Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Does Nagios log server's apache login required sudo priv.

https://support.nagios.com/forum/viewtopic.php?t=50240

Page 1 of 1

Does Nagios log server's apache login required sudo priv.

Posted: Fri Sep 14, 2018 9:00 am
by thanigaivel.a
Does Nagios log server's apache login requires sudo privilege ?

We have a situation where our auditor's notified that, why you have given sudo privilege for apache user in nagios log server. So can you please confirm whether apache user needs root login powers to control log server ?.



[root@usa0300lv6332 ~]# cat /etc/sudoers|grep -i apache

apache usa0300lv6332=(ALL) NOPASSWD: ALL


[root@usa0300lv6332 ~]# cat /etc/passwd|grep -i apache
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin

Re: Does Nagios log server's apache login required sudo priv

Posted: Fri Sep 14, 2018 11:50 am
by cdienger
That isn't the part of the default config. apache does need some access however. Here is the default config that is added:

User_Alias NAGIOSLOGSERVER=nagios
User_Alias NAGIOSLOGSERVERWEB=apache
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash start
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash stop
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash restart
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash reload
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/logstash status
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch start
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch stop
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch restart
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch reload
NAGIOSLOGSERVER ALL = NOPASSWD:/etc/init.d/elasticsearch status
NAGIOSLOGSERVER ALL = NOPASSWD:/usr/local/nagioslogserver/scripts/change_timezone.sh
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash start
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash stop
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash restart
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash reload
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/logstash status
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch start
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch stop
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch restart
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch reload
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/etc/init.d/elasticsearch status
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/usr/local/nagioslogserver/scripts/get_logstash_ports.sh
NAGIOSLOGSERVERWEB ALL = NOPASSWD:/usr/local/nagioslogserver/scripts/profile.sh

Re: Does Nagios log server's apache login required sudo priv

Posted: Tue Sep 18, 2018 8:39 am
by thanigaivel.a
Thanks for the information, hope this is suffice.

Re: Does Nagios log server's apache login required sudo priv

Posted: Tue Sep 18, 2018 9:45 am
by cdienger
I'll lock this thread for now. Feel free to open a new one if needed.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited