Search code examples
nagios

Nagios: creating custom menu for an authenticated user

Is there any 'easy' way to create customized web gui (for example, menu, default home page etc.) for a Nagios authenticated user? I have created a user for a customer, who has access to certain hostgroups only. But after logging in, the user can obviously see the default menu, which is customized for internal use. How can I prevent this?

Solution

  • After some research, I have found a work-around for my case. The solution lies in the fact, that by default Nagios uses a single password file (for http auth) for two different directiories:

    • $NAGIOS_HOME/sbin (where the cgi files are stored) and
    • $NAGIOS_HOME/share (HTML and PHP files are stored)

    This means, anyone authenticating as a user gets access to both the folders and subfolders automatically. This can be prevented by using seperate password file for the folders above.

    Here is a snippet from a custom nagios.conf file with two different password files:

     ## BEGIN APACHE CONFIG SNIPPET - NAGIOS.CONF

 ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
 <Directory "/usr/local/nagios/sbin">
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Digest
    AuthName "Nagios Access"
    AuthDigestFile /usr/local/nagios/etc/.digest_pw1>        
    Require valid-user
 </Directory>

 Alias /nagios "/usr/local/nagios/share"

 <Directory "/usr/local/nagios/share">    
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Digest
    AuthName "Nagios Access"
    AuthDigestFile /usr/local/nagios/etc/.digest_pw2
    Require valid-user
 </Directory>

## END APACHE CONFIG SNIPPETS

    Now for example, lets make a custom directory for customer1 under /var/www/html/customer1 and copy all the html and php files from Nagios ../share directory there and customize them and add an alias in Apache.

    Alias /customer1 "/var/www/html/customer1"

 <Directory "/var/www/html/customer1">    
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthType Digest
    AuthName "Nagios Access"
    AuthDigestFile /usr/local/nagios/etc/.digest_pw3
    Require user customer1
 </Directory>

    Now one can add the same user/password for customer1 at password files 1 and 3 so that they can have access to the custom web gui and to the cgi scripts. Of course beforehand one must set appropriate contact groups in Nagios so that after authentication the customer sees only the groups he/she is a contact for. The default Nagios share directory is secured with the nagios-admin (or whatever) user/password which resides in password files 2 and of course in 1.