Remotely accessing statusjson API (http 401)

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
grenley
Posts: 96
Joined: Tue May 13, 2014 6:06 pm

Remotely accessing statusjson API (http 401)

Post by grenley »

Hi.
I've seen this issue addressed on the forum but I don't see quite the answer I'm looking for.
I am trying to remotely access the Core statusjson API and am getting an HTTP 401 Unauthorized.
I can get around that by coding the nagiosadmin account and password on the URL.
That will never fly in my company.
I tried setting use_authentication=0 in cgi.cfg and bounced Nagios but that doesn't seem to help.
Any ideas?

Thanks,
Rick
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Remotely accessing statusjson API (http 401)

Post by mcapra »

Official documentation regarding CGI permissions:
https://assets.nagios.com/downloads/nag ... iauth.html
grenley wrote: I can get around that by coding the nagiosadmin account and password on the URL.
That will never fly in my company.
You could create a service user with htpasswd and, via the cgi conf, give that user permissions for all hosts/services and make it "read only".

Code: Select all

htpasswd /usr/local/nagios/etc/htpasswd.users serviceuser
Relevant cgi.cfg directives:

Code: Select all

authorized_for_all_services=nagiosadmin,serviceuser
authorized_for_all_hosts=nagiosadmin,serviceuser
authorized_for_read_only=serviceuser
This of course still exposes a user with global read privileges via your API calls. However, that user can't do things like execute checks, external commands, trigger notifications, etc.

Code: Select all

[root@capra_nag etc]# curl -XGET --user serviceuser:hunter2 'http://10.35.6.238/nagios/cgi-bin/statusjson.cgi?query=host&hostname=CENESPROD00'
{
  "format_version": 0,
  "result": {
    "query_time": 1519241850000,
    "cgi": "statusjson.cgi",
    "user": "serviceuser",
    "query": "host",
    "query_status": "released",
    "program_start": 1519241627000,
    "last_data_update": 1519241847000,
    "type_code": 0,
    "type_text": "Success",
    "message": ""
  },
  "data": {
    "host": {
      "name": "CENESPROD00",
      "name": "CENESPROD00",
      "plugin_output": "OH CRAP",
      "long_plugin_output": "",
      "perf_data": "",
      "status": 4,
      "last_update": 1519241846000,
      "has_been_checked": true,
      "should_be_scheduled": false,
      "current_attempt": 10,
      "max_attempts": 10,
      "last_check": 1510933656000,
      "next_check": 0,
      "check_options": 0,
      "check_type": 1,
      "last_state_change": 1510933656000,
      "last_hard_state_change": 1510933656000,
      "last_hard_state": 0,
      "last_time_up": 1510933656000,
      "last_time_down": 1503938669000,
      "last_time_unreachable": 0,
      "state_type": 1,
      "last_notification": 0,
      "next_notification": 0,
      "no_more_notifications": false,
      "notifications_enabled": false,
      "problem_has_been_acknowledged": false,
      "acknowledgement_type": 0,
      "current_notification_number": 0,
      "accept_passive_checks": true,
      "event_handler_enabled": true,
      "checks_enabled": false,
      "flap_detection_enabled": true,
      "is_flapping": false,
      "percent_state_change": 6.25,
      "latency": 0.76,
      "execution_time": 0.00,
      "scheduled_downtime_depth": 0,
      "process_performance_data": true,
      "obsess": true
    }
  }
}
Former Nagios employee
https://www.mcapra.com/
kyang

Re: Remotely accessing statusjson API (http 401)

Post by kyang »

Thanks for the help @mcapra!

grenley, let us know if you have any more questions!
grenley
Posts: 96
Joined: Tue May 13, 2014 6:06 pm

Re: Remotely accessing statusjson API (http 401)

Post by grenley »

Thanks very much!
This solved my issue.
You can close it.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: Remotely accessing statusjson API (http 401)

Post by scottwilkerson »

Glad to hear the issue is resolved!
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked