[hobbit] Securing hobbit

Charles Jones jonescr at cisco.com
Mon Oct 1 22:43:04 CEST 2007


I need to do something similar, and .htaccess files came to mind.  
However, I want to basically provide all hobbit functionality to groups, 
without exposing any other groups hostsnames. I have noticed that some 
things in Hobbit already work nicely for this, such as enable/disable 
and acknoledge alert, when selected from a sub page will only show the 
hosts/alerts from that page, but what about things like bb2.html (all 
non-green view), and other administrative things (eventlog, availbility, 
etc) that we may want a group to be able to use, but not have them wade 
through other groups hosts as well?

-Charles

Henrik Stoerner wrote:
> On Mon, Oct 01, 2007 at 09:41:36AM -0500, Aaron Kincaid wrote:
>   
>> Hi, we have been setting up hobbit for our company over the last couple
>> of weeks and it is a brilliant product!  We were originally planning on
>> allowing anyone within the company to see the pages, but now we have
>> been asked to limit access to each department head and the department
>> heads can only see the results for equipment in their department.  We
>> have divided the bb-hosts file up using the PAGE function, but wanted to
>> know if there is a way to explicitly allow one or two people to see the
>> page for a specific department.  
>>
>> We also want to publish the site and use authentication to get to it,
>> what is the best way to meet both these goals?
>>     
>
> Hobbit doesn't have any access controls built-in, so you need to
> configure this through your webservers' access control mechanism.
> These usually make it relatively straight-forward to secure access
> to certain directories to a limited group of users. In Apache,
> you'd put something like this in your config:
>
> AuthType Basic
> AuthName "Hobbit"
> AuthUserfile "/etc/hobbit/users"
> AuthGroupfile "/etc/hobbit/groups"
>
> Alias /hobbit/  "/var/lib/hobbit/www/"
> <Directory "/var/lib/hobbit/www">
>     Options Indexes FollowSymLinks Includes MultiViews
>     Order allow,deny
>     Allow from all
>     Require group admins
> </Directory>
>
> <Directory "/var/lib/hobbit/www/dept1/">
>     Require group admins dept1users
> </Directory>
>
>
> Note that you can also use .htaccess files to control this.
>
> Then use the htpasswd utility to create users, and add users
> to the "/etc/hobbit/group" file like
>
>   dept1users: john mick
>   admins: aaron
>
>
> Regards,
> Henrik
>
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20071001/b228a7e3/attachment.html>


More information about the Xymon mailing list