Solved

Help with Nagios / Apache config issue - no access to /nagios/ - 303 Errors

Posted on 2010-11-17
12
1,200 Views
Last Modified: 2012-05-10
Got a new setup with Nagios Core 3.2.3 on CentOS 5.5. compiled by hand, I've set this up before, and got the web interface login to work, but am stumbling on this setup.

/usr/local/nagios/libexec/check_http -H localhost
HTTP OK: HTTP/1.1 200 OK - 265 bytes in 0.005 second response time |time=0.005384s;;;0.000000 size=265B;;;0

$ /usr/local/nagios/libexec/check_http -H localhost u /nagios/ -a admin:******
HTTP OK: HTTP/1.0 302 Found - 171 bytes in 0.045 second response time |time=0.044820s;;;0.000000 size=171B;;;0

Open in new window


if I go:

lynx http://localhost/nagios/

Open in new window


I can login with the credentials, but then I immediately get this:

HTTP/1.1 403 Forbidden

You don't have permission to access /nagios/ on this server.


Permissions on relevant directories look good

ls -la /usr/local/nagios
total 72
drwxrwxr-x  9 nagios nagios 4096 Nov 17 02:33 .
drwxr-xr-x 13 root   root   4096 Nov 17 02:17 ..
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 bin
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:27 etc
drwxr-xr-x  2 root   root   4096 Nov 17 02:33 include
drwxrwxr-x  2 nagios nagios 4096 Nov 17 04:33 libexec
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 sbin
drwxrwxr-x 10 nagios nagios 4096 Nov 17 02:34 share
drwxrwxr-x  5 nagios nagios 4096 Nov 17 12:33 var

[nagios@$ ls -la /usr/local/nagios/share
total 124
drwxrwxr-x 10 nagios nagios 4096 Nov 17 02:34 .
drwxrwxr-x  9 nagios nagios 4096 Nov 17 02:33 ..
-rw-rw-r--  1 nagios nagios  576 Nov 17 02:17 config.inc.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 contexthelp
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:18 docs
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:18 images
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:18 includes
-rw-rw-r--  1 nagios nagios 1440 Nov 17 02:17 index.php
drwxr-xr-x  4 root   root   4096 Nov 17 02:34 locale
-rw-rw-r--  1 nagios nagios 3440 Nov 17 02:17 main.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 media
-rw-rw-r--  1 nagios nagios   26 Nov 17 02:17 robots.txt
-rw-rw-r--  1 nagios nagios 5714 Nov 17 02:17 side.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 ssi
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 stylesheets

[nagios@]$ ls -la /usr/local/nagios/bin
total 676
drwxrwxr-x 2 nagios nagios   4096 Nov 17 02:17 .
drwxrwxr-x 9 nagios nagios   4096 Nov 17 02:33 ..
-rwxrwxr-- 1 nagios nagios 616496 Nov 17 02:17 nagios
-rwxrwxr-- 1 nagios nagios  41680 Nov 17 02:17 nagiostats

[nagios@]$ ls -la /usr/local/nagios/etc
total 104
drwxrwxr-x 3 nagios nagios  4096 Nov 17 02:27 .
drwxrwxr-x 9 nagios nagios  4096 Nov 17 02:33 ..
-rw-rw-r-- 1 nagios nagios 11408 Nov 17 02:26 cgi.cfg
-rw-r--r-- 1 root   root      20 Nov 17 02:27 htpasswd.users
-rw-rw-r-- 1 nagios nagios 43774 Nov 17 02:26 nagios.cfg
drwxrwxr-x 2 nagios nagios  4096 Nov 17 02:26 objects
-rw-rw---- 1 nagios nagios  1340 Nov 17 02:26 resource.cfg

[nagios@]$ ls -la /usr/local/nagios/var
total 108
drwxrwxr-x 5 nagios nagios  4096 Nov 17 12:33 .
drwxrwxr-x 9 nagios nagios  4096 Nov 17 02:33 ..
drwxrwxr-x 2 nagios nagios  4096 Nov 17 02:18 archives
-rw-r--r-- 1 nagios nagios     5 Nov 17 03:50 nagios.lock
-rw-rw-r-- 1 nagios nagios  2120 Nov 17 11:50 nagios.log
-rw-r--r-- 1 nagios nagios 12937 Nov 17 03:50 objects.cache
-rw------- 1 nagios nagios 13594 Nov 17 11:50 retention.dat
drwxrwsr-x 2 nagios nagcmd  4096 Nov 17 03:50 rw
drwxrwxr-x 3 nagios nagios  4096 Nov 17 02:18 spool
-rw-rw-r-- 1 nagios nagios 13951 Nov 17 12:33 status.dat

Open in new window


/usr/local/nagios/libexec/check_http -H localhost u /nagios/cgi-bin/tac.cgi -a admin:*******
HTTP OK: HTTP/1.0 302 Found - 171 bytes in 0.036 second response time |time=0.036186s;;;0.000000 size=171B;;;0

Open in new window


some config that I must've missed perhaps?

