Search found 172 matches
- Fri Oct 01, 2021 10:32 am
- Forum: Nagios XI
- Topic: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
- Replies: 7
- Views: 1598
Re: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
Please close it. Thanks!
- Sun Sep 26, 2021 11:16 am
- Forum: Nagios XI
- Topic: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
- Replies: 7
- Views: 1598
Re: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
@ssax, thank you!
- Thu Sep 23, 2021 4:30 pm
- Forum: Nagios XI
- Topic: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
- Replies: 7
- Views: 1598
Re: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
@ssax, thanks for the response and recommendation. So, even we do not use/configure them at all, it would still be a vulnerability issue if we leave them in /usr/local/nagiosxi/html/includes/configwizards as is? Assuming nobody will touch (configure) them via the Nagios XI Web Interface (GUI), even ...
- Wed Sep 22, 2021 10:54 pm
- Forum: Nagios XI
- Topic: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
- Replies: 7
- Views: 1598
Re: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
I just verified that our Nagios XI servers do not use Auto-discover, WatchGuard Wizard , and Switch and Router Wizard. So our Nagios XI is not impacted by these CVEs.
- Wed Sep 22, 2021 1:40 pm
- Forum: Nagios XI
- Topic: CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
- Replies: 7
- Views: 1598
CVE-2021-37343, CVE-2021-37346, CVE-2021-37344
We have Nagios XI 2014R2.7, XI 5.2.3, and XI 5.4.8 installed on Redhat servers (RHEL6.10, RHEL 7.6). The following security vulnerabilities have been disclosed: 1) CVE-2021-37343 (CVSS score: 8.8) - A path traversal vulnerability exists in Nagios XI below version 5.8.5 Autodiscover component and cou...
- Tue May 04, 2021 8:35 pm
- Forum: Nagios XI
- Topic: Postgres account on Nagos XI
- Replies: 3
- Views: 1568
Re: Postgres account on Nagos XI
Our Nagios XI 5.x was a fresh installation on a Linux (RHEL) server, not an upgraded from a version less than Nagios XI 5. As expected, running the command "grep pgsql /usr/local/nagiosxi/html/config.inc.php" returned no match: $ grep pgsql /usr/local/nagiosxi/html/config.inc.php $ Just wa...
- Fri Apr 30, 2021 1:28 pm
- Forum: Nagios XI
- Topic: Postgres account on Nagos XI
- Replies: 3
- Views: 1568
Postgres account on Nagos XI
The Nagios XI 5.x or later only needs MySQL, and Postgres is no longer needed or installed. I do not think the postgres DB account "postgres" is used by Nagios XI 5.x at all. Please confirm it.
- Fri Apr 30, 2021 1:07 pm
- Forum: Nagios XI
- Topic: Command line to get audit logs from xi_auditlog
- Replies: 5
- Views: 1015
Re: Command line to get audit logs from xi_auditlog
Yes, the default database password was changed during the Nagios XI installation on this system. I found the password, and all looks fine. Thanks!
- Tue Apr 06, 2021 8:09 pm
- Forum: Nagios XI
- Topic: Command line to get audit logs from xi_auditlog
- Replies: 5
- Views: 1015
Re: Command line to get audit logs from xi_auditlog
@Benjamin, thanks for the quick response. I tried the command that you provided, and received an access denied error: $ echo "select * from xi_auditlog;" | mysql -h 127.0.0.1 -uroot -pnagiosxi nagiosxi ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) Any ...
- Mon Apr 05, 2021 9:43 pm
- Forum: Nagios XI
- Topic: Command line to get audit logs from xi_auditlog
- Replies: 5
- Views: 1015
Command line to get audit logs from xi_auditlog
We have Nagios XI 2014R2.7 on RHEL6, and we also have Nagios XI 5.2.3 on RHEL6 and Nagios XI 5.4.8 on RHEL7. On Nagios XI 2014R2.7, both MySQL and Postgres are used. We can run the command "echo 'select * from xi_auditlog;' | psql nagiosxi nagiosxi" to get the audit logs in the table "...