Home
Products
Red Hat Gluster Storage
3.4
Administration Guide
17.5. Nagios Advanced Configuration

17.5. Nagios Advanced Configuration

17.5.1. Creating Nagios User

To create a new Nagios user and set permissions for that user, follow the steps given below:

Login as root user.
Run the command given below with the new user name and type the password when prompted.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
htpasswd /etc/nagios/passwd newUserName
```
```
# htpasswd /etc/nagios/passwd newUserName
```

Add permissions for the new user in /etc/nagios/cgi.cfg file as shown below: Copy to Clipboard Toggle word wrap

authorized_for_system_information=nagiosadmin,newUserName
authorized_for_configuration_information=nagiosadmin,newUserName
authorized_for_system_commands=nagiosadmin,newUserName
authorized_for_all_services=nagiosadmin,newUserName
authorized_for_all_hosts=nagiosadmin,newUserName
authorized_for_all_service_commands=nagiosadmin,newUserName
authorized_for_all_host_commands=nagiosadmin,newUserName

authorized_for_system_information=nagiosadmin,newUserName
authorized_for_configuration_information=nagiosadmin,newUserName
authorized_for_system_commands=nagiosadmin,newUserName
authorized_for_all_services=nagiosadmin,newUserName
authorized_for_all_hosts=nagiosadmin,newUserName
authorized_for_all_service_commands=nagiosadmin,newUserName
authorized_for_all_host_commands=nagiosadmin,newUserName

Note

To set read only permission for users, add authorized_for_read_only=username in the /etc/nagios/cgi.cfg file.

Start nagios and httpd services using the following commands:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
service httpd restart
service nagios restart
```
```
# service httpd restart
# service nagios restart
```
Verify Nagios access by using the following URL in your browser, and using the user name and password.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
https://NagiosServer-HostName-or-IPaddress/nagios
```
```
https://NagiosServer-HostName-or-IPaddress/nagios
```
Figure 17.14. Nagios Login

17.5.2. Changing Nagios Password

The default Nagios user name and password is nagiosadmin. This value is available in the /etc/nagios/cgi.cfg file.

Login as root user.
To change the default password for the Nagios Administrator user, run the following command with the new password:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
htpasswd -c /etc/nagios/passwd nagiosadmin
```
```
# htpasswd -c /etc/nagios/passwd nagiosadmin
```
Start nagios and httpd services using the following commands:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
service httpd restart
service nagios restart
```
```
# service httpd restart
# service nagios restart
```
Verify Nagios access by using the following URL in your browser, and using the user name and password that was set in Step 2:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
https://NagiosServer-HostName-or-IPaddress/nagios
```
```
https://NagiosServer-HostName-or-IPaddress/nagios
```
Figure 17.15. Nagios Login

17.5.3. Configuring SSL

For secure access of Nagios URL, configure SSL:

Create a 1024 bit RSA key using the following command: Copy to Clipboard Toggle word wrap

openssl genrsa -out /etc/ssl/private/{cert-file-name.key} 1024

openssl genrsa -out /etc/ssl/private/{cert-file-name.key} 1024

Create an SSL certificate for the server using the following command: Copy to Clipboard Toggle word wrap

openssl req -key nagios-ssl.key -new | openssl x509 -out nagios-ssl.crt -days 365 -signkey  nagios-ssl.key -req

openssl req -key nagios-ssl.key -new | openssl x509 -out nagios-ssl.crt -days 365 -signkey  nagios-ssl.key -req

Enter the server's host name which is used to access the Nagios Server GUI as Common Name.

Edit the /etc/httpd/conf.d/ssl.conf file and add path to SSL Certificate and key files correspondingly for SSLCertificateFile and SSLCertificateKeyFile fields as shown below:

Copy to Clipboard Toggle word wrap

 SSLCertificateFile     /etc/pki/tls/certs/nagios-ssl.crt
 SSLCertificateKeyFile  /etc/pki/tls/private/nagios-ssl.key

 SSLCertificateFile     /etc/pki/tls/certs/nagios-ssl.crt
 SSLCertificateKeyFile  /etc/pki/tls/private/nagios-ssl.key

Edit the /etc/httpd/conf/httpd.conf file and comment the port 80 listener as shown below:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
Listen 80
```
```
# Listen 80
```
In /etc/httpd/conf/httpd.conf file, ensure that the following line is not commented:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
<Directory "/var/www/html">
```
```
<Directory "/var/www/html">
```
Restart the httpd service on the nagios server using the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
service httpd restart
```
```
# service httpd restart
```

17.5.4. Integrating LDAP Authentication with Nagios

You can integrate LDAP authentication with Nagios plug-in. To integrate LDAP authentication, follow the steps given below:

In apache configuration file /etc/httpd/conf/httpd.conf, ensure that LDAP is installed and LDAP apache module is enabled.
The configurations are displayed as given below if the LDAP apache module is enabled.You can enable the LDAP apache module by deleting the # symbol.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
```
```
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
```
Edit the nagios.conf file in /etc/httpd/conf.d/nagios.conf with the corresponding values for the following:
- AuthBasicProvider
- AuthLDAPURL
- AuthLDAPBindDN
- AuthLDAPBindPassword
Edit the CGI authentication file /etc/nagios/cgi.cfg as given below with the path where Nagios is installed.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
nagiosinstallationdir = /usr/local/nagios/ or /etc/nagios/
```
```
nagiosinstallationdir = /usr/local/nagios/ or /etc/nagios/
```

Uncomment the lines shown below by deleting # and set permissions for specific users:

Note

Replace nagiosadmin and user names with * to give any LDAP user full functionality of Nagios.

Copy to Clipboard Toggle word wrap

authorized_for_system_information=user1,user2,user3

authorized_for_configuration_information=nagiosadmin,user1,user2,user3

authorized_for_system_commands=nagiosadmin,user1,user2,user3

authorized_for_all_services=nagiosadmin,user1,user2,user3

authorized_for_all_hosts=nagiosadmin,user1,user2,user3

authorized_for_all_service_commands=nagiosadmin,user1,user2,user3

authorized_for_all_host_commands=nagiosadmin,user1,user2,user3

authorized_for_system_information=user1,user2,user3

authorized_for_configuration_information=nagiosadmin,user1,user2,user3

authorized_for_system_commands=nagiosadmin,user1,user2,user3

authorized_for_all_services=nagiosadmin,user1,user2,user3

authorized_for_all_hosts=nagiosadmin,user1,user2,user3

authorized_for_all_service_commands=nagiosadmin,user1,user2,user3

authorized_for_all_host_commands=nagiosadmin,user1,user2,user3

Enable the httpd_can_connect_ldap boolean, if not enabled.

Copy to Clipboard Toggle word wrap

getsebool httpd_can_connect_ldap
setsebool httpd_can_connect_ldap on

# getsebool httpd_can_connect_ldap
# setsebool httpd_can_connect_ldap on

Restart httpd service and nagios server using the following commands:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
```
service httpd restart
service nagios restart
```
```
# service httpd restart
# service nagios restart
```

17.5. Nagios Advanced Configuration

17.5.1. Creating Nagios User

17.5.2. Changing Nagios Password

17.5.3. Configuring SSL

17.5.4. Integrating LDAP Authentication with Nagios

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

Making open source more inclusive

About Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links