search

mikaku / Monitorix

Monitorix is a free, open source, lightweight system monitoring tool.
https://www.monitorix.org
GNU General Public License v2.0
1.12k stars 167 forks source link

Feature request: Replace auth enabled=y by y|n|CIDR and disabled #274

Closed narcisgarcia closed 4 years ago

narcisgarcia commented 4 years ago

I'm using Monitorix 3.10.1 from Debian repositories.

Currently HTTP password authentication is set ( /etc/monitorix/monitorix.conf ) with: httpd_builtin -> auth -> enabled = y

But I need to not save clear passwords here: emailreports -> url_prefix

To reach both securities (web authentication + not clear passwords on files), I need that authentication is not required for requests from localhost. My proposal is to allow more values to "enabled" property and add "disabled" property: enabled=y enabled=n enabled=CIDR address disabled=y disabled=n disabled=CIDR address

With this, I could configure this setup: enabled=y disabled=192.168.0.0/16

mikaku commented 4 years ago

I'm using Monitorix 3.10.1 from Debian repositories.

Consider upgrading to the latest version (3.12). Since buster Monitorix is available in the official Debian repositories.

My proposal is to allow more values to "enabled" property and add "disabled" property: [...]

I think that the best approach would be to include two new options hosts_deny and hosts_allow inside the <auth> section. So you could easily define all your trusted hostnames and networks.

Does this sound reasonable to you?

narcisgarcia commented 4 years ago

Can you type here an example of an hosts_deny & hosts_allow use to get same example result exposed in the feature request? (specify auth by default but explicit hosts to not require authentication)

Apart; I only see monitorix 3.10.1-1 in Debian Stable (buster) repositories.

Narcis Garcia El 14/4/20 a les 16:30, Jordi Sanfeliu ha escrit:

I'm using Monitorix 3.10.1 from Debian repositories.

Consider upgrading to the latest version (3.12). Since buster Monitorix is available in the official Debian repositories.

My proposal is to allow more values to "enabled" property and add
"disabled" property:
[...]

I think that the best approach would be to include two new options |hosts_deny| and |hosts_allow| inside the || section. So you could easily define all your trusted hostnames and networks.

Does this sound reasonable to you?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mikaku/Monitorix/issues/274#issuecomment-613477231, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACBD42EOMEP6NAU4OAYARXLRMRXRDANCNFSM4L2LOPYA.

mikaku commented 4 years ago

Well, I was talking about something like this:

        <auth>
                hosts_deny = all
                hosts_allow = 127.0.0.1, 192.168.1.0/24
                enabled = y
                msg = Monitorix: Restricted access
                htpasswd = /var/lib/monitorix/htpasswd
        </auth>

(I think the example is self-explanatory)

Apart; I only see monitorix 3.10.1-1 in Debian Stable (buster) repositories.

You're right, I'm sorry I don't use Debian(-like) distributions.

Baptiste BEAUPLAT (the Monitorix package maintainer for Debian) told me that in order to update your current version you'll have to wait to the next stable version of Debian, or use the Izzy's alternate repository, or downloading manually the .deb file, etc.

Here the current versions of Monitorix in Debian: https://packages.debian.org/search?keywords=monitorix

narcisgarcia commented 4 years ago

In this clause context and feature request, I understand:

hosts_deny: Those hosts to require passowrd to hosts_allow: Those hosts with open access (no password required) enabled: If allowed hosts have authentication mechanism enabled. msg: Message to present to "denied" hosts htpasswd: Accounts to match with authentication required to "denied" hosts.

Well, strange explanations I got by combining my example with yours, because I will need to require password to all but some concrete hosts.

Narcis Garcia El 15/4/20 a les 18:43, Jordi Sanfeliu ha escrit:

Well, I was talking about something like this:

| hosts_deny = all hosts_allow = 127.0.0.1, 192.168.1.0/24 enabled = n msg = Monitorix: Restricted access htpasswd = /var/lib/monitorix/htpasswd |

(I think the example is self-explanatory)

Apart; I only see monitorix 3.10.1-1 in Debian Stable (buster)
repositories.

You're right, I'm sorry I don't use Debian(-like) distributions.

Baptiste BEAUPLAT (the Monitorix package maintainer for Debian) told me that in order to update your current version you'll have to wait to the next /stable/ version of Debian, or use the Izzy's alternate repository, or downloading manually the |.deb| file, etc.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mikaku/Monitorix/issues/274#issuecomment-614150423, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACBD42DHV7UDJC2HS6ZN4NDRMXP37ANCNFSM4L2LOPYA.

mikaku commented 4 years ago

hosts_deny: Those hosts to require passowrd to hosts_allow: Those hosts with open access (no password required) enabled: If allowed hosts have authentication mechanism enabled. msg: Message to present to "denied" hosts htpasswd: Accounts to match with authentication required to "denied" hosts.

hosts_deny will be the list of hosts/networks that will require authentication. hosts_allow will be the list of hosts/networks that won't require authentication (even when enabled = y).

The rest of options have not changed their meaning.

I hope things are cleared up now.

mikaku commented 4 years ago

Check the last update and let me know if it works for you.

mikaku commented 4 years ago

Closing due to no response for two weeks.

If you still need more information, please add a comment and the issue can be reopened.