Tag Archives: Apache

The Fedora 20 Active Directory Integration Guide : Apache and Nagios

No network would be complete without monitoring, so in this example, we will install the popular monitoring software Nagios and use the Apache web server with a mod called pwauth.

First, make sure you have joined the domain.  Because pwauth connects Apache with PAM, we will be able to login to Nagios using our Active Directory credentials.

First we will install Apache and pwauth and set the SeLinux and Firewall configuration.

#yum install httpd
# yum install mod_authnz_external pwauth
#setsebool -P httpd_can_sendmail 1 [[BR]]
#setsebool -P httpd_can_network_connect 1 [[BR]]
#firewall-cmd --permanent --add-service=http [[BR]]
#firewall-cmd --permanent --add-service=https [[BR]]
#firewall-cmd --add-service=http [[BR]]
#firewall-cmd --add-service=https [[BR]]

Since we don’t want just anyone having access to this site, we will restrict it to domain admins by using the PAM pwauth module.

#vi /etc/pam.d/pwauth

Add the following line at the top of the file.  The braces allow the space in the group name.

auth       required     pam_succeed_if.so user ingroup [Domain Admins]

Install Nagios.

#yum install php nagios

Configure the nagios web site.  In this example, we will put nagios at the root of the server instead of in a subdirectory.

#vi /etc/httpd/conf.d/nagios.conf

Make the file look exactly like below.

ScriptAlias /cgi-bin/ "/usr/lib64/nagios/cgi-bin/"

<Location "/">
AuthName "Nagios Access"
AuthType Basic
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
</Location>

<Directory "/usr/lib64/nagios/cgi-bin/">
#  SSLRequireSSL
Options ExecCGI
AllowOverride None
</Directory>

<Directory "/usr/share/nagios/html">
#  SSLRequireSSL
Options None
AllowOverride None
</Directory>

Edit the main apache configuration File

#vi /etc/httpd/conf/httpd.conf

Comment out any existing line beginning with ‘ScriptAlias’ and update the following Line

DocumentRoot "/usr/share/nagios/html"

Make sure we will get alerts for service outages.

#vi /etc/nagios/objects/contacts.cfg

Update the following line.

email                           username@corp.mydomain.com   ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ******

Finish configuring Nagios and grant administrative privileges.

#vi /etc/nagios/cgi.cfg

Update the following lines.

url_html_path=/
authorized_for_system_information=username.da
authorized_for_configuration_information=username.da
authorized_for_system_commands=username.da
authorized_for_all_services=username.da
authorized_for_all_hosts=username.da
authorized_for_all_service_commands=username.da
authorized_for_all_host_commands=username.da

Start The Services

#systemctl enable nagios.service
#systemctl start nagios.service
#systemctl enable httpd.service
#systemctl start httpd.service

Browse to http://nagiosserver/ and you should now be able to login using your Active Directory domain administrator account.