-bin/status.cgi?host=all" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" ###.###.###.## - - [25/Apr/2005:01:46:09 -0400] "GET /nagios/images/down.gif HTTP/1.1" 200 846 "http://128.153.144.74/nagios/cgi-bin/status.cgi?host=all" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0" ###.###.###.## - nagiosadmin [25/Apr/2005:01:47:19 -0400] "GET /nagios/cgi-bin/status.cgi?hostgroup=all&style=hostdetail HTTP/1.1" 200 6979 "http://128.153.144.74/nagios/side.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
I can see that it has me authenticated correctly, and the "current network status" box on the nagios display also shows I am logged in.

The only way it works for me is if I add “nagiosadmin” to all the “authorized_for” fields in cgi.cfg.

I haven’t found a solution yet either…


#17

You can allow access to a user, if they are a contact for a hostgroup.