Nagios Core Vulnerabilities

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

Nagios Core Vulnerabilities

Postby amitgupta19 » Wed Mar 18, 2020 10:52 am

I have recently installed the Nagios Core 4.4.5 on OEL 7.

I am trying to migrate my Current Nagios(Which is installed on CentOS) to the above mentioned installation.

I have just installed Nagios and installed the ndo2db as well on the new server. Also installed the some pre-requisites for the monitoring the ESX Hosts data store.

But the Qualys Scan shows the Vulnerability
1) EOL Software PostgreSQL--- Can you please do let me if Nagios uses the this or not, If not can i remove this software from the server.
2) HTTP Trace/Track methods enabled
3) Web directories Listable Vulnerability

Also please do let me know how to remove the other vulnerabilities.

Regards
Amit
amitgupta19
 
Posts: 263
Joined: Fri Sep 08, 2017 5:53 am

Re: Nagios Core Vulnerabilities

Postby amitgupta19 » Wed Mar 18, 2020 11:56 pm

I just saw one post regarding converting the PostgreSQL to the mysql.

Is it same applicable for the Nagios core?

I hope that it will help us with removing the vulnerability as well.

https://support.nagios.com/kb/article/c ... i-560.html
amitgupta19
 
Posts: 263
Joined: Fri Sep 08, 2017 5:53 am

Re: Nagios Core Vulnerabilities

Postby scottwilkerson » Thu Mar 19, 2020 7:31 am

ndoutils used mysql, so if you have postgresql installed if was from something else.

None of these advisories are Nagios related
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17961
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Nagios Core Vulnerabilities

Postby amitgupta19 » Thu Mar 19, 2020 7:53 am

Thnaks Scott for taking time out and giving the clarification.

So i will remove the Software PostgreSQL.

Also I will
Disable the HTTP Trace/Track methods.
Disable Web directories Listable

Hope it will not have any impact on the Nagios Server/Monitoring.
amitgupta19
 
Posts: 263
Joined: Fri Sep 08, 2017 5:53 am

Re: Nagios Core Vulnerabilities

Postby scottwilkerson » Thu Mar 19, 2020 8:17 am

amitgupta19 wrote:Thnaks Scott for taking time out and giving the clarification.

So i will remove the Software PostgreSQL.

Also I will
Disable the HTTP Trace/Track methods.
Disable Web directories Listable

Hope it will not have any impact on the Nagios Server/Monitoring.

It should not at all
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17961
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Nagios Core Vulnerabilities

Postby amitgupta19 » Thu Mar 26, 2020 5:19 am

Do you have any idea how to disable the following:

HTTP Trace/Track methods enabled
Web directories Listable Vulnerability
amitgupta19
 
Posts: 263
Joined: Fri Sep 08, 2017 5:53 am

Re: Nagios Core Vulnerabilities

Postby scottwilkerson » Thu Mar 26, 2020 7:09 am

amitgupta19 wrote:Do you have any idea how to disable the following:

HTTP Trace/Track methods enabled
Web directories Listable Vulnerability


No, that would likely be in the web server (httpd) documentation for your OS
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
DevOps Engineer
 
Posts: 17961
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises


Return to Community Support

Who is online

Users browsing this forum: No registered users and 16 guests