AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : proxy_et_apt-get notes_sonar_ldap notes_udev_udevadm firefox_sudo pb_-_gpg notes_hsm notes_snmp notes_-_kubernetes pb_plugin_nagios_centreon_nsclient_403
tech:pb_plugin_nagios_centreon_nsclient_403

Ceci est une ancienne révision du document !

Table des matières

, , , , ,

Pb plugin Nagios centreon NSClient 403

Getting response 403 Your not allowed from NSClient++ running on Windows over the REST API but curl ok

Problème

https://community.icinga.com/t/getting-response-403-your-not-allowed-from-nsclient-running-on-windows-over-the-rest-api/4005 

$ /usr/lib/centreon/plugins/centreon_nsclient_restapi.pl --plugin=apps::nsclient::restapi::plugin --mode=query --hostname='192.168.1.161' --port='8443' --proto='https' --legacy-password='centreon' --insecure --command=check_cpu --arg="warning=time = '5m' and load > 80" --arg="critical=time = '5m' and load > 90" --arg=show-all
UNKNOWN: 403 Forbidden

Alors que le curl fonctionne 

curl -k -u centreon:centreon https://192.168.1.161:8443/api/v1/scripts/ext?all=true

Analyse - Création d'un MITM HTTPS avec socat

Résultats

Test OK

curl -k -u centreon:centreon https://127.0.0.1:1443/api/v1/scripts/ext?all=true
[root@centreon-central ~]# PORT=1443 FQDN=localhost
[root@centreon-central ~]# socat -v -ls OPENSSL-LISTEN:${PORT},reuseaddr,cert=${FQDN}.pem,verify=0,crlf,fork TCP4:localhost:8080
> 2025/04/04 12:27:38.353691  length=146 from=0 to=145
GET /api/v1/scripts/ext?all=true HTTP/1.1
Host: 127.0.0.1:1443
Authorization: Basic Y2VudHJlb246Y2VudHJlb24=
User-Agent: curl/7.61.1
Accept: */*

< 2025/04/04 12:27:38.378346  length=1681 from=0 to=1680
HTTP/1.1 200\r\r
Content-Length: 1544\r\r
Set-cookie: token=yapnxrpMCARCr4zdGc81tBDKsMlaZTXC; path=/\r\r
Set-cookie: uid=centreon; path=/\r\r
\r\r

Test NOK

/usr/lib/centreon/plugins/centreon_nsclient_restapi.pl --plugin=apps::nsclient::restapi::plugin --mode=query --hostname='127.0.0.1' --port='1443' --proto='https' --legacy-password='centreon' --insecure --command=check_cpu --arg="warning=time = '5m' and load > 80" --arg="critical=time = '5m' and load > 90" --arg=show-all
UNKNOWN: 403 Forbidden
[root@centreon-central ~]# socat -v -ls OPENSSL-LISTEN:${PORT},reuseaddr,cert=${FQDN}.pem,verify=0,crlf,fork TCP4:localhost:8080
> 2025/04/04 12:34:59.797373  length=315 from=0 to=314
GET /query/check_cpu?warning%3Dtime%20%3D%20%275m%27%20and%20load%20%3E%2080&critical%3Dtime%20%3D%20%275m%27%20and%20load%20%3E%2090&show-all HTTP/1.1
TE: deflate,gzip;q=0.3
Keep-Alive: 300
Connection: Keep-Alive, TE
Host: 127.0.0.1:1443
User-Agent: centreon::plugins::backend::http::useragent
Password: centreon

< 2025/04/04 12:34:59.804956  length=59 from=0 to=58
HTTP/1.1 403\r\r
Content-Length: 20\r\r
\r\r
403 Your not allowed

Solution

Ajouter les arguments ci-dessous pour l'authentification “basic”

  • --basic
  • --credentials
  • --username=centreon
  • --password=centreon
/usr/lib/centreon/plugins/centreon_plugins --plugin=apps::nsclient::restapi::plugin --mode=query --hostname='192.168.1.161' --port='8443' --proto='https' --basic --credentials --username=centreon --password=centreon --insecure --command=check_cpu --arg="warning=time = '5m' and load > 80" --arg="critical=time = '5m' and load > 90" --arg=show-all
tech/pb_plugin_nagios_centreon_nsclient_403.1743769090.txt.gz · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki