user not removed from cgi.cfg

[xlin125]

We have Nagios XI 2014R2.7 installed on RHEL 6.10. Recently, we removed a Nagios XI Web Interface user who had Auth Level "admin".
We removed this user via Admin->Manage Users. This user was removed from htpasswd.users, but did not get removed from cgi.cfg. How can we remove this user from cgi.cfg file? I am not sure we can edit cgi.cfg file and remove this user.

[lmiltchev]

You can edit the cgi.cfg file via a text editor, e.g. "vi" or "nano", and remove the user. It wouldn't hurt to restart nagios and httpd after you made the change too. Let us know if this fixed your issue. Thanks!

[xlin125]

@lmiltchev, thanks for the response.

My question is that when I deleted this user account that has admin right from the Nagios XI Web GUI, this user account did not get removed from the cgi.cfg file. This user account did get removed from htpasswd.users file. It looks like this user account still exists in the database (Postgres?), and is detected and reported by the security audit. Even I can remove this user account manually by editing cgi.cfg file, if this user account is not removed from the database, my problem is still not resolved, and it will continue to be reported to company's security group.

[lmiltchev]

Removing the user from the GUI should've also removed it from the postgres db. Are you saying that you still see the user in the db? Can you try searching for it by running the command below?

Code: Select all

echo 'select * from xi_users;' | psql nagiosxi nagiosxi | grep <username>

where you substitute <username> with the actual username of your xi user.

Since the user has been removed from the htpasswd file, he/she won't be able to log in, so it shouldn't be an issue.