HTTP Strict Transport Security (HSTS)

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Post Reply
User avatar
MonitorGuy
Posts: 46
Joined: Wed May 20, 2020 8:22 am

HTTP Strict Transport Security (HSTS)

Post by MonitorGuy »

NESSUS scans reported issue with port 5639 not enforcing HTTP Strict Transport Security (HSTS) on our Redhat servers with NCPA

Is this a configuration setting somewhere in NCPA, or do we need to have the SA configure the server to enforce HSTS?

Redhat 7.x
Running NCPA 2.4.0 agents
Nagios XI 5.9.1

Thanks,

Craig
<<MonitorGuy>>
hsts_rules
Posts: 1
Joined: Fri Nov 18, 2022 4:55 pm

Re: HTTP Strict Transport Security (HSTS)

Post by hsts_rules »

Did you ever find an answer to this question? I have the same exact situation. Thanks in advance for sharing any information regarding this.
User avatar
MonitorGuy
Posts: 46
Joined: Wed May 20, 2020 8:22 am

Re: HTTP Strict Transport Security (HSTS)

Post by MonitorGuy »

Nothing yet, looking at https://support.nagios.com/forum/viewto ... TS#p325867

Nagios server isn't on the NSUS naughty list, and only the monitored Linux server with NCPA are being flagged as not having HSTS for the Nagios port.

My SA sent me this today:

But the servers with the nagios agent running answer on the port like this, looks like a GUI login prompt:

[root@usxpsrhjump01 ~]# curl -k https://localhost:5693/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/login">/login</a>. If not click the link.

The issue appears to be with the NCPA internal web server on the listener, and we'll be testing next Monday by disabling that feature on one of the monitored Linux servers to see what breaks.

Will post an update afterwards with results.

Craig
<<MonitorGuy>>
Post Reply