Protecting config files

Support questions about the Network Weather Map plugin

Moderators: Moderators, Developers

Post Reply
Author
Message
jnewb
Posts: 10
Joined: Mon Oct 31, 2016 6:54 pm

Protecting config files

#1 Post by jnewb » Mon Oct 31, 2016 7:04 pm

Hello, I'm a newbie to Cacti and Linux. I have created some config files. The files are all located in /usr/share/cacti/plugins/weathermap/configs. I have found that I am able to access those config files directly via a web browser (e.g. http://<IP address of cacti server>/cacti/plugins/weathermap/configs/test.conf). Is there a way to make those config files inaccessible via web browser or somehow password protect them?

User avatar
Howie
Cacti Guru User
Posts: 5334
Joined: Thu Sep 16, 2004 5:53 am
Location: United Kingdom
Contact:

Re: Protecting config files

#2 Post by Howie » Tue Nov 01, 2016 4:53 am

What webserver do you use? There's already a .htaccess file for Apache in the configs folder that would normally stop web access.

If you use Apache, you might need to add "AllowOverride" to your Apache config so that it takes notice of the .htaccess file. Here's a link for how that works on Ubuntu /Debian: https://ubuntuforums.org/showthread.php?t=1506129

(On other Linux, it will be different: sites-available is a specific Debian/Ubuntu thing)
Weathermap 0.98 is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)

jnewb
Posts: 10
Joined: Mon Oct 31, 2016 6:54 pm

Re: Protecting config files

#3 Post by jnewb » Wed Nov 02, 2016 2:13 pm

I'm using Apache v2.4.6. I found some info on the web about password protecting folders using the .htaccess and .htpasswd files. But those didn't work for me. After looking at the link in the last response, I changed httpd.conf.

Currently, I have the following set in /etc/httpd/conf/httpd.conf.

<Directory "/var/www">
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

FYI - after each change to httpd.conf, I restarted Apache using the command "apachectl restart".

I can still access the config file via web browser.

User avatar
Howie
Cacti Guru User
Posts: 5334
Joined: Thu Sep 16, 2004 5:53 am
Location: United Kingdom
Contact:

Re: Protecting config files

#4 Post by Howie » Wed Nov 02, 2016 2:24 pm

This isn't really a weathermap issue...

OK, so what directory is Weathermap in? (Is it below /var/www somewhere, or in /usr/share or similar where Ubuntu sometimes puts things)

And do you still have the original (from the zip) .htaccess in the configs/ folder?
Weathermap 0.98 is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)

jnewb
Posts: 10
Joined: Mon Oct 31, 2016 6:54 pm

Re: Protecting config files

#5 Post by jnewb » Wed Nov 02, 2016 2:49 pm

FYI - I'm running Centos 7.

Weathermap is in /usr/share/cacti/plugins/weathermap.

Yes, I have the original .htaccess in the configs folder.

User avatar
Howie
Cacti Guru User
Posts: 5334
Joined: Thu Sep 16, 2004 5:53 am
Location: United Kingdom
Contact:

Re: Protecting config files

#6 Post by Howie » Wed Nov 02, 2016 3:19 pm

OK, so adding 'AllowOverride all' to /var/www is not going to affect /usr/share :-)

Have a look through /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/*.conf for another <Directory> mentioning /usr/share

If there isn't one, you probably want to create a new file /etc/httpd/conf.d/weathermap.conf containing:

Code: Select all

<Directory "/usr/share/cacti/plugins/weathermap">
AllowOverride All
</Directory>
or something similar. Then restart Apache.

I expect that you might already have something like /etc/httpd/conf.d/cacti.conf
Weathermap 0.98 is out! & QuickTree 1.0. Superlinks is over there now (and built-in to Cacti 1.x).
Some Other Cacti tweaks, including strip-graphs, icons and snmp/netflow stuff.
(Let me know if you have UK DevOps or Network Ops opportunities, too!)

jnewb
Posts: 10
Joined: Mon Oct 31, 2016 6:54 pm

Re: Protecting config files

#7 Post by jnewb » Wed Nov 02, 2016 3:37 pm

I created a weathermap.conf file. That worked! I get a prompt for password to access config files now. Thank you Howie!! You're awesome!

Post Reply