I have several variables for the hosts, the value of which should not be displayed. Before ICINGADb, for example, passwords were displayed with ***.
I looked at the page Security - Icinga DB Web and no variation brought the success.
The variable is below “host.vars.ILO_PASSWORD”
If I enter this under “icingadb/denylist/variables” the rule takes effect and the variable disappears. Why doesn’t this work with “icingadb/protect/variables”?
- Icinga DB Web version (System - About):
- Icinga Web 2 version (System - About): 2.12.0
- Web browser: Chrone / Edge / FireFox actual version
- Icinga 2 version (
icinga2 --version): r2.14.0-1
- Icinga DB version (
icingadb --version): v1.1.1
- PHP version used (
php --version): 7.4
- Server operating system and version: Debian 10
did you sign out and sign in again to check the vars after changing “icingadb/protect/variables”?
Yes. I did also used another browser.
whats your version of icingadb-web.
the latest release is 1.1.0 and the deny works.
can you post a screenshot of the restriction entries and one a host/service this does not work with.
- also recheck If your access role get appied correctly by maybe remove some module access
- Is your role unrestricted
- this also shows denied or hidden vars
First of all… I’m pretty sure that before 1.1.0 the rule worked. After updating to I also had a problem with other existing rules. I had also posted a ticket for this, where I was then informed that the RegExp had changed.
By coincidence, I noticed this with the “Protected Vars”.
The user I’m testing with only has access to one host group.
I have created a role “1_Remove_Variable_Rule” where I define the variables that should not be displayed. I enter these roles in every other role. That’s how it’s always worked.
Yes, we are using 1.1.0 and “icingadb/denylist/variables” also works.
Here are the screenshots
“Role of the user where the role “1_Remove_Variable_Rule” is entered in “Inheritance from””
It is also wokring on my test machine…
how did you install icingadb-web? source or package?
are your libs uptodate?
icingadb-web is installed by package:
deny and hidden work on my setup.
if I make the user unrestricted of course this rule does not apply
Hi everyone, sorry for jumping in, but it’s a known bug and will be fixed with the next Icinga DB Web release.
Thank you. That’s it… So i will wait for the fix… For now i will use the “icingadb/denylist/variables”
Good morning… With the new version of icingadb-web (v1.1.1) everything works like before! Thank you