Cacti

From RavenWiki
Revision as of 12:49, 16 July 2010 by rl201 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Cacti describes itself as '... a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality'. More information about it from http://www.cacti.net/

Tweaks

Assuming that you have cacti installed using internal authentication, make the following changes:

  • Enable "Web Basic Authentication". (Left-hand side menu, Settings, Authentication tab)
  • Set the "User template" to "admin" so that the next created user gets admin rights.
  • Enable "global authentication" - I failed to find a GUI setting for this so resorted to MySQL:

insert into settings (name,value) values ('global_auth','on');.

  • Adjust site/auth_login.php, changing references $_SERVER["PHP_AUTH_USER"] to $_SERVER["REMOTE_USER"]
  • Put your cacti site behind raven protection: I added
 AuthType Ucam-WebAuth
 Require valid-user
 Satisfy any

to the DirectoryMatch stanza in /etc/apache2/conf.d/cacti.conf.

Restart apache, close your browser, log in to cacti using raven authentication. Unless the cacti install is to be locked down further, at least change the admin option so that future people accessing cacti through raven only get guest-level access!

Hints

Problem(s) I ran into:

  • Newly created Raven user doesn't have admin rights and can't change anything!

I omitted to set the user template to "admin", so my newly-created ravenised user had no magical powers to administer the site. To recover from this, tweak the database:

-- Find the id of our newly-created user:
select id from user_auth where username='rl201';
-- +----+
-- | id |
-- +----+
-- |  5 | 
-- +----+
-- 1 row in set (0.00 sec)
-- Insert that id into the rights table:
insert into user_auth_realm (realm_id, user_id) values (1,5),(2,5),(3,5),(4,5),(5,5),(6,5),\
(8,5),(9,5),(10,5),(11,5),(12,5),(13,5),(14,5),(15,5),(16,5),(17,5);

rl201 13:49, 16 July 2010 (BST)