Home / server / Questions / 807643
In Process
jmazaredo
Asked: 2016-10-07 22:25:16 +0800 CST

nagios authentication bypass if from ip address also says logged in as?

  • 772

Im trying to bypass authentication via 

AuthUserFile /etc/nagios3/htpasswd.users
  AuthType Basic
  AuthName MySite
  Require valid-user
  Order allow,deny
  Allow from 111.111.111.111
  Satisfy any

Im able to bypass but i get a notification

It appears as though you do not have permission to view information for any of the services you requested...

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI and check the authorization options in your CGI configuration file.

cgi.cfg

authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

I notice login as ?

enter image description here

ubuntu nagios apache-2.4

1 Answers

  1. You cannot have use_authentication set in cgi.cfg, and then also bypass the authentication.

    As you have discovered, Nagios doesn't allow you to use the web interface, because it doesn't know which user is logged in.

    However, you can use setenvif to conditionally set the REMOTE_USER environment variable, when connecting from that IP.

    • 0