Christoph Anton Mitterer wrote: > Hi Michael. > > Thanks for your quick reply. > > > On Wed, 2012-07-04 at 23:30 +0200, Michael Friedrich wrote: >>> a) From which path does it load the files from the icon_image setting? >>> Or is that just used in the CGI? >> depends on your definition. this is apache path, not fs. > Yes of course,.. I found it by now :) > And proposed then this: https://dev.icinga.org/issues/2785 > > >>> b) Does it (i.e. the icinga_web DB user) need read-write access to the >>> icinga DB (idoutils) or is read-only enough? In the later case on could >>> further restrict access. >> readonly user. ido2db daemon should be the only source for writing to >> that database, keeping it in sync. > I'll have a look, on whether one can set a PostgreSQL user to read only > for the DB,... can we add this then to some wiki or so?
the community wiki is open for everyone once registered an account. of course we are watching the space in order to prevent spammers or wrong information being spread. > >>> c) There is this cronk that would allow showing the classic icinga >>> cgi... but that's just empty. >>> What does it need to find this? I.e. how does it find this? Via web >>> URIs, or using the status.dat&friends files? >> i don't understand your question. but if it's the iframe embedding >> external websites, look for the special cronks in the menue and/or >> configuration. > Ok I guess I found it,.. there is a file: > app/modules/Cronks/config/cronks_misc.xml > where I can remove the user/passwd parameter (I've allowed access > unconditionally on loopback) and where I can replace the default > "/icinga/" path for CGI by "/icinga/classic/" what I use. > > Now a problem remains... how can I do the same > within /etc/icinga-web/conf.d/ so that it's preserved on updates? save the cronk, export it. > > I tried a bit with just copying some XML out from the former,... but > apparently I did it wrong ;) > > > >>> d) Does icinga-web need access to the status.dat&friends files (e.g. >>> for command execution) and if so, for which exactly? >> icinga.cmd as apache user, same as classic ui. if using remotely, access >> via ssh required. > Ok... and what about these: > /var/cache/icinga/ (directory) > /var/cache/icinga/objects.cache > /var/cache/icinga/retention.dat > which are www-data:www-data owned in Debian as well as > /var/lib/icinga/rw/ (directory) > /var/lib/icinga/status.dat > which are nagios:www-data owned in Debian? > > I guess status.dat is just used by CGI and similar to what is the DB for > icinga-web, right? > But then there are still some more left. i smell some security discussions, either on the debian packagers list or on "my" bug tracker. so in order to keep that low, please rephrase your questions making sense for the common people. i have absolutely no interest in repeating your longlasting discussions on security concerns a linux distribution will never keep up with, nor a software package could do on 99% of the systems keeping default levels. jm2c, michael > > > Thanks in advance, > Chris. > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > _______________________________________________ > icinga-users mailing list > icinga-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/icinga-users -- DI (FH) Michael Friedrich Vienna University Computer Center Universitaetsstrasse 7 A-1010 Vienna, Austria email: michael.friedr...@univie.ac.at phone: +43 1 4277 14359 mobile: +43 664 60277 14359 fax: +43 1 4277 14338 web: http://www.univie.ac.at/zid http://www.aco.net Lead Icinga Core Developer http://www.icinga.org ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ icinga-users mailing list icinga-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/icinga-users
