I have identified the Vulnerabilities on the Nagios Core 4.4.3 .
It is related to the Apache and PHP Versions.
Can I upgrade the Versions of the Apache and PHP on my Nagios Core Server?
If yes, is there any defined steps to do this?
Kindly suggest.
Nagios Core Vulnerabilities
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core Vulnerabilities
You would just apply updates to php and apache using the package management for your OS such as
It is worth pointing our that many scanners just say a specific version of PHP or Apache is vulnerable when in fact doing the above procedure applies patches backported from the OS provider.
Code: Select all
yum update -y
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Nagios Core Vulnerabilities
Hi Scott,
But how do i identify that it has been patched using the backporting technique?
I upgraded the Apache manually on the Nagios, now it is giving the following error(When i try to access the Nagios console):
"The requested URL was not found on this server."
But how do i identify that it has been patched using the backporting technique?
I upgraded the Apache manually on the Nagios, now it is giving the following error(When i try to access the Nagios console):
"The requested URL was not found on this server."
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core Vulnerabilities
You would need to get this information from your OS provider.amitgupta19 wrote:But how do i identify that it has been patched using the backporting technique?
I'm not sure how you performed to upgrade, but did the path to the configuration directories change? if so you would need to move your nagios.conf to the new config location.amitgupta19 wrote: I upgraded the Apache manually on the Nagios, now it is giving the following error(When i try to access the Nagios console):
"The requested URL was not found on this server."
Sorry but we cannot provide support for upgrading OS provided packages such as Apache
-
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Nagios Core Vulnerabilities
I Was going through one article:
https://support.nagios.com/kb/article/n ... 7-860.html
Do you support the upgrade of the PHP?
https://support.nagios.com/kb/article/n ... 7-860.html
Do you support the upgrade of the PHP?
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core Vulnerabilities
Yes, Nagios Core does support php 7amitgupta19 wrote:I Was going through one article:
https://support.nagios.com/kb/article/n ... 7-860.html
Do you support the upgrade of the PHP?