We purchased nagios vm and our customer has given us a directive to harden all linux boxes and linux based boxes, including nagios vm.
Does anyone have a hardening guide for it? Customer did provide us with a CentOS hardening guide to use which looks to just be made of general CentOS hardening tips found on the internet.
Any input or suggestions?
Thank you
Any guidelines for hardening the Nagios Core VM?
Re: Any guidelines for hardening the Nagios Core VM?
Here is the documentation that we have for security, you could also look at using ModSecurity, etc.
http://nagios.sourceforge.net/docs/nagi ... urity.html
http://nagios.sourceforge.net/docs/nagi ... urity.html
http://nagios.sourceforge.net/docs/nagi ... urity.html
http://nagios.sourceforge.net/docs/nagi ... urity.html
Re: Any guidelines for hardening the Nagios Core VM?
Appreciate it thank you!
Re: Any guidelines for hardening the Nagios Core VM?
No problem, can we mark this as resolved and lock the topic?
Re: Any guidelines for hardening the Nagios Core VM?
Hi, I will be going through the links today and tomorrow. Can I keep it open in case I have further questions?
We should be able to lock it as resolved by next Tuesday at the latest, hopefully earlier
Is this okay?
We should be able to lock it as resolved by next Tuesday at the latest, hopefully earlier
Is this okay?
Re: Any guidelines for hardening the Nagios Core VM?
Sure, no problem, we'll leave it open.
Re: Any guidelines for hardening the Nagios Core VM?
Hello - Can I attach or post the hardening guide sent to me and have someone look through it and give me their recommendations? I understand that your recommendations of the hardening guide will not be run through any QA cycle of any sort and it is to our risk to test it and rollback.
That being said, you guys know the internals of nagios and I would love to hear your thoughts on the hardening guide as to what should not be changed, what changes are likely okay because it likely won't affect nagios, etc.
The easiest way was to snapshot the relevant parts as images and paste into word doc to help protect customer identity and also take out a lot of the extra text in there.
Can someone at Nagios provide me some thoughts? Thank you!
That being said, you guys know the internals of nagios and I would love to hear your thoughts on the hardening guide as to what should not be changed, what changes are likely okay because it likely won't affect nagios, etc.
The easiest way was to snapshot the relevant parts as images and paste into word doc to help protect customer identity and also take out a lot of the extra text in there.
Can someone at Nagios provide me some thoughts? Thank you!
- Attachments
-
- customer-hardening-guide-snapshots_part1.docx
- snapshots of customer's hardening guide requested of us, any thoughts appreciated on what not to touch for sure, and what likely we can change because it likely does not affect nagios. Thank you!
- (827.63 KiB) Downloaded 192 times
Re: Any guidelines for hardening the Nagios Core VM?
The entire doc with snapshots too large, it is in three parts
Thanks!
Thanks!
- Attachments
-
- customer-hardening-guide-snapshots_part2.docx
- snapshots of customer's hardening guide requested of us, any thoughts appreciated on what not to touch for sure, and what likely we can change because it likely does not affect nagios. Thank you!
- (693.38 KiB) Downloaded 177 times
Re: Any guidelines for hardening the Nagios Core VM?
part 3.
thanks!
thanks!
- Attachments
-
- customer-hardening-guide-snapshots_part3.docx
- snapshots of customer's hardening guide requested of us, any thoughts appreciated on what not to touch for sure, and what likely we can change because it likely does not affect nagios. Thank you!
- (418.64 KiB) Downloaded 180 times
Re: Any guidelines for hardening the Nagios Core VM?
Alright, many things are covered in this doc. It looks good on face, but many of these suggestions are environment and configuration dependent.
Has your security or ops teams looked this?
Do you have any questions about specific items from the doc?
Has your security or ops teams looked this?
Do you have any questions about specific items from the doc?
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.