Nagios Read Only User
By default your Nagios user will have full access to the web interface. This mean, he/she can do just about anything like stopping checks etc.
Here’s a quick guide on how to enable read only user access for your nagios web interface.
-
Nagios 3 (may work for 2, please try, if it works, pls post a comment)
-
Apache2
-
Debian 3
-
Authentication on Nagios is enabled
You would need first to get hold of your htpasswd file for Nagios access. Normally found in /usr/local/nagios/etc. You then need to generate or use this page http://www.htaccesstools.com/htpasswd-generator/ to generate a readonly user, for this guide, we will use the username rouser and password rouser. The website generate the following line which i will insert into a new line in the htpasswd file;
rouser:$apr1$IHDhm/..$00whe0rH/Fn.c3YisUNV0/
Now, you can test access with that user already on your Nagios web screen. You will notice, it doesn’t have any access to anywhere except for the static images/html in there.
Now, simply edit your nagios cgi file normally found in /usr/local/nagios/etc. Look for the directive
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
And add next to it using a comma, the user which you just created like below:
authorized_for_all_services=nagiosadmin,rouser
authorized_for_all_hosts=nagiosadmin,rouser
Now, sign in again (shutdown your browser) with user rouser and password rouser. You now can see everything but cannot access commands therfore making it read-only.
Now, if you want to make access specific for certain hosts only, then you need to match the user you create with the contacts definition files. So, user rouser can be rouser-switches for instance and now he/she see read only for switches.
Try it out and let us know the outcome.
Tags: Nagios, Read Only Users