Hello,
With Cenreon web 23.10.20, all the eventl ogs are available to any user in :
“Monitoring > Event Logs"
So everyone can see the host/service/ouput of everything, bypassing the ACLs.
Solved
23.10.20, security, ACLs not applied in " Monitoring > Event Logs"
Best answer by lpinsivy
Thank you
As discussed together, workaround here and fix soon in minor releases:
# diff -Nru /usr/share/centreon/www/include/eventLogs/xml/data.php.origin /usr/share/centreon/www/include/eventLogs/xml/data.php
--- /usr/share/centreon/www/include/eventLogs/xml/data.php.origin 2025-02-03 17:04:05.396625220 +0100
+++ /usr/share/centreon/www/include/eventLogs/xml/data.php 2025-02-03 17:18:28.451274393 +0100
@@ -639,6 +639,7 @@
AND (acl.service_id IS NULL OR acl.service_id = logs.service_id)
)
";
+ $whereClauses[] = "acl.group_id IN (" . $access->getAccessGroupsString() . ")";
}
$whereClause = "WHERE " . implode(' AND ', $whereClauses);
+21Thank you
As discussed together, workaround here and fix soon in minor releases:
# diff -Nru /usr/share/centreon/www/include/eventLogs/xml/data.php.origin /usr/share/centreon/www/include/eventLogs/xml/data.php
--- /usr/share/centreon/www/include/eventLogs/xml/data.php.origin 2025-02-03 17:04:05.396625220 +0100
+++ /usr/share/centreon/www/include/eventLogs/xml/data.php 2025-02-03 17:18:28.451274393 +0100
@@ -639,6 +639,7 @@
AND (acl.service_id IS NULL OR acl.service_id = logs.service_id)
)
";
+ $whereClauses[] = "acl.group_id IN (" . $access->getAccessGroupsString() . ")";
}
$whereClause = "WHERE " . implode(' AND ', $whereClauses);
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.