[Xymon] restrict access to Xymon not working as expected
Jake
xymon at epperson.homelinux.net
Wed Dec 21 22:35:58 CET 2016
I'll note that the default config appears intended to apply the password
restriction only to the admin scripts in /usr/share/xymon/cgi-secure.
But on Centos 7, that does not work for me, either.
Noticing the following conditions in the Directory stanza for
cgi-secure:
<IfModule mod_authz_core.c>
# Apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
I checked that the mod_authz_core module was getting loaded with "httpd
-M" and it was. BUT I noticed that mod_authn_file was not, and I think
that's a dependency, along with mod_authz_user (which is getting
loaded). The 00-base.conf file for Apache has a LoadModule line for the
missing module, so I'm looking at why that's not getting loaded.
Regards,
Jake
On 2016-12-21 11:18, Raymond, David wrote:
> Hi,
>
> I have the same problem as Alessandro. I running SLES 12.2.
>
> Same result, try different way, no prompt of user.
>
> Thanks to help
>
> David Raymond
>
> D: 450.357.7000 x7064 C: 514.603.0986 F: 450.357.7050
> www.batiparbarrette.com
>
> FROM: Xymon [mailto:xymon-bounces at xymon.com] ON BEHALF OF Alessandro Tinivelli
> SENT: Wednesday, December 14, 2016 12:06 PM
> TO: xymon at xymon.com
> SUBJECT: [Xymon] restrict access to Xymon not working as expected
>
> Hallo everyone,
>
> sorry if the question has already been asked, but i could not find any answer in google:
>
> my brand new xymon installation (Xymon 4.3.27-1.el7.terabithia) on Centos7 has the liens below in apache config file:
>
> I have created the /etc/xymon/xymonpasswd file , but the access is still free with no pass request.
>
> Is there something I did not understand? Should this file located somewhere else?
>
> Thank you in advance
>
> Alessandro
>
> ----
>
> # Password file where users with access to these scripts are kept.
>
> # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
>
> # scripts, files here can be read with the "config" message type,
>
> # which allows status-privileged clients to read arbitrary regular files
>
> # from the directory.
>
> #
>
> # This file should be owned and readable only by the apache server user,
>
> # and ideally merely a symlink to a location outside of $XYMONHOME/etc/
>
> #
>
> # Create it with:
>
> # htpasswd -c /etc/xymon/xymonpasswd USERNAME
>
> # chown apache:apache /etc/xymon/xymonpasswd
>
> # chmod 640 /etc/xymon/xymonpasswd
>
> # Add more users / change passwords with: "htpasswd /etc/xymon/xymonpasswd USERNAME"
>
> #
>
> # You can also use a group file to restrict admin access to members of a
>
> # group, instead of anyone who is logged in. In that case you must setup
>
> # the "xymongroups" file, and change the "Require" settings to require
>
> # a specific group membership. See the Apache docs for more details.
>
> AuthUserFile /etc/xymon/xymonpasswd
>
> AuthGroupFile /etc/xymon/xymongroups
>
> AuthType Basic
>
> AuthName "Xymon Administration"
>
> # "valid-user" restricts access to anyone who is logged in.
>
> Require valid-user
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon [1]
Links:
------
[1] http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20161221/d26a92e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2512 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20161221/d26a92e5/attachment.gif>
More information about the Xymon
mailing list