Solved

Help with Nagios / Apache config issue - no access to /nagios/ - 303 Errors

Posted on 2010-11-17
12
1,236 Views
Last Modified: 2012-05-10
Got a new setup with Nagios Core 3.2.3 on CentOS 5.5. compiled by hand, I've set this up before, and got the web interface login to work, but am stumbling on this setup.

/usr/local/nagios/libexec/check_http -H localhost
HTTP OK: HTTP/1.1 200 OK - 265 bytes in 0.005 second response time |time=0.005384s;;;0.000000 size=265B;;;0

$ /usr/local/nagios/libexec/check_http -H localhost u /nagios/ -a admin:******
HTTP OK: HTTP/1.0 302 Found - 171 bytes in 0.045 second response time |time=0.044820s;;;0.000000 size=171B;;;0

Open in new window


if I go:

lynx http://localhost/nagios/

Open in new window


I can login with the credentials, but then I immediately get this:

HTTP/1.1 403 Forbidden

You don't have permission to access /nagios/ on this server.


Permissions on relevant directories look good

ls -la /usr/local/nagios
total 72
drwxrwxr-x  9 nagios nagios 4096 Nov 17 02:33 .
drwxr-xr-x 13 root   root   4096 Nov 17 02:17 ..
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 bin
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:27 etc
drwxr-xr-x  2 root   root   4096 Nov 17 02:33 include
drwxrwxr-x  2 nagios nagios 4096 Nov 17 04:33 libexec
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 sbin
drwxrwxr-x 10 nagios nagios 4096 Nov 17 02:34 share
drwxrwxr-x  5 nagios nagios 4096 Nov 17 12:33 var

[nagios@$ ls -la /usr/local/nagios/share
total 124
drwxrwxr-x 10 nagios nagios 4096 Nov 17 02:34 .
drwxrwxr-x  9 nagios nagios 4096 Nov 17 02:33 ..
-rw-rw-r--  1 nagios nagios  576 Nov 17 02:17 config.inc.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 contexthelp
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:18 docs
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:18 images
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:18 includes
-rw-rw-r--  1 nagios nagios 1440 Nov 17 02:17 index.php
drwxr-xr-x  4 root   root   4096 Nov 17 02:34 locale
-rw-rw-r--  1 nagios nagios 3440 Nov 17 02:17 main.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 media
-rw-rw-r--  1 nagios nagios   26 Nov 17 02:17 robots.txt
-rw-rw-r--  1 nagios nagios 5714 Nov 17 02:17 side.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 ssi
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 stylesheets

[nagios@]$ ls -la /usr/local/nagios/bin
total 676
drwxrwxr-x 2 nagios nagios   4096 Nov 17 02:17 .
drwxrwxr-x 9 nagios nagios   4096 Nov 17 02:33 ..
-rwxrwxr-- 1 nagios nagios 616496 Nov 17 02:17 nagios
-rwxrwxr-- 1 nagios nagios  41680 Nov 17 02:17 nagiostats

[nagios@]$ ls -la /usr/local/nagios/etc
total 104
drwxrwxr-x 3 nagios nagios  4096 Nov 17 02:27 .
drwxrwxr-x 9 nagios nagios  4096 Nov 17 02:33 ..
-rw-rw-r-- 1 nagios nagios 11408 Nov 17 02:26 cgi.cfg
-rw-r--r-- 1 root   root      20 Nov 17 02:27 htpasswd.users
-rw-rw-r-- 1 nagios nagios 43774 Nov 17 02:26 nagios.cfg
drwxrwxr-x 2 nagios nagios  4096 Nov 17 02:26 objects
-rw-rw---- 1 nagios nagios  1340 Nov 17 02:26 resource.cfg

[nagios@]$ ls -la /usr/local/nagios/var
total 108
drwxrwxr-x 5 nagios nagios  4096 Nov 17 12:33 .
drwxrwxr-x 9 nagios nagios  4096 Nov 17 02:33 ..
drwxrwxr-x 2 nagios nagios  4096 Nov 17 02:18 archives
-rw-r--r-- 1 nagios nagios     5 Nov 17 03:50 nagios.lock
-rw-rw-r-- 1 nagios nagios  2120 Nov 17 11:50 nagios.log
-rw-r--r-- 1 nagios nagios 12937 Nov 17 03:50 objects.cache
-rw------- 1 nagios nagios 13594 Nov 17 11:50 retention.dat
drwxrwsr-x 2 nagios nagcmd  4096 Nov 17 03:50 rw
drwxrwxr-x 3 nagios nagios  4096 Nov 17 02:18 spool
-rw-rw-r-- 1 nagios nagios 13951 Nov 17 12:33 status.dat

Open in new window


/usr/local/nagios/libexec/check_http -H localhost u /nagios/cgi-bin/tac.cgi -a admin:*******
HTTP OK: HTTP/1.0 302 Found - 171 bytes in 0.036 second response time |time=0.036186s;;;0.000000 size=171B;;;0

Open in new window


some config that I must've missed perhaps?

