ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi"
AllowOverride None
Options ExecCGI
Order deny,allow
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthMySQLEnable on
AuthMySQLHost "mysqlsrv"
AuthMySQLDB ops_data
AuthMySQLPwEncryption md5
AuthMySQLUserTable isys_person_intern
AuthMySQLUser nagios
AuthMySQLPassword deathbird
AuthMySQLNameField isys_person_intern__title
AuthMySQLPasswordField isys_person_intern__user_pass
AuthMySQLGroupTable isys_person_intern,isys_group,isys_group_2_isys_person_intern
AuthMySQLGroupField isys_group__title
AuthMySQLGroupCondition "isys_person_intern.isys_person_intern__id=isys_group_2_isys_person_intern.isys_group_2_isys_person_intern_
_isys_person_intern__id and isys_group_2_isys_person_intern.isys_group_2_isys_person_intern__isys_group__id=isys_group.isys_group__id
and isys_group__title='nagios'"
AuthMySQLAuthoritative On
AuthMySQLNoPasswd Off
require group nagios
Alias /nagios "/usr/share/nagios"
AllowOverride None
Options None
Order deny,allow
Allow from all
\\ \\
**Für Debian und Ubuntu**
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
AllowOverride None
Options ExecCGI
Order deny,allow
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /dev/null
AuthBasicAuthoritative Off
AuthMySQL_Authoritative on
AuthMYSQL on
AuthMySQL_Host "MYSQLHOST"
AuthMySQL_User MYSQLUSERNAME
AuthMySQL_Password MYSQLPASSWORT
AuthMySQL_DB idoit_data
AuthMySQL_Encryption_Types PHP_MD5
AuthMySQL_Password_Table isys_person_intern
AuthMySQL_Username_Field isys_person_intern__title
AuthMySQL_Password_Field isys_person_intern__user_pass
AuthMySQL_Empty_Passwords off
AuthMySQL_Group_Table isys_person_intern,isys_group,isys_group_2_isys_person_intern
AuthMySQL_Group_Field isys_group__title
Auth_MySQL_Group_Clause " AND isys_person_intern.isys_person_intern__id=isys_group_2_isys_person_intern.isys_group_2_isys_person_intern__isys_person_intern__id and isys_group_2_isys_person_intern.isys_group_2_isys_person_intern__isys_group__id=isys_group.isys_group__id and isys_group__title='nagios'"
require group nagios
Alias /nagios "/usr/local/nagios/share"
Options None
AllowOverride None
Order allow,deny
Allow from all
\\ \\
Der Inhalt von AuthMySQLGroupCondition ist im Prinzip ein SQL-Statement (select). Gleiches gilt für AuthMySQLGroupTable. Hier ist es ein Join über 3 Tabellen.\\ \\
Die Statements für andere Sachen (z.B. Logfiles etc.) sind analog aufzubauen.
====== Passwordänderung für Benutzer ohne i-doit Zugang ======
Nun hat natürlich nicht jeder Benutzer des Nagios, wie z.B. Fachabteilungen, aber auch das recht, sich an i-doit anzumelden. Dafür habe ich ein kleine Perlprogramm (CGI) geschrieben, mit dem Benutzer ihr passwort selben ändern können:
\\
#!/usr/bin/perl
use strict;
use DBI;
use CGI qw(:cgi-lib);
use vars qw($PASSWORD $USERNAME $DBLOGIN $DBPASS $DATABASE $DBHOST $DBPORT $SQLSTATEMENT $OLD_PASSWORD);
use vars qw($ERRMSG $PASSWORD1 $STH $DBH %in $PASSWORD2 $DSN @ROW);
$DBLOGIN = "changepw";
$DBPASS = "changepw";
$DATABASE = "i-doit_data";
$DBHOST = "mysqlsrv";
$DBPORT = 3306;
$ERRMSG = "";
# Main part ------------------------------------------------------------------------
header();
ReadParse();
# Lesen der Formularfelder auf den Hash '%in'
$PASSWORD = $in{login_password};
$USERNAME = $in{login_username};
$PASSWORD1 = $in{login_pass1};
$PASSWORD2 = $in{login_pass2};
# Test if the new password is typed in correctly
if ( $PASSWORD1 ne $PASSWORD2)
{
$ERRMSG = "Error! Passwords not equal! Please try it again.";
error();
footer();
exit;
}
# Connect to the database ----------------------------------------------------------
$DSN = "DBI:mysql:database=$DATABASE;host=$DBHOST;port=$DBPORT";
$DBH = DBI->connect($DSN, $DBLOGIN, $DBPASS, {
PrintError => 0, ### Don't report errors via warn( )
RaiseError => 1 ### Do report errors via die( )
} );
# Constuct a SQL statement ----------------------------------------------------------
# Place the password as MD5 hash into the database for comparing
$SQLSTATEMENT = "insert into tmp_ops_person";
$SQLSTATEMENT = $SQLSTATEMENT." VALUES ('',\'$USERNAME\', MD5( \'$PASSWORD\' ) )";
# ----- Prepare a SQL statement for execution
$STH = $DBH->prepare( $SQLSTATEMENT );
# ----- Execute the statement in the database
$STH->execute();
# Constuct a SQL statement ----------------------------------------------------------
# Now we get the hashed password out of the database and replace the password in the
# variable with the hashed one
$SQLSTATEMENT = "select tmp_ops_person_intern_user_pass from tmp_ops_person";
$SQLSTATEMENT = $SQLSTATEMENT." where tmp_ops_person_intern__title = '$USERNAME'";
# ----- Prepare a SQL statement for execution
$STH = $DBH->prepare( $SQLSTATEMENT );
# ----- Execute the statement in the database
$STH->execute();
# ----- Retrieve the returned rows of data
while ( @ROW = $STH->fetchrow_array( ) )
{
# Put the hashed password in the var
$PASSWORD = $ROW[0];
}
# Constuct a SQL statement ----------------------------------------------------------
$SQLSTATEMENT = "select isys_person_intern__user_pass from isys_person_intern";
$SQLSTATEMENT = $SQLSTATEMENT." where isys_person_intern__title = '$USERNAME'";
# ----- Prepare a SQL statement for execution
$STH = $DBH->prepare( $SQLSTATEMENT );
# ----- Execute the statement in the database
$STH->execute();
# ----- Retrieve the returned rows of data
while ( @ROW = $STH->fetchrow_array( ) )
{
$OLD_PASSWORD = $ROW[0];
}
# Constuct a SQL statement ----------------------------------------------------------
$SQLSTATEMENT = "DELETE FROM `tmp_ops_person` where tmp_ops_person_intern__title = '$USERNAME'";
# ----- Prepare a SQL statement for execution
$STH = $DBH->prepare( $SQLSTATEMENT );
# ----- Execute the statement in the database
$STH->execute();
$DBH->disconnect;
if ( $PASSWORD ne $OLD_PASSWORD)
{
$ERRMSG = "Error! This was not your password.
