[Xymon] Issues with no password prompt for admin cgi

Michael Resnick sys1002 at yahoo.com
Thu Mar 2 16:43:06 CET 2017 

I actually did a full reboot, and it is clearly stated at end of first mail. 

RHEL 7.3 , selinux is disabled. # journalctl -t setroubleshoot --since=17:00
-- No entries --


grep of http log for  cgi only shows connection info when trying to access xymon-seccgi/enadis.sh 
10.234.9.161 - - [02/Mar/2017:17:30:39 +0200] "GET /xymon-seccgi/enadis.sh HTTP/1.1" 200 24962 "http://ilxymonpoc1/xymon/POC-Environments/POC-Environments.html" "Mozilla/xxxxx;  .0) Gecko/20100101 xxx"
Thanks for your help.

      From: "Root, Paul T" <Paul.Root at CenturyLink.com>
 To: 'Michael Resnick' <sys1002 at yahoo.com>; "xymon at xymon.com" <xymon at xymon.com> 
 Sent: Thursday, March 2, 2017 4:43 PM
 Subject: RE: [Xymon] Issues with no password prompt for admin cgi
   
#yiv7748624316 #yiv7748624316 -- _filtered #yiv7748624316 {font-family:Helvetica;panose-1:2 11 6 4 2 2 2 2 2 4;} _filtered #yiv7748624316 {panose-1:2 4 5 3 5 4 6 3 2 4;} _filtered #yiv7748624316 {font-family:Calibri;panose-1:2 15 5 2 2 2 4 3 2 4;} _filtered #yiv7748624316 {font-family:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}#yiv7748624316 #yiv7748624316 p.yiv7748624316MsoNormal, #yiv7748624316 li.yiv7748624316MsoNormal, #yiv7748624316 div.yiv7748624316MsoNormal {margin:0in;margin-bottom:.0001pt;font-size:12.0pt;}#yiv7748624316 a:link, #yiv7748624316 span.yiv7748624316MsoHyperlink {color:blue;text-decoration:underline;}#yiv7748624316 a:visited, #yiv7748624316 span.yiv7748624316MsoHyperlinkFollowed {color:purple;text-decoration:underline;}#yiv7748624316 span.yiv7748624316EmailStyle17 {color:#1F497D;}#yiv7748624316 .yiv7748624316MsoChpDefault {font-size:10.0pt;} _filtered #yiv7748624316 {margin:1.0in 1.0in 1.0in 1.0in;}#yiv7748624316 div.yiv7748624316WordSection1 {}#yiv7748624316 Ok, you don’ t  make it easy on us. Didn’t answer any questions asked.    So, the only thing that is password protected is cgi-secure scripts. That’s fine.    I’ll ask again. Did you restart httpd?     And follow up questions.    Did you look in the httpd log files? Access and error? Do you see a line in the access log that has a connection  to a cgi-secure script without an user in the user field? Any error message?    What OS are you running?  If linux, is selinux enforcing? If yes, is there selinux errors trying to access the xymonpasswd file?       From: Michael Resnick [mailto:sys1002 at yahoo.com] 
Sent: Thursday, March 02, 2017 3:53 AM
To: xymon at xymon.com
Subject: Re: [Xymon] Issues with no password prompt for admin cgi    Sending apache.conf  as requested :     This is the main Apache HTTP server configuration file.  It contains the

ScriptAlias /xymon-seccgi/ "/home/xymon/cgi-secure/"
<Directory "/home/xymon/cgi-secure">
    AllowOverride None
    Options ExecCGI Includes
    <IfModule mod_authz_core.c>
        # Apache 2.4+
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Allow from all
    </IfModule>

    # Password file where users with access to these scripts are kept.
    # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
    # scripts, files here can be read with the "config" message type, 
    # which allows status-privileged clients to read arbitrary regular files 
    # from the directory. 
    # 
    # This file should be owned and readable only by the apache server user,
    # and ideally merely a symlink to a location outside of $XYMONHOME/etc/
    # 
    # Create it with:
    #    htpasswd -c /home/xymon/server/etc/xymonpasswd USERNAME
    #    chown apache:apache /home/xymon/server/etc/xymonpasswd
    #    chmod 640 /home/xymon/server/etc/xymonpasswd
    # Add more users / change passwords with: "htpasswd /home/xymon/server/etc/xymonpasswd USERNAME"
    #
    # You can also use a group file to restrict admin access to members of a
    # group, instead of anyone who is logged in. In that case you must setup
    # the "xymongroups" file, and change the "Require" settings to require
    # a specific group membership. See the Apache docs for more details.

    AuthUserFile /home/xymon/server/etc/xymonpasswd
    AuthGroupFile /home/xymon/server/etc/xymongroups
    AuthType Basic
    AuthName "Xymon Administration"

    # "valid-user" restricts access to anyone who is logged in.
    Require valid-user

    # "group admins" restricts access to users who have logged in, AND
    # are members of the "admins" group in xymongroups.
    # Require group admins

</Directory>

 This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.

   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170302/f2458d65/attachment.html>

More information about the Xymon mailing list