E-mail
WAS THIS PAGE HELPFUL? Leave Feedback
Overview
Various Nagios CGIs are used within GroundWork Monitor. An administrator is able to configure user and contact group access control options for CGIs. The idea is to simplify the setup so that the existing user-list does not need to be changed regarding CGI authorization variables as users come and go. Also, this provides a facility for some types of read-only access to Nagios CGIs, which can help with security profiles.
CGIs access control is set from the second screen of the Configuration > Control > Nagios cgi configuration option. This screen contains all of the access-related options for the Nagios screens. One can see the output in the generated CGI configuration file /usr/local/groundwork/nagios/etc/cgi.cfg file, even before a Commit operation. You can generate the file using Configuration > Tools > Export to files, and selecting cgi.cfg.
This table describes the access control options. See Nagios documentation for complete documentation for these options].
Figure: CGI access control options (Configuration > Control > Nagios cgi configuration > Page 2)
Table: CGI access control options descriptions
| Control Option | Description (all comma delimited) | ||
|---|---|---|---|
| Read-Only | Read-Only Access: Users that have read-only rights in the CGIs. This will block any service or host commands normally shown on the extinfo CGI pages. It will also block comments. Contactgroup Read-Only Access Contact groups that have read-only rights in the CGIs. This will block any service or host commands normally shown on the extinfo CGI pages. It will also block comments.
|
||
| Configuration Information | Configuration Information Access: Authenticated users who can view configuration information in the configuration CGI. Users can view information on all configured hosts, host groups, services, contacts, contact groups, time periods, and commands. Contactgroup Configuration Information Access: Contact groups who can view configuration information in the configuration CGI. Groups can view information on all configured hosts, host groups, services, contacts, contact groups, time periods, and commands. |
||
| System/Process Information | System/Process Information Access: Authenticated users who can view system/process information in the extended information CGI. ContactGroup System/Process Information Access: Contact groups who can view system/process information in the extended information CGI. |
||
| System/Process Command |
System/Process Command Access: Authenticated users who can issue system/process commands via the command CGI. Contactgroup System/Process Command Access: Contact groups who can issue system/process commands via the command CGI. |
||
| Global Host Information |
Global Host Information Access: Authenticated users who can view status and configuration information for all hosts. Users are also automatically authorized to view information for all services. Contactgroup Global Host Information Access: Contact groups who can view status and configuration information for all hosts. Groups are also automatically authorized to view information for all services. |
||
| Global Host Command |
Global Host Command Access: Authenticated users who can issue commands for all hosts via the command CGI. Users are also automatically authorized to issue commands for all services. Contactgroup Global Host Command Access: Contact groups who can issue commands for all hosts via the command CGI. Groups are also automatically authorized to issue commands for all services. |
||
| Global Service Information |
Global Service Information Access: Authenticated users who can view status and configuration information for all services. Contactgroup Global Service Information Access: Contact groups who can view status and configuration information for all services. |
||
| Global Service Command | Global Service Command Access: Authenticated users who can issue commands for all services via the command CGI. Contactgroup Global Service Command Access: Contact groups who can issue commands for all services via the command CGI. |
Steps
This example steps through the creation of a dashboard page containing Nagios CGIs, where the CGIs are set up with contact group access control.
- Create a portal user with the gw-portal-user membership. See: ?How to add a new user
- Create a dashboard with a Nagios CGI portlet (e.g., NagiosHostsView), and set the permission on the CGI to allow portal user role access (e.g., /GWUser). See: How to create a shared dashboard
- Assign permission of the Nagios application to the portal user membership, ?How to edit a membership.
- Create a contact using the name of the portal user, Configuration > Contacts > Contacts > New.
- Create a contact group, adding the contact created above, Configuration > Contacts > Contact groups > New.
- Assign the contact group to one or more of the CGI access controls, Configuration > Control > Nagios cgi configuration > Save and Next (Page 2).
- Commit the configuration changes, Configuration > Control > Commit.
- Next, log in as the new portal user and access the created dashboard, the permission to the CGIs should reflect what the user or contact group assignments show.
Figure: Contact group access to Nagios CGI