An anecdote in Nagios.One user inform us that he can access a lot of information at our Nagios System. This user can't access to Nagios. And my questios was "How have you been able to do it?"
The user send us some screenshoot like:
We start a little analisys:
[ ] Check audit logs
I find which the user that have connected. I can view his username, IP address and date connection.
[ ] Now, With your username and I can check his user privileges
He has read only permissions.
[] I compare the audit date log with other user screenshot
[ ] I connect to Nagios server by console. With the IP addrees I check the Apache logs:
We can view what is the first user link connection.
https://servidor/nagiosxi/rr.php?uid=6-7233-d69ce763420a85291a4ab106cf57d15d
[ ] CONCLUSION:
In Apache logs We can see which URL he has used and how the user cut the URL (log apache second line) to connect to other Nagios options later ( https://servidor/nagiosxi).
The origin was one URL in a well-known informative email.
When the user clicking the link goes to Nagios:
by GoN | Published: March 24, 2017 | Last Updated:
No hay comentarios:
Publicar un comentario