Hi Team,
We are using Nagios Core - Version 3.5.0 in our environment.
Recently we were reported that there are security vulnerabilities reported by NRPE module of NSClient.
Like Port 5666 NRPE for Nagios, the scan result showed below vulnerabilities
--- TLS/SSL Server Supports DES and IDEA Cipher Suites
--- TLS/SSL Server is enabling the POODLE attack
--- TLS/SSL Server Supports SSLv3
--- TLS/SSL Server Supports Anonymous Cipher Suites with no Key Authentication
--- OpenSSL SSL/TLS MITM vulnerability
--- TLS/SSL Server Supports Export Cipher Algorithms
--- TLS/SSL Server Supports RC4 Cipher Algorithms
--- TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
Kindly share the recommendation that you have or tried earlier (like upgrading NSclient, reconfiguring NSC.ini with any specific security restrictions) can fix the issue.
Thanks and Regards,
Vivek
Security Vulnerabilities on Nagios Port 5666
-
- Posts: 138
- Joined: Mon Nov 30, 2015 6:12 am
-
- Posts: 138
- Joined: Mon Nov 30, 2015 6:12 am
Re: Security Vulnerabilities on Nagios Port 5666
Dear Team,
Awaiting your help on the below fix. Kindly help to fix the issue.
Thanks in advance.
Vivek
Awaiting your help on the below fix. Kindly help to fix the issue.
Thanks in advance.
Vivek
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Security Vulnerabilities on Nagios Port 5666
We did not write and do not have control of development for NSClient. Your best bet is to move to NCPA: https://www.nagios.org/ncpa/getting-started.php
That said, what version of NSClient are you running? Certainly, if you are running something in the .3 series, you should move up to the .4 series. We do not currently support the .5 series, though we know some users have gotten it to work.
That said, what version of NSClient are you running? Certainly, if you are running something in the .3 series, you should move up to the .4 series. We do not currently support the .5 series, though we know some users have gotten it to work.
-
- Posts: 138
- Joined: Mon Nov 30, 2015 6:12 am
Re: Security Vulnerabilities on Nagios Port 5666
Hi dwhitfield,
Thanks for the reply. We are currently using nsclient version 0.3.9.328 installed on the server.
If I go with installing .4 nsclient version, could help to fix the below vulnerabilities..?
Also Is NCPA agent is applicable for the nagios core?
Kindly clarify on this.
Thanks in advance,
Vivek
Thanks for the reply. We are currently using nsclient version 0.3.9.328 installed on the server.
If I go with installing .4 nsclient version, could help to fix the below vulnerabilities..?
Also Is NCPA agent is applicable for the nagios core?
Kindly clarify on this.
Thanks in advance,
Vivek
-
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Security Vulnerabilities on Nagios Port 5666
I can't say for certain if all of those have been fixed in NSClient. While we haven't tested .5 of NSClient, but they are on .5.2: https://www.nsclient.org/download/ -- They are better suited to answer your questions about the security of NSClient. One easy thing you could do is set up .5 of NSClient on a test server and run your security scan against that.
If you run a security scan against the latest version of NCPA and it finds something, we can either submit a bug report on your behalf or you can submit it directly on github.
Yes, here's the github: https://github.com/NagiosEnterprises/ncpa/rohithroki wrote: Also Is NCPA agent is applicable for the nagios core?
If you run a security scan against the latest version of NCPA and it finds something, we can either submit a bug report on your behalf or you can submit it directly on github.