Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon
Labs

Set Up Different Authentication Configurations

In this lab, we create users for Nagios and configure them to have different levels of access. This is one of the most common tasks for an administrator in a working environment. The administrator must perform this task every time someone new comes to the team or someone needs permissions changed for their user.

Try for free Contact sales
Google Cloud Platform icon
Labs

Path Info

Level
Clock icon Advanced
Duration
Clock icon 2h 45m
Published
Clock icon Jul 19, 2019

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Create the Joe User with Proper Permissions on the Nagios Server - PublicInstance1

    1. Verify the installation of Nagios is complete by checking for "DONE" to be at the end of LogFile.log.

      vim /home/cloud_user/LogFile.log

    2. Create the "Joe" user.

    ```bash
sudo htpasswd /usr/local/nagios/etc/htpasswd.users Joe
```

    1. Supply a password for the "Joe" user.

    2. Update the Nagios config file.

      sudo vim /usr/local/nagios/etc/cgi.cfg

    3. Search for the authorized_for_all_services line in the configuration file. Change that line in the file so it reads as follows.

      authorized_for_all_services=nagiosadmin,Joe

    4. Search for the authorized_for_all_hosts line in the configuration file. Change that line in the file so it reads as follows.

      authorized_for_all_hosts=nagiosadmin,Joe

    5. Search for the authorized_for_read_only line in the configuration file. If that line is commented out, add the following line below it. Otherwise, add "Joe" the value of the parameter.

      authorized_for_read_only=Joe

    6. Save your changes to the file and quit the editor.

    7. Restart the services to apply changes.

      sudo systemctl restart nagios
sudo systemctl restart httpd

  2. Challenge

    Create the Tom User with Proper Permissions

    1. Create the "Tom" user.

      sudo htpasswd /usr/local/nagios/etc/htpasswd.users Tom

    2. Supply a password for the "Tom" user.

    3. Update the Nagios config file.

      sudo vim /usr/local/nagios/etc/cgi.cfg

    4. Search for the authorized_for_system_information line in the configuration file. Change that line in the file so it reads as follows.

      authorized_for_system_information=nagiosadmin,Tom

    5. Similar to the above step, add "Tom" to each of the following parameters.

      • authorized_for_configuration_information
      • authorized_for_system_commands
      • authorized_for_all_services
      • authorized_for_all_hosts
      • authorized_for_all_service_commands
      • authorized_for_all_host_commands

    6. Save your changes to the file and quit the editor.

    7. Restart the services to apply changes.

      sudo systemctl restart nagios
sudo systemctl restart httpd

  3. Challenge

    Create the Lyra User with Proper Permissions

    1. Edit the contacts configuration file.

      sudo vim /usr/local/nagios/etc/objects/contacts.cfg

    2. Add the following text to the top of the file to define the "Lyra" user.

      define contact {

    contact_name        Lyra
    use                 generic-contact
    alias               Nagios Administrator

}

    3. Save your changes and quit the editor.

    4. Navigate to the objects directory and list all the files.

      cd /usr/local/nagios/etc/objects/
ls

    5. Open the templates.cfg file to see the template definitions.

      vim templates.cfg

    6. Continue editing the contacts configuration file.

      sudo vim templates.cfg

    7. Add a contact group by entering the following text to the file.

      define contactgroup (

    contactgroup_name       administrators
    alias                   Nagios Administrators
    members                 Lyra

)

    8. Save your changes and quit the editor.

    9. Restart Nagios to apply changes.

      sudo systemctl restart nagios

  4. Challenge

    Create a Host and Service

    1. Create a new file for host and service definitions.

      sudo vim linux-server-hub.cfg

    2. Add the following text to the file to define the host.

      define host {

    use             linux-server
    host_name       serverHub
    alias           srvHub
    address         <Public IP Address of PublicInstance2>
    contact_groups  administrators

}

    3. Add the follow text to the file to define the service.

      defined service {

    use                     generic-service
    host_name               serverHub
    service_description     check ssh
    contact_groups          administrators
    check_command           check_ssh

}

    4. Save your changes and quit the editor.

    5. Edit the nagios.cfg file.

      sudo vim /usr/local/nagios/etc/nagios.cfg

    6. Add the following text to the file.

      # Definitions for Linux Hosts
cfg_file=/usr/local/nagios/etc/objects/linux-server-hub.cfg

    7. Save your changes and quit the editor.

    8. Create the "Lyra" user. Note that this is a missing step performed in a later video.

      sudo htpasswd /usr/local/nagios/etc/htpasswd.users Lyra

    9. Restart the services to apply changes.

      sudo systemctl restart nagios
sudo systemctl restart httpd

  5. Challenge

    Verify the Account Information

    1. Open a private browser window and navigate to http://PUBLIC_IP_FIRST_SERVER/nagios.

    2. Log in with your credentials for user "Joe".

    3. Click Services on the left-hand menu.

    4. Click SSH.

    5. Verify this account does not have permission to execute commands.

    6. Close the window and open a new private browser window. Navigate to the same address and log in with your credentials for user "Tom".

    7. Click Hosts on the left-hand menu. Verify you can see both localhost and serverHub.

    8. Click Services on the left-hand menu.

    9. Click SSH.

    10. Verify this account can access service commands.

    11. Close the window and open a new private browser window. Navigate to the same address and log in with your credentials for user "Lyra".

    12. Click Hosts on the left-hand menu. Verify you can see only the serverHub host.

    13. Click Services on the left-hand menu. Verify the only entry is the check_ssh service for serverHub.

    14. Return to the shell and connect to the second lab server using the credentials provided on the hands-on lab page.

      ssh cloud_user@PUBLIC_IP_SECOND_SERVER

    15. After confirming you can log in to the server, sign out.

      exit

  6. Challenge

    Disable All Authentication

    1. Open the nagios.conf file.

      sudo vim /etc/httpd/conf.d/nagios.conf

    2. Comment out all lines in the file except for the following.

      • Lines surrounded by angle brackets.
      • Lines that say Allow from all.
      • Lines that say Require all granted. Note that this corrects an error corrected later in the video.

    3. Save your changes and quit the editor.

    4. Restart the web service.

      sudo systemctl restart httpd

    5. Open a private browser window and navigate to http://PUBLIC_IP_FIRST_SERVER/nagios.

    6. Verify that you can access the server without logging in.

    7. Click on Hosts from the left-hand menu and verify nothing is listed.

    8. Click on Services from the left-hand menu and verify nothing is listed.

    9. Back in the shell, edit the cgi.cfg file.

      sudo vim /usr/local.nagios/etc/cgi.cfg

    10. Change the use_authentication=1 line to use_authentication=0.

    11. Save your changes and quit the editor.

    12. Restart the Nagios service.

      sudo systemctl restart nagios

    13. Back in your private browser, refresh the window and verify you now have access to multiple hosts and services, as well as access to service commands.

  7. Challenge

    Enable the Authentication

    1. Return to the shell and edit the cgi.cfg file.

      sudo vim /usr/local.nagios/etc/cgi.cfg

    2. Change the use_authentication=0 line to use_authentication=1.

    3. Save your changes and quit the editor.

    4. Open the nagios.conf file.

      sudo vim /etc/httpd/conf.d/nagios.conf

    5. Uncomment all the lines that you commented out an earlier step.

    6. Save your changes and quit the editor.

    7. Restart the services.

      sudo systemctl restart nagios
sudo systemctl restart httpd

    8. Return to the browser window and refresh your view.

    9. Log in as "Tom" and verify the expected behavior.

A Cloud Guru - Labs - Set Up Different Authentication Configurations
Author
A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans