[Pkg-nagios-devel] nagios README.pgsql,1.1,1.2 changelog,1.38,1.39

seanius@haydn.debian.org seanius@haydn.debian.org 

Update of /cvsroot/pkg-nagios/nagios
In directory haydn:/org/alioth.debian.org/chroot/home/users/seanius/tmp/cvs-serv14906

Modified Files:
	README.pgsql changelog 
Log Message:
suggestions from marcus better


Index: README.pgsql
===================================================================
RCS file: /cvsroot/pkg-nagios/nagios/README.pgsql,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- README.pgsql	18 Jan 2005 06:40:04 -0000	1.1
+++ README.pgsql	22 Feb 2005 04:49:55 -0000	1.2
@@ -1,6 +1,13 @@
 INSTALLING AND CONFIGURING NAGIOS/POSTGRESQL
 
    Author: Ricky Ng-Adam, rngadam@yahoo.com, January 2005
+   Additional Editing by:
+   	Sean Finney <seanius@debian.org>
+	  - various editorial liberties :)
+   	Marcus Better <marcus@better.se>
+	  - pointing out nagios needed to be owner of databases.
+	  - pointing out cgi scripts could be granted less privileges
+	    by creating a seperate user.
 
 = Introduction =
 
@@ -9,18 +16,13 @@
 
 = Installation =
 
-   Install the Debian package:
-
-# su
-# apt-get install nagios-pgsql
-
    Next, we will setup the PostgreSQL database:
 
 # gunzip /usr/share/doc/nagios-pgsql/create_pgsql.gz
 # su postgres
-# createdb nagios
 # psql nagios < /usr/share/doc/nagios-pgsql/create_pgsql
 # createuser -A -D nagios
+# createdb -O nagios nagios
 # createlang plpgsql nagios
 # psql nagios
 
@@ -102,7 +104,20 @@
 :%s/#x/x/g
 :%s/someport/5432/g
 
-   Repeat same for /etc/nagios/cgi.cfg.
+   Repeat same for /etc/nagios/cgi.cfg.  If you are security-minded,
+   it has been pointed out that you can create a seperate user, to
+   whom you can grant restricted permissions to be used by the cgi scripts:
+
+# createuser -A -D nagios_cgi
+
+in psql:
+
+ALTER USER nagios PASSWORD 'my-secret-cgi-password';
+
+GRANT SELECT ON hostextinfo, programstatus, servicestatus, hoststatus, hostcomments, servicecomments, hostdowntime, servicedowntime, serviceextinfo TO nagios_cgi;
+
+Then the user and password for nagios_cgi should be entered in
+/etc/nagios/nagios.cgi.
 
    In the same file, change the check command:
 

Index: changelog
===================================================================
RCS file: /cvsroot/pkg-nagios/nagios/changelog,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -d -r1.38 -r1.39
--- changelog	15 Feb 2005 22:17:38 -0000	1.38
+++ changelog	22 Feb 2005 04:49:55 -0000	1.39
@@ -1,3 +1,14 @@
+nagios (2:1.3-cvs.20050116-4) unstable; urgency=low
+
+  * Sean Finney:
+    - updates to README.pgsql: the postgres user nagios should be the
+      owner of the nagios databases, and the cgi scripts don't need
+      full access to the nagios databases, so creating another user
+      is good practice security-wise.  thanks for this go to
+      Marcus Better <marcus@better.se> (closes: #296100, #296306).
+
+ -- Sean Finney <seanius@debian.org>  Mon, 21 Feb 2005 23:21:29 -0500
+
 nagios (2:1.3-cvs.20050116-3) unstable; urgency=low
 
   * Sean Finney: