Nagios Core Vulnerabilities

[amitgupta19]

I have identified the Vulnerabilities on the Nagios Core 4.4.3 .

It is related to the Apache and PHP Versions.

Can I upgrade the Versions of the Apache and PHP on my Nagios Core Server?

If yes, is there any defined steps to do this?

Kindly suggest.

[scottwilkerson]

You would just apply updates to php and apache using the package management for your OS such as

Code: Select all

yum update -y

It is worth pointing our that many scanners just say a specific version of PHP or Apache is vulnerable when in fact doing the above procedure applies patches backported from the OS provider.

[amitgupta19]

Hi Scott,

But how do i identify that it has been patched using the backporting technique?

I upgraded the Apache manually on the Nagios, now it is giving the following error(When i try to access the Nagios console):

"The requested URL was not found on this server."

[scottwilkerson]

But how do i identify that it has been patched using the backporting technique?

You would need to get this information from your OS provider.

I upgraded the Apache manually on the Nagios, now it is giving the following error(When i try to access the Nagios console):

"The requested URL was not found on this server."

I'm not sure how you performed to upgrade, but did the path to the configuration directories change? if so you would need to move your nagios.conf to the new config location.

Sorry but we cannot provide support for upgrading OS provided packages such as Apache

[amitgupta19]

I Was going through one article:

https://support.nagios.com/kb/article/n ... 7-860.html

Do you support the upgrade of the PHP?

[scottwilkerson]

I Was going through one article:

https://support.nagios.com/kb/article/n ... 7-860.html

Do you support the upgrade of the PHP?

Yes, Nagios Core does support php 7