Security Vulnerabilities on Nagios Port 5666

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
rohithroki
Posts: 138
Joined: Mon Nov 30, 2015 6:12 am

Security Vulnerabilities on Nagios Port 5666

Post by rohithroki »

Hi Team,

We are using Nagios Core - Version 3.5.0 in our environment.

Recently we were reported that there are security vulnerabilities reported by NRPE module of NSClient.

Like Port 5666 NRPE for Nagios, the scan result showed below vulnerabilities

--- TLS/SSL Server Supports DES and IDEA Cipher Suites
--- TLS/SSL Server is enabling the POODLE attack
--- TLS/SSL Server Supports SSLv3
--- TLS/SSL Server Supports Anonymous Cipher Suites with no Key Authentication
--- OpenSSL SSL/TLS MITM vulnerability
--- TLS/SSL Server Supports Export Cipher Algorithms
--- TLS/SSL Server Supports RC4 Cipher Algorithms
--- TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Kindly share the recommendation that you have or tried earlier (like upgrading NSclient, reconfiguring NSC.ini with any specific security restrictions) can fix the issue.

Thanks and Regards,
Vivek
rohithroki
Posts: 138
Joined: Mon Nov 30, 2015 6:12 am

Re: Security Vulnerabilities on Nagios Port 5666

Post by rohithroki »

Dear Team,

Awaiting your help on the below fix. Kindly help to fix the issue.

Thanks in advance.
Vivek
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Security Vulnerabilities on Nagios Port 5666

Post by dwhitfield »

We did not write and do not have control of development for NSClient. Your best bet is to move to NCPA: https://www.nagios.org/ncpa/getting-started.php

That said, what version of NSClient are you running? Certainly, if you are running something in the .3 series, you should move up to the .4 series. We do not currently support the .5 series, though we know some users have gotten it to work.
rohithroki
Posts: 138
Joined: Mon Nov 30, 2015 6:12 am

Re: Security Vulnerabilities on Nagios Port 5666

Post by rohithroki »

Hi dwhitfield,

Thanks for the reply. We are currently using nsclient version 0.3.9.328 installed on the server.

If I go with installing .4 nsclient version, could help to fix the below vulnerabilities..?

Also Is NCPA agent is applicable for the nagios core?

Kindly clarify on this.

Thanks in advance,
Vivek
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Security Vulnerabilities on Nagios Port 5666

Post by dwhitfield »

I can't say for certain if all of those have been fixed in NSClient. While we haven't tested .5 of NSClient, but they are on .5.2: https://www.nsclient.org/download/ -- They are better suited to answer your questions about the security of NSClient. One easy thing you could do is set up .5 of NSClient on a test server and run your security scan against that.
rohithroki wrote: Also Is NCPA agent is applicable for the nagios core?
Yes, here's the github: https://github.com/NagiosEnterprises/ncpa/

If you run a security scan against the latest version of NCPA and it finds something, we can either submit a bug report on your behalf or you can submit it directly on github.
Locked