Using authentication for the Nagios Core web interface
In this recipe, we'll explore the use of basic authentication for the Nagios Core web interface, probably the single most important configuration step in preventing abuse of the software by malicious users.
By default, the Nagios Core installation process takes the sensible step of locking down the CGI scripts in its recommended Apache configuration file with standard HTTP authentication for a default user named nagiosadmin
, with full privileges.
Unfortunately, some administrators take the step of removing this authentication or never installing it despite the recommendations in the installation guide. It's a good idea to install it and keep it in place even on private networks, especially if the server running Nagios Core is open to the Internet in any way (generally not advised).
Keeping authentication on is useful not just because of the security benefits, but also because it allows you to set up basic access control, allowing certain...