[Pkg-nagios-devel] Bug#660054: Bug#660054: icinga-cgi: better default for cgi_log_file

Michael Friedrich michael.friedrich at univie.ac.at
Thu Feb 16 09:40:07 UTC 2012


Christoph Anton Mitterer wrote:
> Package: icinga-cgi
> Version: 1.6.1-2
> Severity: minor
>
>
> Hi.
>
> The current default in /etc/icinga/cgi.cfg for cgi_log_file is:
> /usr/share/icinga/htdocs/log/icinga-cgi.log

and to enable that, you have to set another option at first stage. this 
an upstream experimental functionality to allow logging of cmd.cgi 
commands (user, address, command) and depends on the packager actually 
enabling that.

use_logging=<0|1>

http://docs.icinga.org/latest/en/configcgi.html

>
> Guess this is not only a quite bad place (/usr should not be touced, may be
> read-only, etc.) but also forbidden by the policy (yes I know logging is disabled
> by default).

if the packager decides to enable that feature, you might have to change 
that location as well, as it only matches the upstream prefix 
/usr/local/icinga
rpms do that currently.
>
>
> Can we perhaps find a better place?
> As it must be writable by the CGI user (at least per default www-data)
> /var/log doesn't work, neither /var/log/icinga (owned nagios:adm).
at first you should decide enabling this by default in upstream packages.

>
> My suggestions would be:
> 1) Let postinst create a file owned<cgi-user>:<cgi-user>  in /var/log/icinga
> and use this as default file.

there will be logrotation if you set the option (and probably you will). 
therefore the archive option should be well defined as well.
> 2) Change the owner group of /var/log/icinga itself. (guess that would be a
> worse solution).
> 3) Set just some dummy value to cgi_log_file, that makes the user clear, that
> he has to set something sane/safe, if he want's to use it.

shouldn't that be the first attempt when someone tries to enable logging 
to look for an appropriate location him/herself? i would keep this 
functionality in debian packages disabled and therefore use at own risk 
unless upstream decides to change that behaviour by default.

>
>
> I would try to provide patches, if you decide what to do.
>
>
> Cheers,
> Chris.
>
>
>
> _______________________________________________
> Pkg-nagios-devel mailing list
> Pkg-nagios-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-nagios-devel


-- 
DI (FH) Michael Friedrich

Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria

email:  michael.friedrich at univie.ac.at
phone:  +43 1 4277 14359
mobile: +43 664 60277 14359
fax:    +43 1 4277 14338
web:    http://www.univie.ac.at/zid
         http://www.aco.net

Lead Icinga Core Developer
http://www.icinga.org






More information about the Pkg-nagios-devel mailing list