tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

monitoring: Update security documentation

This commit is contained in:
Johannes Meyer 2015-06-18 15:48:01 +02:00
parent 8296e2f4c8
commit 22feb08f44
2 changed files with 18 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
doc/security.md
View File

@ -108,14 +108,14 @@ To get you a quick start, here is an example of what a role definition could loo
[winadmin] [winadmin]
users = "jdoe, janedoe" users = "jdoe, janedoe"
groups = "admin" groups = "admin"
permissions = "config/application/*, monitoring/commands/schedule-check" permissions = "config/application/*, monitoring/commands/schedule-check"
monitoring/filter/objects = "host=*win*" monitoring/filter/objects = "host_name=*win*"
This example creates a role called **winadmin**, that grants all permissions in `config/application/*` and `monitoring/commands/schedule-check` and additionally only This example creates a role called **winadmin**, that grants all permissions in `config/application/*` and `monitoring/commands/schedule-check` and additionally only
allows the hosts and services that match the filter `host=*win*` to be displayed. The users allows the hosts and services that match the filter `host_name=*win*` to be displayed. The users
**jdoe** and **janedoe** and all members of the group **admin** will be affected **jdoe** and **janedoe** and all members of the group **admin** will be affected
by this role. by this role.
@ -210,8 +210,8 @@ Any filter expression that is allowed in the filtered view, is also an allowed f
This means, that it is possible to define negations, wildcards, and even nested This means, that it is possible to define negations, wildcards, and even nested
filter expressions containing AND and OR-Clauses. filter expressions containing AND and OR-Clauses.
The filter expression will be **implicitly** added as an **AND-Clause** to each query on The filter expression will be **implicitly** added as an **AND-Clause** to each query on
the filtered data. The following shows the filter expression `host=*win*` being applied on `monitoring/filter/objects`. the filtered data. The following shows the filter expression `host_name=*win*` being applied on `monitoring/filter/objects`.
Regular filter query: Regular filter query:
@ -225,7 +225,7 @@ With our restriction applied, any user affected by this restrictions will see th
results of this query instead: results of this query instead:
AND-- host = *win* AND-- host_name = *win*
| |
+--AND-- service_problem = 1 +--AND-- service_problem = 1
| |
@ -257,13 +257,13 @@ the filter expressions. The following examples will show the usefulness of this
[winadmin] [winadmin]
groups = "windows-admins" groups = "windows-admins"
monitoring/filter/objects = "host=*win*" monitoring/filter/objects = "host_name=*win*"
Will display only hosts and services whose host name contains **win**. Will display only hosts and services whose host name contains **win**.
[webadmin] [webadmin]
groups = "web-admins" groups = "web-admins"
monitoring/filter/objects = "host!=*win*" monitoring/filter/objects = "host_name!=*win*"
Will only match hosts and services whose host name does **not** contain **win** Will only match hosts and services whose host name does **not** contain **win**
@ -276,4 +276,4 @@ Notice that because of the behavior of two stacking filters, a user that is memb
monitoring/filter/objects = "(hostgroup_name=bsd-servers|hostgroup_name=linux-servers)" monitoring/filter/objects = "(hostgroup_name=bsd-servers|hostgroup_name=linux-servers)"
This role allows all members of the group unix-admins to see hosts and services This role allows all members of the group unix-admins to see hosts and services
that are part of the host-group linux-servers or the host-group bsd-servers. that are part of the host-group linux-servers or the host-group bsd-servers.

25
modules/monitoring/doc/security.md
View File

@ -38,7 +38,7 @@ The monitoring module allows filtering objects:
This filter will affect all hosts and services. Furthermore, it will also This filter will affect all hosts and services. Furthermore, it will also
affect all related objects, like notifications, downtimes or events. If a affect all related objects, like notifications, downtimes and events. If a
service is hidden, all notifications, downtimes on that service will be hidden too. service is hidden, all notifications, downtimes on that service will be hidden too.
@ -47,19 +47,10 @@ service is hidden, all notifications, downtimes on that service will be hidden t
The following filter column names are available in filter expressions: The following filter column names are available in filter expressions:
| Column | | Column |
|------------------------------------------------------| |--------------------------------------------------------------|
| host | | host_name |
| host_alias | | hostgroup_name |
| host_display_name | | service_description |
| host_name | | servicegroup_name |
| hostgroup | | + all custom variables prefixed with `_host_` or `_service_` |
| hostgroup_alias |
| hostgroup_name |
| service |
| service_description |
| service_display_name |
| service_group |
| service_group_alias |
| service_group_name |
| + all custom variables prefixed with host or service |