Requiring authentication for the web interface
In this recipe, we'll explore the use of basic authentication for the Nagios Core web interface, probably the single most important configuration step in preventing abuse of the software by malicious users.
By default, the Nagios Core installation process takes the sensible step of locking down the authentication by default in its recommended Apache configuration file, with standard HTTP authentication for a default user named nagiosadmin
, with full privileges.
Unfortunately, some administrators take the step of removing this authentication or never installing it, in spite of the recommendations in the installation guide. It's a good idea to install it and keep it in place even on private networks, and especially if the server running Nagios Core is open to the Internet in any way (generally not advised).
This is not just because of the security benefits, but also because it allows you to set up basic access control, allowing certain users the...