nagios user

gaojinguan

【基本介绍】
这里介绍nagios添加用户和用户权限管理
【基本配置】
1. 用户添加  2. 用户权限管理
1. 用户添加
用户是由web服务器提供的用户管理。
例如apache里面：用户和密码是有AuthUserFile配置文件来管理。

<VirtualHost *:80>
DocumentRoot  /usr/local/nagios/share
ServerName    xxxxx.com
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
</VirtualHost>


用户密码配置文件：用户名：密码

[iyunv@nagioscn etc]# cat /usr/local/nagios/etc/htpasswd.users
nagiosadmin:$apr1$M0Sez/..$Q8AqOHqxIJiE6ETuM9FSx0
viewer:OIC0OF3rCMztE


2. 用户权限是有nagios来管理访问nagios的权限
配置文件：/usr/local/nagios/etc/cgi.cfg

use_authentication=1  #是否开启用户认证
use_ssl_authentication=0   #是否允许使用x509cert(SSL)
#default_user_name=guest   #默认用户无需认证
authorized_for_system_information=nagiosadmin,admin  #系统信息的访问权限
authorized_for_configuration_information=nagiosadmin,admin  #配置信息的访问权限
authorized_for_system_commands=nagiosadmin,admin  #配置系统命令的访问权限
authorized_for_all_services=nagiosadmin,admin,guest,viewer  #全局services的访问权限
authorized_for_all_hosts=nagiosadmin,admin,guest,viewer     #全局hosts的访问权限
authorized_for_all_service_commands=nagiosadmin,admin       #全局services命令的访问权限
authorized_for_all_host_commands=nagiosadmin,admin#全局hosts命令的访问权限
authorized_for_read_only=guest,viewer      #配置只读用户的访问权限


【htpasswd】
htpasswd用户创建用户和密码配置文件

[iyunv@nagioscn etc]# htpasswd -h
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c  Create a new file.
-n  Don't update file; display results on stdout.
-m  Force MD5 encryption of the password.
-d  Force CRYPT encryption of the password (default).
-p  Do not encrypt the password (plaintext).
-s  Force SHA encryption of the password.
-b  Use the password from the command line rather than prompting for it.
-D  Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.