Security bug?...and need some help too

[crenguta]

Hi!

I first want to report something that i call a "bug".
I am using cacti and i am having a little problem..
When trying to access graf.domain.ro i have to fill in my username and password, which is great.
But i tested with some friends and seen that if tryning to access the link below
http://graf.domain.ro/graph_view.php?ac ... &tree_id=3
they can see my stuff without using any username/password. I don't want everybody in the internet to see if my routers are up or down and so on...

Can we do something about it?
Maybe i set it up incorectly...
If not...what's the use of being able to make users when everybody can see ALL my grafs.

Now, secondly i am triyng to use a script with cacti.This script is measuring traffic using
rate-limit on cisco.
It doesn't work, obviously i did something wrong...cause i'm getting this message
rrdtool Data Source Configuration

CANNOT FIND DATA SOURCE: /services/cacti//rra/cfr.rrd

THIS DATA SOURCE NEEDS TO HAVE AT LEAST ONE RRA ASSOCIATED WITH IT!

/usr/bin/rrdtool create \
/services/cacti//rra/cfr.rrd \
--step 300 \
DS:conformed:ABSOLUTE:600:0:1 \
DS:over:ABSOLUTE:600:0:1 \
RRA:::: \

Can u help me?

Bye

[yid]

Short answer to your second question:
First off, it looks like you have an extra "/" in your ds config somewhere.

Second, In your datasource configuration there a selection box with your RRAs. Select one or more of the RRAs in that box, and click "Save"
Still doesn't work?
I'd take a look at the links from the datasources to the RRAs in the database:

Code: Select all

#  <mysqlpath>/bin/mysql -u <mysqluser> -p<mysqlpassword> cacti
mysql>  SELECT `ID` FROM rrd_ds WHERE `Name` = "<your ds name>";
mysql>  SELECT * FROM lnk_ds_rra WHERE `DSID` = <result from last query>;

Is anything there? Do the RRAIDs match your RRAs?

Code: Select all

mysql>  SELECT * FROM rrd_rra;

Aaron

[crenguta]

this is the script i am trying tu use...

if [ -n $1 ] ; then
{
for q in `grep "matches: access-group $1" /tmp/rate -A3 | grep bytes | sed -e "s/\ *//"| cut -d " " -f 4;` ; d
o echo -n $q ; echo -n " "; done;
}
else
echo no arguments specified;
fi;

this is the output :


[root@myserver scripts]# ./getintlrate
198450521 87599 4212 0 320786 662064 178 0 808 0 543762 118302 8399163 1369392 3708 0 4604458 973835 201398 34155 335583259 35769172 45170175 860623 5353100 371239 0 0 353966731 17741708 0 0 415934734 177055 348779895 61870 92607227 69971 406700372 83832 49498553 929910 5017943 411026 67903996 4800840 8132738 292936 32723657 0 246187807 7027755 36301059 0 26184413 73382 12315707 259014 20442070 6835643 4644130 1200619 6542043 155681 17398005 7299950 39776116 9036807 2513822 1730 5429560 110219 1292 0 11042209 165827 1803379 281537 2183665 134522 208 0 344 0 62247 3028 418504 797570 2260567 2600284 1850521 611898 2804452 9505605 381507 210217 208 0 2696399 8837291 0 0 282 0 208 0 208 0 115529 0 436381 23418 461439 287836 2073909 856584 10568066 41280735 134 0 2045780 3754548 992485 704498 495681 490792 461184 540649 1477 0 1652344 252712 543495 294036 2102861 2572829 208 0 23395146 2038508 895702 135837 36461740 13817303 0 0 240 0 426575 16337 6101074 1352083 31062185 1882018 564791 27314 73233 0 21077110 12242320 4391386 365954 5652 0 143204 3028 9429249 381758 3052070 18912 8338271 113160 52989 0 5344680 441394 2883016 11112 11027012 1625646 746847 38033 52399 0 5143212 534090 21168954 15194686 2326 0 1958398 0 9613014 1473948 5061459 207258 11065975 1446376 282 0 1435736 0 1979649 110808 6110 0 374215 29181 23542067 6539533 2438581 171068 2939729 569999 208 0 [root@myserver scripts]#

[bocasman]

Hi,

What do you whant to measure in the router?