Please retype it or ask your guru.";
error();
}
else
{
# Constuct a SQL statement ----------------------------------------------------------
$SQLSTATEMENT = "UPDATE `isys_person_intern` set `isys_person_intern__user_pass` = MD5(\'$PASSWORD1\')";
$SQLSTATEMENT = $SQLSTATEMENT." where isys_person_intern__title = '$USERNAME'";
# ----- Prepare a SQL statement for execution
$STH = $DBH->prepare( $SQLSTATEMENT );
# ----- Execute the statement in the database
$STH->execute();
success();
}
$DBH->disconnect;
exit;
footer();
# Subroutines
sub error
{
print "\n";
print "Change your password \n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "NoticeX
\n";
print "\n";
print "\n";
print "\n";
print "\n";
}
sub success
{
print "\n";
print "Change your password \n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "NoticeX
\n";
print "\n";
print "\n";
print "\n";
print "\n";
}
sub header
{
print "Content-type: text/html\n\n";
print "\n";
print "\n";
print "\n";
print "\n";
print "Change your password \n";
print "\n";
print "\n";
}
sub footer
{
print "\n";
print "\n";
}
\\
Die Variablen
* $DBLOGIN
* $DBLOGIN
* $DBPASS
* $DATABASE
* $DBHOST
* $DBPORT
müssen natürlich angepasst werden. Was fehlt? password.css. \\
#overlay {
position: absolute;
background: #000;
opacity: 0.4;
width: 100%;
text-align: center;
top: 0px;
z-index:10;
}
* html #overlay {
filter:alpha(opacity=40);
z-index:10;
}
#error {
position:absolute;
left:20%;
top:80px;
width:60%;
overflow:auto;
height:100px;
z-index:999;
}
#error span a {
color:#555;
font-weight:bold;
}
#error span.close {
position:absolute;
right:5px;
}
#error {
position:absolute;
left:20%;
top:80px;
width:60%;
overflow:auto;
height:100px;
z-index:999;
}
#error span a {
color:#555;
font-weight:bold;
}
#error span.close {
position:absolute;
right:5px;
}
#breadCrumbNavi {
font-weight:bold;
font-size:12px;
/**
* @todo NP: Der Workaround hier stinkt.
*/
white-space: nowrap;
}
.login_msg {
margin: 1px 5px 0 5px;
font-size:10px;
color: #000000;
}
.login_error {
text-align:left;
background-color:#ffdddd;
border:1px solid #ff4343;
color: #000000;
width:400px;
margin:30px auto;
z-index:999;
}
.login_error p {
margin:5px;
}
.login_error div {
background-color:#ffa1a1;
border-bottom:1px solid #ff4343;
padding:5px;
margin:0;
}
#banner {
border-bottom:1px solid #000;
/*background-image:url(/i-doit/images/banner/placeholder.png)*/
background-color:#C00000;
background-repeat:repeat-x;
}
#loginInnerArea {
position:absolute;
width:100%;
height:400px;
text-align:center;
top:180px;
}
#loginContent {
height:120px;
background-image:url("/i-doit/images/banner/logo.gif");
background-repeat:no-repeat;
background-position:10px;
margin:30px 15px;
text-align:right;
}
#loginContent #login_submit {
padding:5px 0;
}
.button, .buttonActive {
border:solid 1px #000000;
color:#04309d;
font-weight:bolder;
font-size:12px;
}
.button {
background-color:#E5E9FF;
}
.buttonActive {
background-color:#C1C0EC;
}
\\
Das Stylesheet was ich verwende ist etwas anders, da ich noch mehr damit abdecke. Ich habe hier nur die im Passwort-Skript verwendenten Styles aufgelistet. Ggf. bitte korrigieren und mir ein Feedback schicken.\\ \\
Martin Fürstenau