0
Comment
Question by:kapshure
  • 7
  • 3
  • 2
12 Comments
 
LVL 13

Expert Comment

by:dsmile
Comment Utility
It might be httpd.conf issue.


Open that file, find those lines arround # DocumentRoot or virtual host path that written

                Deny from all
            Order deny, allow

And change them to

            Allow from all
            Order allow,deny

You might want to add something like this Options Indexes FollowSymLinks

            Options Indexes FollowSymLinks
            Allow from all
            Order allow,deny

Then restart your apache service
0
 

Author Comment

by:kapshure
Comment Utility
i've got this:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/var/www/html">
Options Indexes FollowSymLinks
Order allow,deny
    Allow from all
    
</Directory>

Open in new window


looks pretty similar to what you've listed. so i shouldnt have to restart httpd

I dont have any virtual hosts enabled
0
 

Author Comment

by:kapshure
Comment Utility
127.0.0.1 - - [17/Nov/2010:12:50:14 -0800] "GET / HTTP/1.0" 200 - "-" "check_http/v1.4.15 (nagios-plugins 1.4.15)"
127.0.0.1 - - [17/Nov/2010:12:55:14 -0800] "GET / HTTP/1.0" 200 - "-" "check_http/v1.4.15 (nagios-plugins 1.4.15)"

Open in new window



access_log
127.0.0.1 - admin [17/Nov/2010:12:31:15 -0800] "GET /nagios/ HTTP/1.0" 403 283 "-" "Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8e-fips-rhel5"

Open in new window


error_log
[Wed Nov 17 12:30:55 2010] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /usr/local/nagios/share/

Open in new window


trying to diagnose this last error now.
0
 
LVL 13

Accepted Solution

by:
dsmile earned 250 total points
Comment Utility
Have you set DirectoryIndex to something like this?

<IfModule dir_module>
    DirectoryIndex index.htm index.html index.html.var index.php index.php5
</IfModule>
0
 

Author Comment

by:kapshure
Comment Utility
@dsmile well dang! that did it,... at least for /nagios/ access.. im able to login, butit doesnt show anything for localhost (seems like it should, since i've compiled the plugins). but when I try to go to /nagios/cgi-bin/
I get a 403 Access Forbidden to /nagios/cgi-bin/

i see a scriptAlias for cgi-bin in httpd.conf, but I dont see any other similar DirectoryIndex for it? I've been working on this for hours now, and am most likely headed to bed. thanks for your help

0
 
LVL 13

Expert Comment

by:dsmile
Comment Utility
DirectoryIndex is meant for any directories.

I don't think /nagios/cgi-bin/ is supposed to be seen from browser (http access)
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
nagios has its own nagios.conf under /etc/httpd/conf.d  so make sure the entries are set as below and make sure you htpasswd file is pointed to right locaiton. In my case I have htpasswd in /etc/nagios/, make sure ScriptAlias is set to correct location and nagios user has permissions over it. make sure htpasswd file permissions are set to 644.
[~]# cat /etc/httpd/conf.d/nagios.conf 

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER

# Last Modified: 11-26-2005

#

# This file contains examples of entries that need

# to be incorporated into your Apache web server

# configuration file.  Customize the paths, etc. as

# needed to fit your system.



ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"



<Directory "/usr/lib/nagios/cgi">

#  SSLRequireSSL

   Options ExecCGI

   AllowOverride None

   Order allow,deny

   Allow from all

#  Order deny,allow

#  Deny from all

#  Allow from 127.0.0.1

   AuthName "Nagios Access"

   AuthType Basic

   AuthUserFile /etc/nagios/htpasswd.users

   Require valid-user

</Directory>



Alias /nagios "/usr/share/nagios"



<Directory "/usr/share/nagios">

#  SSLRequireSSL

   Options None

   AllowOverride None

   Order allow,deny

   Allow from all

#  Order deny,allow

#  Deny from all

#  Allow from 127.0.0.1

   AuthName "Nagios Access"

   AuthType Basic

   AuthUserFile /etc/nagios/htpasswd.users

   Require valid-user

</Directory>

Open in new window

0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
Comment Utility
Finally when the above validations are made and fixed the necessary config reload httpd service.
0
 

Author Comment

by:kapshure
Comment Utility
@kosarajudeepak

my directives look the same for nagios.conf, but the paths for ScriptAlias and Alias are different:


ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Open in new window

0
 

Author Comment

by:kapshure
Comment Utility
if I click on Hosts, Services, or Host Groups - I get this error.

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.
0
 

Author Comment

by:kapshure
Comment Utility
figured this out. I didn't use "nagiosadmin" when i did htpasswd on the htpasswd.users file. I used "admin" instead.

Then I had to go into the nagios.cfg file and change the entries to match "admin" and then it worked
0
 

Author Comment

by:kapshure
Comment Utility
sorry, not nagios.cfg, I meant, cgi.cfg
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Let’s list some of the technologies that enable smooth teleworking. 
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now