Red Hat Summitこのコンテンツは選択した言語では利用できません。
17.5. Nagios Advanced Configuration
17.5.1. Creating Nagios User
リンクのコピーリンクがクリップボードにコピーされました!
To create a new Nagios user and set permissions for that user, follow the steps given below:
- Login as
rootuser. - Run the command given below with the new user name and type the password when prompted.
htpasswd /etc/nagios/passwd newUserName
# htpasswd /etc/nagios/passwd newUserNameCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Add permissions for the new user in
/etc/nagios/cgi.cfgfile as shown below:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note
To setread onlypermission for users, addauthorized_for_read_only=usernamein the/etc/nagios/cgi.cfgfile. - Start
nagiosandhttpdservices using the following commands:service httpd restart service nagios restart
# service httpd restart # service nagios restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Verify Nagios access by using the following URL in your browser, and using the user name and password.
https://NagiosServer-HostName-or-IPaddress/nagios
https://NagiosServer-HostName-or-IPaddress/nagiosCopy to Clipboard Copied! Toggle word wrap Toggle overflow Figure 17.14. Nagios Login
17.5.2. Changing Nagios Password
リンクのコピーリンクがクリップボードにコピーされました!
The default Nagios user name and password is
nagiosadmin. This value is available in the /etc/nagios/cgi.cfg file.
- Login as
rootuser. - To change the default password for the Nagios Administrator user, run the following command with the new password:
htpasswd -c /etc/nagios/passwd nagiosadmin
# htpasswd -c /etc/nagios/passwd nagiosadminCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start
nagiosandhttpdservices using the following commands:service httpd restart service nagios restart
# service httpd restart # service nagios restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Verify Nagios access by using the following URL in your browser, and using the user name and password that was set in Step 2:
https://NagiosServer-HostName-or-IPaddress/nagios
https://NagiosServer-HostName-or-IPaddress/nagiosCopy to Clipboard Copied! Toggle word wrap Toggle overflow Figure 17.15. Nagios Login
17.5.3. Configuring SSL
リンクのコピーリンクがクリップボードにコピーされました!
For secure access of Nagios URL, configure SSL:
- Create a 1024 bit RSA key using the following command:
openssl genrsa -out /etc/ssl/private/{cert-file-name.key} 1024openssl genrsa -out /etc/ssl/private/{cert-file-name.key} 1024Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Create an SSL certificate for the server using the following command:
openssl req -key nagios-ssl.key -new | openssl x509 -out nagios-ssl.crt -days 365 -signkey nagios-ssl.key -req
openssl req -key nagios-ssl.key -new | openssl x509 -out nagios-ssl.crt -days 365 -signkey nagios-ssl.key -reqCopy to Clipboard Copied! Toggle word wrap Toggle overflow Enter the server's host name which is used to access the Nagios Server GUI as Common Name. - Edit the
/etc/httpd/conf.d/ssl.conffile and add path to SSL Certificate and key files correspondingly forSSLCertificateFileandSSLCertificateKeyFilefields as shown below:SSLCertificateFile /etc/pki/tls/certs/nagios-ssl.crt SSLCertificateKeyFile /etc/pki/tls/private/nagios-ssl.key
SSLCertificateFile /etc/pki/tls/certs/nagios-ssl.crt SSLCertificateKeyFile /etc/pki/tls/private/nagios-ssl.keyCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Edit the
/etc/httpd/conf/httpd.conffile and comment the port 80 listener as shown below:Listen 80
# Listen 80Copy to Clipboard Copied! Toggle word wrap Toggle overflow - In
/etc/httpd/conf/httpd.conffile, ensure that the following line is not commented:<Directory "/var/www/html">
<Directory "/var/www/html">Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart the
httpdservice on thenagiosserver using the following command:service httpd restart
# service httpd restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
17.5.4. Integrating LDAP Authentication with Nagios
リンクのコピーリンクがクリップボードにコピーされました!
You can integrate LDAP authentication with Nagios plug-in. To integrate LDAP authentication, follow the steps given below:
- In apache configuration file
/etc/httpd/conf/httpd.conf, ensure that LDAP is installed and LDAP apache module is enabled.The configurations are displayed as given below if the LDAP apache module is enabled.You can enable the LDAP apache module by deleting the # symbol.LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.soCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Edit the
nagios.conffile in/etc/httpd/conf.d/nagios.confwith the corresponding values for the following:- AuthBasicProvider
- AuthLDAPURL
- AuthLDAPBindDN
- AuthLDAPBindPassword
- Edit the CGI authentication file
/etc/nagios/cgi.cfgas given below with the path where Nagios is installed.nagiosinstallationdir = /usr/local/nagios/ or /etc/nagios/
nagiosinstallationdir = /usr/local/nagios/ or /etc/nagios/Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Uncomment the lines shown below by deleting # and set permissions for specific users:
Note
Replacenagiosadminand user names with * to give any LDAP user full functionality of Nagios.Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Enable the
httpd_can_connect_ldapboolean, if not enabled.getsebool httpd_can_connect_ldap setsebool httpd_can_connect_ldap on
# getsebool httpd_can_connect_ldap # setsebool httpd_can_connect_ldap onCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart
httpdservice andnagiosserver using the following commands:service httpd restart service nagios restart
# service httpd restart # service nagios restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}