Solved

Help with Nagios / Apache config issue - no access to /nagios/ - 303 Errors

Posted on 2010-11-17
12
1,228 Views
Last Modified: 2012-05-10
Got a new setup with Nagios Core 3.2.3 on CentOS 5.5. compiled by hand, I've set this up before, and got the web interface login to work, but am stumbling on this setup.

/usr/local/nagios/libexec/check_http -H localhost
HTTP OK: HTTP/1.1 200 OK - 265 bytes in 0.005 second response time |time=0.005384s;;;0.000000 size=265B;;;0

$ /usr/local/nagios/libexec/check_http -H localhost u /nagios/ -a admin:******
HTTP OK: HTTP/1.0 302 Found - 171 bytes in 0.045 second response time |time=0.044820s;;;0.000000 size=171B;;;0

Open in new window


if I go:

lynx http://localhost/nagios/

Open in new window


I can login with the credentials, but then I immediately get this:

HTTP/1.1 403 Forbidden

You don't have permission to access /nagios/ on this server.


Permissions on relevant directories look good

ls -la /usr/local/nagios
total 72
drwxrwxr-x  9 nagios nagios 4096 Nov 17 02:33 .
drwxr-xr-x 13 root   root   4096 Nov 17 02:17 ..
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 bin
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:27 etc
drwxr-xr-x  2 root   root   4096 Nov 17 02:33 include
drwxrwxr-x  2 nagios nagios 4096 Nov 17 04:33 libexec
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 sbin
drwxrwxr-x 10 nagios nagios 4096 Nov 17 02:34 share
drwxrwxr-x  5 nagios nagios 4096 Nov 17 12:33 var

[nagios@$ ls -la /usr/local/nagios/share
total 124
drwxrwxr-x 10 nagios nagios 4096 Nov 17 02:34 .
drwxrwxr-x  9 nagios nagios 4096 Nov 17 02:33 ..
-rw-rw-r--  1 nagios nagios  576 Nov 17 02:17 config.inc.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 contexthelp
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:18 docs
drwxrwxr-x  3 nagios nagios 4096 Nov 17 02:18 images
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:18 includes
-rw-rw-r--  1 nagios nagios 1440 Nov 17 02:17 index.php
drwxr-xr-x  4 root   root   4096 Nov 17 02:34 locale
-rw-rw-r--  1 nagios nagios 3440 Nov 17 02:17 main.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 media
-rw-rw-r--  1 nagios nagios   26 Nov 17 02:17 robots.txt
-rw-rw-r--  1 nagios nagios 5714 Nov 17 02:17 side.php
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 ssi
drwxrwxr-x  2 nagios nagios 4096 Nov 17 02:17 stylesheets

[nagios@]$ ls -la /usr/local/nagios/bin
total 676
drwxrwxr-x 2 nagios nagios   4096 Nov 17 02:17 .
drwxrwxr-x 9 nagios nagios   4096 Nov 17 02:33 ..
-rwxrwxr-- 1 nagios nagios 616496 Nov 17 02:17 nagios
-rwxrwxr-- 1 nagios nagios  41680 Nov 17 02:17 nagiostats

[nagios@]$ ls -la /usr/local/nagios/etc
total 104
drwxrwxr-x 3 nagios nagios  4096 Nov 17 02:27 .
drwxrwxr-x 9 nagios nagios  4096 Nov 17 02:33 ..
-rw-rw-r-- 1 nagios nagios 11408 Nov 17 02:26 cgi.cfg
-rw-r--r-- 1 root   root      20 Nov 17 02:27 htpasswd.users
-rw-rw-r-- 1 nagios nagios 43774 Nov 17 02:26 nagios.cfg
drwxrwxr-x 2 nagios nagios  4096 Nov 17 02:26 objects
-rw-rw---- 1 nagios nagios  1340 Nov 17 02:26 resource.cfg

[nagios@]$ ls -la /usr/local/nagios/var
total 108
drwxrwxr-x 5 nagios nagios  4096 Nov 17 12:33 .
drwxrwxr-x 9 nagios nagios  4096 Nov 17 02:33 ..
drwxrwxr-x 2 nagios nagios  4096 Nov 17 02:18 archives
-rw-r--r-- 1 nagios nagios     5 Nov 17 03:50 nagios.lock
-rw-rw-r-- 1 nagios nagios  2120 Nov 17 11:50 nagios.log
-rw-r--r-- 1 nagios nagios 12937 Nov 17 03:50 objects.cache
-rw------- 1 nagios nagios 13594 Nov 17 11:50 retention.dat
drwxrwsr-x 2 nagios nagcmd  4096 Nov 17 03:50 rw
drwxrwxr-x 3 nagios nagios  4096 Nov 17 02:18 spool
-rw-rw-r-- 1 nagios nagios 13951 Nov 17 12:33 status.dat

Open in new window


/usr/local/nagios/libexec/check_http -H localhost u /nagios/cgi-bin/tac.cgi -a admin:*******
HTTP OK: HTTP/1.0 302 Found - 171 bytes in 0.036 second response time |time=0.036186s;;;0.000000 size=171B;;;0

Open in new window


some config that I must've missed perhaps?

