Nagios Support Forum

Posted: **Tue Feb 20, 2018 6:14 pm**

Hi.
I've seen this issue addressed on the forum but I don't see quite the answer I'm looking for.
I am trying to remotely access the Core statusjson API and am getting an HTTP 401 Unauthorized.
I can get around that by coding the nagiosadmin account and password on the URL.
That will never fly in my company.
I tried setting use_authentication=0 in cgi.cfg and bounced Nagios but that doesn't seem to help.
Any ideas?

Thanks,
Rick

Posted: **Wed Feb 21, 2018 2:36 pm**

Official documentation regarding CGI permissions:
https://assets.nagios.com/downloads/nag ... iauth.html

grenley wrote: I can get around that by coding the nagiosadmin account and password on the URL.
That will never fly in my company.

You could create a service user with htpasswd and, via the cgi conf, give that user permissions for all hosts/services and make it "read only".

Code: Select all

htpasswd /usr/local/nagios/etc/htpasswd.users serviceuser

Relevant cgi.cfg directives:

Code: Select all

authorized_for_all_services=nagiosadmin,serviceuser
authorized_for_all_hosts=nagiosadmin,serviceuser
authorized_for_read_only=serviceuser

This of course still exposes a user with global read privileges via your API calls. However, that user can't do things like execute checks, external commands, trigger notifications, etc.

Code: Select all

[root@capra_nag etc]# curl -XGET --user serviceuser:hunter2 'http://10.35.6.238/nagios/cgi-bin/statusjson.cgi?query=host&hostname=CENESPROD00'
{
  "format_version": 0,
  "result": {
    "query_time": 1519241850000,
    "cgi": "statusjson.cgi",
    "user": "serviceuser",
    "query": "host",
    "query_status": "released",
    "program_start": 1519241627000,
    "last_data_update": 1519241847000,
    "type_code": 0,
    "type_text": "Success",
    "message": ""
  },
  "data": {
    "host": {
      "name": "CENESPROD00",
      "name": "CENESPROD00",
      "plugin_output": "OH CRAP",
      "long_plugin_output": "",
      "perf_data": "",
      "status": 4,
      "last_update": 1519241846000,
      "has_been_checked": true,
      "should_be_scheduled": false,
      "current_attempt": 10,
      "max_attempts": 10,
      "last_check": 1510933656000,
      "next_check": 0,
      "check_options": 0,
      "check_type": 1,
      "last_state_change": 1510933656000,
      "last_hard_state_change": 1510933656000,
      "last_hard_state": 0,
      "last_time_up": 1510933656000,
      "last_time_down": 1503938669000,
      "last_time_unreachable": 0,
      "state_type": 1,
      "last_notification": 0,
      "next_notification": 0,
      "no_more_notifications": false,
      "notifications_enabled": false,
      "problem_has_been_acknowledged": false,
      "acknowledgement_type": 0,
      "current_notification_number": 0,
      "accept_passive_checks": true,
      "event_handler_enabled": true,
      "checks_enabled": false,
      "flap_detection_enabled": true,
      "is_flapping": false,
      "percent_state_change": 6.25,
      "latency": 0.76,
      "execution_time": 0.00,
      "scheduled_downtime_depth": 0,
      "process_performance_data": true,
      "obsess": true
    }
  }
}

Posted: **Wed Feb 21, 2018 4:59 pm**

Thanks for the help @mcapra!

grenley, let us know if you have any more questions!

Posted: **Thu Feb 22, 2018 7:00 pm**

Thanks very much!
This solved my issue.
You can close it.

Posted: **Fri Feb 23, 2018 1:08 pm**

Glad to hear the issue is resolved!

Nagios Support Forum

Remotely accessing statusjson API (http 401)

Remotely accessing statusjson API (http 401)

Re: Remotely accessing statusjson API (http 401)

Re: Remotely accessing statusjson API (http 401)

Re: Remotely accessing statusjson API (http 401)

Re: Remotely accessing statusjson API (http 401)