~bisscuitt/percona-monitoring-plugins/lsof

~bisscuitt/percona-monitoring-plugins/lsof_find

« back to all changes in this revision

Viewing changes to docs/cacti/ssh-based-templates.rst

Committer: Roman Vynar
Date: 2014-03-20 07:59:24 UTC
Revision ID: roman.vynar@percona.com-20140320075924-l5h9uwzl6zzpxd5e

Fix for bug #1295006 Introduce more secure location of PHP script configs to harden a Cacti setup

files modified:
Changelog

VERSION

cacti/scripts/ss_get_by_ssh.php

cacti/scripts/ss_get_mysql_stats.php

docs/cacti/hardening-cacti-setup.rst

docs/cacti/installing-templates.rst

docs/cacti/rds-templates.rst

docs/cacti/ssh-based-templates.rst

nagios/bin/pmp-check-aws-rds.py

Show diffs side-by-side

added added

removed removed

docs/cacti/ssh-based-templates.rst

120

with an external configuration file, but you can do it any way you please::

121

122

debian:~# cp scripts/ss_get_by_ssh.php /usr/share/cacti/site/scripts/

123

debian:~# cat > /usr/share/cacti/site/scripts/ss_get_by_ssh.php.cnf

123

debian:~# cat > /etc/cacti/ss_get_by_ssh.php.cnf

124

<?php

125

$ssh_user = 'cacti';

126

$ssh_iden = '-i /etc/cacti/id_rsa';

127

128

CTRL-D

129

130

If you need a more complex configuration setup, such as connecting to a

133

134

Securing Your Setup

135

-------------------

136

Ensure that any files under ``scripts/`` are not accessible from Web.

136

You can also place ``.cnf`` file in the same directory as the PHP script file

137

(just to keep the backward compatibility)

138

but this is a security risk as ``scripts/`` folder falls under the web directory.

139

So ``/etc/cacti/`` is the recommended location for ``.cnf`` file.

140

In any case, ensure that any files under ``scripts/`` are not accessible from Web.

137

141

Check out :ref:`Hardening Cacti setup <hardening_cacti_setup>` guide.

138

142

139

143

Testing the Setup

Older »