0
Comment
Question by:kapshure
  • 7
  • 3
  • 2
12 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34161554
It might be httpd.conf issue.


Open that file, find those lines arround # DocumentRoot or virtual host path that written

                Deny from all
            Order deny, allow

And change them to

            Allow from all
            Order allow,deny

You might want to add something like this Options Indexes FollowSymLinks

            Options Indexes FollowSymLinks
            Allow from all
            Order allow,deny

Then restart your apache service
0
 

Author Comment

by:kapshure
ID: 34161590
i've got this:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/var/www/html">
Options Indexes FollowSymLinks
Order allow,deny
    Allow from all
    
</Directory>

Open in new window


looks pretty similar to what you've listed. so i shouldnt have to restart httpd

I dont have any virtual hosts enabled
0
 

Author Comment

by:kapshure
ID: 34161665
127.0.0.1 - - [17/Nov/2010:12:50:14 -0800] "GET / HTTP/1.0" 200 - "-" "check_http/v1.4.15 (nagios-plugins 1.4.15)"
127.0.0.1 - - [17/Nov/2010:12:55:14 -0800] "GET / HTTP/1.0" 200 - "-" "check_http/v1.4.15 (nagios-plugins 1.4.15)"

Open in new window



access_log
127.0.0.1 - admin [17/Nov/2010:12:31:15 -0800] "GET /nagios/ HTTP/1.0" 403 283 "-" "Lynx/2.8.5rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8e-fips-rhel5"

Open in new window


error_log
[Wed Nov 17 12:30:55 2010] [error] [client 127.0.0.1] Directory index forbidden by Options directive: /usr/local/nagios/share/

Open in new window


trying to diagnose this last error now.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 13

Accepted Solution

by:
dsmile earned 250 total points
ID: 34161910
Have you set DirectoryIndex to something like this?

<IfModule dir_module>
    DirectoryIndex index.htm index.html index.html.var index.php index.php5
</IfModule>
0
 

Author Comment

by:kapshure
ID: 34162034
@dsmile well dang! that did it,... at least for /nagios/ access.. im able to login, butit doesnt show anything for localhost (seems like it should, since i've compiled the plugins). but when I try to go to /nagios/cgi-bin/
I get a 403 Access Forbidden to /nagios/cgi-bin/

i see a scriptAlias for cgi-bin in httpd.conf, but I dont see any other similar DirectoryIndex for it? I've been working on this for hours now, and am most likely headed to bed. thanks for your help

0
 
LVL 13

Expert Comment

by:dsmile
ID: 34162043
DirectoryIndex is meant for any directories.

I don't think /nagios/cgi-bin/ is supposed to be seen from browser (http access)
0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 34164313
nagios has its own nagios.conf under /etc/httpd/conf.d  so make sure the entries are set as below and make sure you htpasswd file is pointed to right locaiton. In my case I have htpasswd in /etc/nagios/, make sure ScriptAlias is set to correct location and nagios user has permissions over it. make sure htpasswd file permissions are set to 644.
[~]# cat /etc/httpd/conf.d/nagios.conf 
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
# Last Modified: 11-26-2005
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"

<Directory "/usr/lib/nagios/cgi">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/share/nagios"

<Directory "/usr/share/nagios">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /etc/nagios/htpasswd.users
   Require valid-user
</Directory>

Open in new window

0
 
LVL 14

Expert Comment

by:Deepak Kosaraju
ID: 34164322
Finally when the above validations are made and fixed the necessary config reload httpd service.
0
 

Author Comment

by:kapshure
ID: 34166375
@kosarajudeepak

my directives look the same for nagios.conf, but the paths for ScriptAlias and Alias are different:


ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>

Open in new window

0
 

Author Comment

by:kapshure
ID: 34166424
if I click on Hosts, Services, or Host Groups - I get this error.

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.
0
 

Author Comment

by:kapshure
ID: 34169691
figured this out. I didn't use "nagiosadmin" when i did htpasswd on the htpasswd.users file. I used "admin" instead.

Then I had to go into the nagios.cfg file and change the entries to match "admin" and then it worked
0
 

Author Comment

by:kapshure
ID: 34169695
sorry, not nagios.cfg, I meant, cgi.cfg
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux boot cd to do hardware report on PC? 3 50
Help with a subnetting question 7 58
BGP prefix and routing 3 58
Trying to install php56 on CentOS 7 get GPG error 5 27
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question