Re: [icinga-users] some icinga-web questions

Sun, 22 Jul 2012 12:52:58 -0700 

On Thu, 2012-07-05 at 09:32 +0200, Michael Friedrich wrote:
> > Now a problem remains... how can I do the same
> > within /etc/icinga-web/conf.d/ so that it's preserved on updates?
It worked for me be adding the following
to /etc/icinga-web/conf.d/cronks.xml:
            <cronk name="iframeViewIcinga">
                <ae:parameter name="module">Cronks</ae:parameter>
                <ae:parameter
name="action">System.IframeView</ae:parameter>
                <ae:parameter name="hide">false</ae:parameter>
                <ae:parameter name="description">View icinga classic on
same server</ae:parameter>
                <ae:parameter name="name">Icinga Classic</ae:parameter>
                <ae:parameter name="image">cronks.Globe</ae:parameter>
                <ae:parameter name="categories">misc</ae:parameter>
                <ae:parameter name="position">200</ae:parameter>
                <ae:parameter name="ae:parameter">
                    <ae:parameter
name="url"><![CDATA[/icinga/classic/path/]]></ae:parameter>
                </ae:parameter>
            </cronk>
My original mistake was to only include those parameters that I want to
change,... unfortunately all have to be added and there is no
overwriting or so.




> >>> d) Does icinga-web need access to the status.dat&friends files (e.g.
> >>> for command execution) and if so, for which exactly?
> >> icinga.cmd as apache user, same as classic ui. if using remotely, access
> >> via ssh required.
> > Ok... and what about these:
> > /var/cache/icinga/   (directory)
> > /var/cache/icinga/objects.cache
> > /var/cache/icinga/retention.dat
> > which are www-data:www-data owned in Debian as well as
> > /var/lib/icinga/rw/   (directory)
> > /var/lib/icinga/status.dat
> > which are nagios:www-data owned in Debian?
> >
> > I guess status.dat is just used by CGI and similar to what is the DB for
> > icinga-web, right?
> > But then there are still some more left.

Haven't looked much more into this... the default access rules (well at
least as set in Debian) seem to be too open already, leaving world-read
access to many files, where I think there shouldn't be any.
Nevertheless,... there seem to be too many obstacles to go into
hardening here :-(


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
icinga-users mailing list
icinga-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/icinga-users

Reply via email to