[Guest]

Hi Yid!

i think i got it all wrong....

did what u asked me to do and got this :



mysql> SELECT `ID` FROM rrd_ds WHERE `Name` = "<getrate>";
Empty set (0.01 sec)

The error that i get is still the same

rrdtool Data Source Configuration

THIS DATA SOURCE NEEDS TO HAVE AT LEAST ONE RRA ASSOCIATED WITH IT!

/usr/bin/rrdtool create \
/services/cacti//rra/getrate.rrd \
--step 300 \
DS:getrate:ABSOLUTE:600:0:1 \
RRA:::: \

If u have some time to help me , please do

thanks a lot !
bye!

[Guest]

maybe a silly question,
but do i have to create the .rrd file manualy??
i mentioned that i have that shell script.
if i have to create the rrd file manualy, how do i do it?

[crenguta]

anyone there?
i some how managed to get rid of that errors but still can't see any grafs
i created that rrd file manualy using
#touch /services/cacti//rra/getratein.rrd

yac, it's not working...please anyone with isome deas give me a sign...

ciao!

[crenguta]

Sorry to bother u all again... but is this corect?
i have no errors now an' still no grafics

mm..i have to mention how i created the rrd files:

[root@server rra]# > rate-limit2001_cf.rrd
[root@server rra]# > rate-limit2001_ex.rrd
[root@server rra]# > rate-limit2001.rrd

i tried like this but it didn't work

[root@server rra]# rrdtool create rate-limit2001.rrd
ERROR: you must define at least one Round Robin Archive




rrdtool Data Source Configuration

/usr/bin/rrdtool create \
/services/cacti//rra/rate-limit2001.rrd \
--step 300 \
DS:cf:COUNTER:600:0:1 \
DS:ex:COUNTER:600:0:1 \
RRA:AVERAGE:0.5:1:600 \
RRA:AVERAGE:0.5:6:700 \
RRA:AVERAGE:0.5:24:775 \
RRA:AVERAGE:0.5:288:797 \
RRA:MAX:0.5:1:600 \
RRA:MAX:0.5:6:700 \
RRA:MAX:0.5:24:775 \
RRA:MAX:0.5:288:797 \

[bocasman]

Hi crenguta,

I did ask you what are you trying to plot exactly, because maybe I can find the correct OID for you to poll, instead of using a script, so I will appreciate if you could explain me what are you asking the router for with your script.

Mi intention is not to bother you..., is to help.

[sa10]

There's been alot of reponse to his second question.. but not his first.

I have noticed this "bug" as well and am wondering if there is a way to fix it.

JJ

[crenguta]

Hi bocasman! and everybody else reading

So...what i am trying to plot.

I have this script that works with my router.I am using rate-limit on this router and trying to plot the conform and exceed values.When running the script the returned values are , as i sad,
the conform and the exceed values like this :
[root@myserver scripts]# ./getintlrate 2001
152355604 1438394
I WANT TO PLOT THOSE VALUES : 152355604 1438394
do i have to add a crontab line to run my script every 5 minutes or the cacti program does that?

[crenguta]

Some thing else that i saw..

look what i see in console/configuration/Cron Printout/ Processes to Start for Data Gathering

sh /services/cacti/scripts/getintlrate 2010 286537977 439025
sh /services/cacti/scripts/getintlrate 2006 531918823 7827769
sh /services/cacti/scripts/getintlrate 2009 63953278 7066686
sh /services/cacti/scripts/getintlrate 2001 560131969 21291433
sh /services/cacti/scripts/getintlrate 2013 224127562 3422495

Seems to me that it's working but still can't see any graphs...maybe i do wrong there
anyone help?

[Guest]

Hi there again!

First for "sa10" who sad "There's been alot of reponse to his second question.. but not his first. " I might have a little problem here cause i'm not a HE i'm a SHE


I want to be more specific this time.
It seems that every thing is ok with my script, i mean the script is working perfect with cacti.
I reached this conclusion seeing what happens in the Cron Printout after i clicked "show output"(u can see my resaults down)
What i still have't figure out is HOW to make the graphs . I tried many configurations but still
wont work...

sh /services/cacti/scripts/getintlrate 2010 286537977 439025
sh /services/cacti/scripts/getintlrate 2006 531918823 7827769
sh /services/cacti/scripts/getintlrate 2009 63953278 7066686
sh /services/cacti/scripts/getintlrate 2001 560131969 21291433
sh /services/cacti/scripts/getintlrate 2013 224127562 3422495