nagios encyrpted password for url monitoring
nagios encyrpted password for url monitoring
Nagios http authentication using encrypted password. Is there a plugin which does that? I have used check_http but the encrypted password fails there.
Re: nagios encyrpted password for url monitoring
I'm not quite sure what you mean. HTTP Basic authentication passwords are not directly encrypted, but they can be sent as part of a request using SSL. What specifically are you doing and how is it failing?
Former Nagios employee
Re: nagios encyrpted password for url monitoring
The website i would like to monitor requires credentials, it works with check_http module but i need to encrypt credentials instead of encode. is there a way to do it with this module or any other? Thanks.
- tacolover101
- Posts: 432
- Joined: Mon Apr 10, 2017 11:55 am
Re: nagios encyrpted password for url monitoring
post a curl -v http://yoururl.com/login so that we can see what type of authentication you're trying to use. off the top of my head, the plugin only supports basic auth. if you're using NTLM, SSO, LDAP, or anything else, you'll probably need to find another plugin.
Re: nagios encyrpted password for url monitoring
In any case, you're likely looking at something like Selenium or WebInject:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
The guides are for XI but the concept is basically to have a script simulate a login as closely as it can to a real user performing the action.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
The guides are for XI but the concept is basically to have a script simulate a login as closely as it can to a real user performing the action.
Former Nagios employee
Re: nagios encyrpted password for url monitoring
I will try this and let this group know.
Re: nagios encyrpted password for url monitoring
tacolover101 wrote:post a curl -v http://yoururl.com/login so that we can see what type of authentication you're trying to use. off the top of my head, the plugin only supports basic auth. if you're using NTLM, SSO, LDAP, or anything else, you'll probably need to find another plugin.
Here is the curl informaton from 2 different websites. From this the second one is basic auth.
curl -v https://big.example.com/ProcessAdmin/login.jsp
* timeout on name lookup is not supported
* Trying 10.32.18.99...
* TCP_NODELAY set
* Connected to big.example.com (10.32.18.99) port 443 (#0)
* schannel: SSL/TLS connection with big.example.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 189 bytes...
* schannel: sent initial handshake data: sent 189 bytes
* schannel: SSL/TLS connection with big.example.com port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with big.example.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 1974 length 4096
* schannel: sending next handshake data: sending 190 bytes...
* schannel: SSL/TLS connection with big.example.com port 443 (step 2/3)
* schannel: encrypted data buffer: offset 51 length 4096
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with big.example.com port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET /ProcessAdmin/login.jsp HTTP/1.1
> Host: big.example.com
> User-Agent: curl/7.53.1
> Accept: */*
>
* schannel: client wants to read 16384 bytes
* schannel: encdata_buffer resized 17408
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: encrypted data got 3231
* schannel: encrypted data buffer: offset 3231 length 17408
* schannel: decrypted data length: 3202
* schannel: decrypted data added: 3202
* schannel: decrypted data cached: offset 3202 length 16384
* schannel: encrypted data buffer: offset 0 length 17408
* schannel: decrypted data buffer: offset 3202 length 16384
* schannel: schannel_recv cleanup
* schannel: decrypted data returned 3202
* schannel: decrypted data buffer: offset 0 length 16384
< HTTP/1.1 200 OK
< Date: Thu, 27 Jul 2017 19:12:50 GMT
< X-Powered-By: Servlet/3.0
< Cache-Control: no-cache
< Content-Length: 2783
< Set-Cookie: JSESSIONID=0000vJPszur4fr1wf56sUSEuyoy:1a0fnbika; Path=/; Secure;
HttpOnly
< Expires: Thu, 01 Dec 1994 16:00:00 GMT
< Content-Type: text/html; charset=UTF-8
< Content-Language: en-US
< Set-Cookie: BIGipServer~Dev~pool_bpm_big.example.com_443=1813127178.47
873.0000; path=/
<
======================================================================
----------------------------------------------------------------------------------------------------
curl -v http://goog.example.com/acats
* timeout on name lookup is not supported
* Trying 170.12.110.100...
* TCP_NODELAY set
* Connected to goog.example.com (170.12.110.100) port 80 (#0)
> GET /acats HTTP/1.1
> Host: goog.example.com
> User-Agent: curl/7.53.1
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
< X-Cnection: close
< Date: Thu, 27 Jul 2017 19:15:44 GMT
< Content-Length: 1944
< Content-Type: text/html
< Server: Microsoft-IIS/6.0
< X-Powered-By: ASP.NET
< WWW-authenticate: Basic realm="Login"
<
Re: nagios encyrpted password for url monitoring
Yeah, you'll probably need to use Selenium or WebInject for something like this. Refer to the docs shared by @tmcdonald earlier for some steps to get started. The Selenium docs in particular aren't Nagios XI specific until page 10, which is just configuring a Nagios service and command; Not that hard to do in Nagios Core.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
Re: nagios encyrpted password for url monitoring
@narenpg@gmail.com did mcapra's suggestion help? Let us know if it is ok to lock this thread.
Be sure to check out our Knowledgebase for helpful articles and solutions!