OK, I'll PAY to have someone get this running for me!

[site1]

I'm the guy who started this topic: http://forums.cacti.net/viewtopic.php?f=2&t=40568 - no responses, and I tried to change my email but I never got the confirmation email, so I had to create a new login.

I'm so frustrated with this product, having taken a couple of DAYS to try and get it running without any success. Both I and my hosting provider have done all we can think of to install cacti and get it working. I'm using the basic stuff installed when you do a new install of cacti, but the poller is running to the 5 minute mark and bombing out. snmpwalk is working fine, as you can see from the earlier post I mentioned.

I'm running a cPanel server - does cacti not run on cPanel?

I'm about ready to give up, but I see a great deal of potential for this application, and I'm kind of invested in terms of time. At this point, I'm ready to see if anyone would be willing to get paid a small amout ($25 is what I'm thinking) to get this running on my server.

If anyone is interested, please contact me at paul@siteoneinternet.com.

[yuval_ba]

A very common mistake (which I've done myself) is to set the cronjob interval for something lower than 5 minutes, while also changing the poller interval inside cacti to something lower.
I did not see your other thread. but what is your cronjob interval? and what is your poller interval inside cacti?

[site1]

Actually, I did finally manage to get it working, by re-enabling some of the PHP features I had turned off for security reasons (shell_exec(),exec() and popen()). These are actually pretty dangerous to leave open, so I'm not certain I'm going to keep cacti as a solution.

[yuval_ba]

OK, I'm not a PHP expert. but if you run Cacti inside a trusted network behind Firewall, you might be less concerned about such risks...

[Voiper99]

Judging by site1's posts, it seems like he is running it on a web server hosted by a hosting company.

I think you may find that most people tend to run Cacti on their private netwrok, behind their firewalls. Not exposed on the internet. Though I could be wrong.

[site1]

I'm running it on a dedicated server from HostGator, which I use to resell hosting to my clients. I do have a firewall, and have also used ConfigServer's services to set up the server for security; it is their recommendation that the above listed functions be disabled, regardless of whether there's a firewall or not.

[Voiper99]

My web server knowledge is no where near as good as it could be, but if you are able to configure your web server/firewall in a way that data can be sent and received is if it is sourced from a trusted IP address or destined for a trusted IP address. That way, if your Cacti box has a dedicated IP address, you can block all data except for your IPs. Correct me if I'm wrong, then hackers will not be able to get to your box even if it is extremely unsecure?

[becketts]

Look, php is a bit iffy security wise no matter what, but anyone with a bit of acumen will take steps beyond just disabling a few functions in securing a php driven site.
To the OP, cacti really is the best of breed for what it does, so i would trash it just because some recommendation advises you to disable a function that it relies on.

Firstly, add additional layers of authentication prior to the login for the site, dont just rely on the built in cacti user management to secure it.

Better yet, if available use ldap for authentication and enable increased password management such as expiring passwords, fail to ban, complexity etc etc.

Then run the site via ssl, even a self signed cert is a bit step up from clear text comms.

no matter how clever you are or what functions you disable if someone wants to hack you they will.
your best course of action is to harden up all aspects to some level, keep the functions that you require for your preferred tools but increase security on the supporting infrastructure to make exploitation infeasible