restrict access to Xymon not working as expected
list Alessandro Tinivelli
Hallo everyone,
sorry if the question has already been asked, but i could not find any answer in google:
my brand new xymon installation (Xymon 4.3.27-1.el7.terabithia) on Centos7 has the liens below in apache config file:
I have created the /etc/xymon/xymonpasswd file , but the access is still free with no pass request.
Is there something I did not understand? Should this file located somewhere else?
Thank you in advance
Alessandro
----
# Password file where users with access to these scripts are kept.
# Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
# scripts, files here can be read with the "config" message type,
# which allows status-privileged clients to read arbitrary regular files
# from the directory.
#
# This file should be owned and readable only by the apache server user,
# and ideally merely a symlink to a location outside of $XYMONHOME/etc/
#
# Create it with:
# htpasswd -c /etc/xymon/xymonpasswd USERNAME
# chown apache:apache /etc/xymon/xymonpasswd
# chmod 640 /etc/xymon/xymonpasswd
# Add more users / change passwords with: "htpasswd /etc/xymon/xymonpasswd USERNAME"
#
# You can also use a group file to restrict admin access to members of a
# group, instead of anyone who is logged in. In that case you must setup
# the "xymongroups" file, and change the "Require" settings to require
# a specific group membership. See the Apache docs for more details.
AuthUserFile /etc/xymon/xymonpasswd
AuthGroupFile /etc/xymon/xymongroups
AuthType Basic
AuthName "Xymon Administration"
# "valid-user" restricts access to anyone who is logged in.
Require valid-user
list David Raymond
Hi, I have the same problem as Alessandro. I running SLES 12.2. Same result, try different way, no prompt of user. Thanks to help David Raymond D: XXX.XXX.XXXX x7064 C: XXX.XXX.XXXX F: XXX.XXX.XXXX www.batiparbarrette.com [Logo Barrette]
▸
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Alessandro Tinivelli
Sent: Wednesday, December 14, 2016 12:06 PM
To: xymon at xymon.com
Subject: [Xymon] restrict access to Xymon not working as expected
Hallo everyone,
sorry if the question has already been asked, but i could not find any answer in google:
my brand new xymon installation (Xymon 4.3.27-1.el7.terabithia) on Centos7 has the liens below in apache config file:
I have created the /etc/xymon/xymonpasswd file , but the access is still free with no pass request.
Is there something I did not understand? Should this file located somewhere else?
Thank you in advance
Alessandro
----
# Password file where users with access to these scripts are kept.
# Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
# scripts, files here can be read with the "config" message type,
# which allows status-privileged clients to read arbitrary regular files
# from the directory.
#
# This file should be owned and readable only by the apache server user,
# and ideally merely a symlink to a location outside of $XYMONHOME/etc/
#
# Create it with:
# htpasswd -c /etc/xymon/xymonpasswd USERNAME
# chown apache:apache /etc/xymon/xymonpasswd
# chmod 640 /etc/xymon/xymonpasswd
# Add more users / change passwords with: "htpasswd /etc/xymon/xymonpasswd USERNAME"
#
# You can also use a group file to restrict admin access to members of a
# group, instead of anyone who is logged in. In that case you must setup
# the "xymongroups" file, and change the "Require" settings to require
# a specific group membership. See the Apache docs for more details.
AuthUserFile /etc/xymon/xymonpasswd
AuthGroupFile /etc/xymon/xymongroups
AuthType Basic
AuthName "Xymon Administration"
# "valid-user" restricts access to anyone who is logged in.
Require valid-user
list Jake
I'll note that the default config appears intended to apply the password restriction only to the admin scripts in /usr/share/xymon/cgi-secure. But on Centos 7, that does not work for me, either. Noticing the following conditions in the Directory stanza for cgi-secure: <IfModule mod_authz_core.c> # Apache 2.4+ Require all granted </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Allow from all </IfModule> I checked that the mod_authz_core module was getting loaded with "httpd -M" and it was. BUT I noticed that mod_authn_file was not, and I think that's a dependency, along with mod_authz_user (which is getting loaded). The 00-base.conf file for Apache has a LoadModule line for the missing module, so I'm looking at why that's not getting loaded. Regards, Jake
▸
On 2016-12-21 11:18, Raymond, David wrote: Hi, I have the same problem as Alessandro. I running SLES 12.2. Same result, try different way, no prompt of user. Thanks to help David Raymond D: XXX.XXX.XXXX x7064 C: XXX.XXX.XXXX F: XXX.XXX.XXXX www.batiparbarrette.com FROM: Xymon [mailto:xymon-bounces at xymon.com] ON BEHALF OF Alessandro Tinivelli SENT: Wednesday, December 14, 2016 12:06 PM TO: xymon at xymon.com SUBJECT: [Xymon] restrict access to Xymon not working as expected Hallo everyone, sorry if the question has already been asked, but i could not find any answer in google: my brand new xymon installation (Xymon 4.3.27-1.el7.terabithia) on Centos7 has the liens below in apache config file: I have created the /etc/xymon/xymonpasswd file , but the access is still free with no pass request. Is there something I did not understand? Should this file located somewhere else? Thank you in advance Alessandro ---- # Password file where users with access to these scripts are kept. # Although expected in $XYMONHOME/etc/ by the useradm and chpasswd # scripts, files here can be read with the "config" message type, # which allows status-privileged clients to read arbitrary regular files # from the directory. # # This file should be owned and readable only by the apache server user, # and ideally merely a symlink to a location outside of $XYMONHOME/etc/ # # Create it with: # htpasswd -c /etc/xymon/xymonpasswd USERNAME # chown apache:apache /etc/xymon/xymonpasswd # chmod 640 /etc/xymon/xymonpasswd # Add more users / change passwords with: "htpasswd /etc/xymon/xymonpasswd USERNAME" # # You can also use a group file to restrict admin access to members of a # group, instead of anyone who is logged in. In that case you must setup # the "xymongroups" file, and change the "Require" settings to require # a specific group membership. See the Apache docs for more details. AuthUserFile /etc/xymon/xymonpasswd AuthGroupFile /etc/xymon/xymongroups AuthType Basic AuthName "Xymon Administration" # "valid-user" restricts access to anyone who is logged in. Require valid-user