[hobbit] Securing CGI secure by monitored hosts

s_aiello at comcast.net s_aiello at comcast.net
Fri Mar 14 13:10:30 CET 2008


On Thursday 13 March 2008, White, Bruce wrote:
> Hi all,
>
> All these questions about securing hobbit has made me think about our
> hobbit set-up.  Is there a way to secure the actions taken by scripts in
> the secure CGI directory to acting on specific listings in the bb-hosts
> file?  We have one group responsible for printers which is completely
> different from the group responsible for servers.  We would like to give
> the group responsible for printers the ability to put printers in
> maintenance mode, but would not want them to have the same access to
> servers.  We are running a generic hobbit section of the httpd.conf file
> with users defined via the htpasswd command.
>
Out of the box, no Hobbit 4.2.0 does not have that feature. I implemented this 
function though by grouping devices on different pages. I then added to the 
cgi .sh scripts an authentication wrapper. Basically it checks a file that 
maps user name to pages the user has the authority to. So any device on the 
page, the user can put into maint via the device's info page. Since the Admin 
Enable/Disable function had more of a global scope, I severely limited it's 
access to a select few.

Hope this helps,
 ~Steve



More information about the Xymon mailing list