0
Comment
Question by:kapshure
  • 7
  • 3
  • 2
12 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34161554
It might be httpd.conf issue.


Open that file, find those lines arround # DocumentRoot or virtual host path that written

                Deny from all
            Order deny, allow

And change them to

            Allow from all
            Order allow,deny

You might want to add something like this Options Indexes FollowSymLinks

            Options Indexes FollowSymLinks
            Allow from all
            Order allow,deny

Then restart your apache service
0
 

Author Comment

by:kapshure
ID: 34161590
i've got this:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/var/www/html">
Options Indexes FollowSymLinks
Order allow,deny
    Allow from all
    
</Directory>

Open in new window


looks pretty similar to what you've listed. so i shouldnt have to restart httpd

I dont have any virtual hosts enabled
0
 

Author Comment

by:kapshure
ID: 34161665
127.0.0.1 - - [17/Nov/2010:12:50:14 -0800] "GET / HTTP/1.0" 200 - "-" "check_http/v1.4.15 (nagios-plugins 1.4.15)"
127.0.0.1 - - [17/Nov/2010:12:55:14 -0800] "GET / HTTP/1.0" 200 - "-" "check_http/v1.4.15 (nagios-plugins 1.4.15)"

Open in new window



access_log
127.0.0.1 - admin [17/Nov/2010:12:31:15 -0800] "GET /nagios/ HTTP/1.0" 403 283 "-" "Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8e-fips-rhel5"

Open in new window


error_log
[Wed Nov 17 12:30:55 2010] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /usr/local/nagios/share/

Open in new window


trying to diagnose this last error now.
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 13

Accepted Solution

by:
dsmile earned 250 total points
ID: 34161910
Have you set DirectoryIndex to something like this?

<IfModule dir_module>
    DirectoryIndex index.htm index.html index.html.var index.php index.php5
</IfModule>
0
 

Author Comment

by:kapshure
ID: 34162034
@dsmile well dang! that did it,... at least for /nagios/ access.. im able to login, butit doesnt show anything for localhost (seems like it should, since i've compiled the plugins). but when I try to go to /nagios/cgi-bin/
I get a 403 Access Forbidden to /nagios/cgi-bin/

i see a scriptAlias for cgi-bin in httpd.conf, but I dont see any other similar DirectoryIndex for it? I've been working on this for hours now, and am most likely headed to bed. thanks for your help

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34162043
DirectoryIndex is meant for any directories.

I don't think /nagios/cgi-bin/ is supposed to be seen from browser (http access)
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 34164313
nagios has its own nagios.conf under /etc/httpd/conf.d  so make sure the entries are set as below and make sure you htpasswd file is pointed to right locaiton. In my case I have htpasswd in /etc/nagios/, make sure ScriptAlias is set to correct location and nagios user has permissions over it. make sure htpasswd file permissions are set to 644.
[~]# cat /etc/httpd/conf.d/nagios.conf 
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"

<Directory "/usr/lib/nagios/cgi">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/share/nagios"

<Directory "/usr/share/nagios">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/htpasswd.users
   Require valid-user
</Directory>

Open in new window

0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 34164322
Finally when the above validations are made and fixed the necessary config reload httpd service.
0
 

Author Comment

by:kapshure
ID: 34166375
@kosarajudeepak

my directives look the same for nagios.conf, but the paths for ScriptAlias and Alias are different:


ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Open in new window

0
 

Author Comment

by:kapshure
ID: 34166424
if I click on Hosts, Services, or Host Groups - I get this error.

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.
0
 

Author Comment

by:kapshure
ID: 34169691
figured this out. I didn't use "nagiosadmin" when i did htpasswd on the htpasswd.users file. I used "admin" instead.

Then I had to go into the nagios.cfg file and change the entries to match "admin" and then it worked
0
 

Author Comment

by:kapshure
ID: 34169695
sorry, not nagios.cfg, I meant, cgi.cfg
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question