Any guidelines for hardening the Nagios Core VM?

byau · Post by **byau** » Mon May 11, 2015 1:16 pm

We purchased nagios vm and our customer has given us a directive to harden all linux boxes and linux based boxes, including nagios vm.

Does anyone have a hardening guide for it? Customer did provide us with a CentOS hardening guide to use which looks to just be made of general CentOS hardening tips found on the internet.

Any input or suggestions?
Thank you

ssax · Post by **ssax** » Mon May 11, 2015 1:30 pm

Here is the documentation that we have for security, you could also look at using ModSecurity, etc.

http://nagios.sourceforge.net/docs/nagi ... urity.html

http://nagios.sourceforge.net/docs/nagi ... urity.html

byau · Post by **byau** » Tue May 12, 2015 12:35 pm

Appreciate it thank you!

ssax · Post by **ssax** » Tue May 12, 2015 2:41 pm

No problem, can we mark this as resolved and lock the topic?

byau · Post by **byau** » Thu May 14, 2015 3:05 am

Hi, I will be going through the links today and tomorrow. Can I keep it open in case I have further questions?

We should be able to lock it as resolved by next Tuesday at the latest, hopefully earlier

Is this okay?

ssax · Post by **ssax** » Thu May 14, 2015 1:11 pm

Sure, no problem, we'll leave it open.

byau · Post by **byau** » Fri May 15, 2015 5:36 pm

Hello - Can I attach or post the hardening guide sent to me and have someone look through it and give me their recommendations? I understand that your recommendations of the hardening guide will not be run through any QA cycle of any sort and it is to our risk to test it and rollback.

That being said, you guys know the internals of nagios and I would love to hear your thoughts on the hardening guide as to what should not be changed, what changes are likely okay because it likely won't affect nagios, etc.

The easiest way was to snapshot the relevant parts as images and paste into word doc to help protect customer identity and also take out a lot of the extra text in there.

Can someone at Nagios provide me some thoughts? Thank you!

byau · Post by **byau** » Fri May 15, 2015 5:38 pm

The entire doc with snapshots too large, it is in three parts

Thanks!

byau · Post by **byau** » Fri May 15, 2015 5:39 pm

part 3.
thanks!

abrist · Post by **abrist** » Mon May 18, 2015 10:08 am

Alright, many things are covered in this doc. It looks good on face, but many of these suggestions are environment and configuration dependent.
Has your security or ops teams looked this?
Do you have any questions about specific items from the doc?

Nagios Support Forum

Any guidelines for hardening the Nagios Core VM?

Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?

Re: Any guidelines for hardening the Nagios Core VM?