17.5. Nagios Advanced Configuration

Login as root user.

Run the command given below with the new user name and type the password when prompted.

# htpasswd /etc/nagios/passwd newUserName

Add permissions for the new user in /etc/nagios/cgi.cfg file as shown below:

authorized_for_system_information=nagiosadmin,newUserName
authorized_for_configuration_information=nagiosadmin,newUserName
authorized_for_system_commands=nagiosadmin,newUserName
authorized_for_all_services=nagiosadmin,newUserName
authorized_for_all_hosts=nagiosadmin,newUserName
authorized_for_all_service_commands=nagiosadmin,newUserName
authorized_for_all_host_commands=nagiosadmin,newUserName

Start nagios and httpd services using the following commands:

# service httpd restart
# service nagios restart

Verify Nagios access by using the following URL in your browser, and using the user name and password.

https://NagiosServer-HostName-or-IPaddress/nagios

Create a 1024 bit RSA key using the following command:

openssl genrsa -out /etc/ssl/private/{cert-file-name.key} 1024

Create an SSL certificate for the server using the following command:

openssl req -key nagios-ssl.key -new | openssl x509 -out nagios-ssl.crt -days 365 -signkey  nagios-ssl.key -req

Enter the server's host name which is used to access the Nagios Server GUI as Common Name.

Edit the /etc/httpd/conf.d/ssl.conf file and add path to SSL Certificate and key files correspondingly for SSLCertificateFile and SSLCertificateKeyFile fields as shown below:

 SSLCertificateFile     /etc/pki/tls/certs/nagios-ssl.crt
 SSLCertificateKeyFile  /etc/pki/tls/private/nagios-ssl.key

Edit the /etc/httpd/conf/httpd.conf file and comment the port 80 listener as shown below:

# Listen 80

In /etc/httpd/conf/httpd.conf file, ensure that the following line is not commented:

<Directory "/var/www/html">

Restart the httpd service on the nagios server using the following command:

# service httpd restart

In apache configuration file /etc/httpd/conf/httpd.conf, ensure that LDAP is installed and LDAP apache module is enabled.

The configurations are displayed as given below if the LDAP apache module is enabled.You can enable the LDAP apache module by deleting the # symbol.

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Edit the nagios.conf file in /etc/httpd/conf.d/nagios.conf with the corresponding values for the following:

Edit the CGI authentication file /etc/nagios/cgi.cfg as given below with the path where Nagios is installed.

nagiosinstallationdir = /usr/local/nagios/ or /etc/nagios/

Uncomment the lines shown below by deleting # and set permissions for specific users:

authorized_for_system_information=user1,user2,user3

authorized_for_configuration_information=nagiosadmin,user1,user2,user3

authorized_for_system_commands=nagiosadmin,user1,user2,user3

authorized_for_all_services=nagiosadmin,user1,user2,user3

authorized_for_all_hosts=nagiosadmin,user1,user2,user3

authorized_for_all_service_commands=nagiosadmin,user1,user2,user3

authorized_for_all_host_commands=nagiosadmin,user1,user2,user3

Enable the httpd_can_connect_ldap boolean, if not enabled.

# getsebool httpd_can_connect_ldap
# setsebool httpd_can_connect_ldap on

Restart httpd service and nagios server using the following commands:

# service httpd restart
# service nagios restart