Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NRPE safe over public IP

https://support.nagios.com/forum/viewtopic.php?t=63220

Page 1 of 1

NRPE safe over public IP

Posted: Thu Aug 05, 2021 12:13 pm
by brian.bbc
Hello,
I just started managing our Nagios server which hasn't been updated in some time. I noticed that several of the servers are being queried over NRPE and referenced by their public IP address. Is this a security risk? We do have firewall rules set up to lock down connections and allow only for specific IP addresses but I am concerned about what information may be transmitted across the internet.

Re: NRPE safe over public IP

Posted: Mon Aug 09, 2021 4:57 pm
by pbroste
Hello @brian.bbc

Thanks for reaching out. There are pros and cons of monitoring off of WAN where everybody can snoop. The good thing is that NRPE only uses one port for monitoring and only needs that one port open for monitoring. If you are concerned about the security aspects of monitoring over WAN, you could configure over ssh.

Thanks,
Perry

Re: NRPE safe over public IP

Posted: Tue Aug 10, 2021 9:46 am
by mcapra
brian.bbc wrote:I noticed that several of the servers are being queried over NRPE and referenced by their public IP address. Is this a security risk?
It's not good practice to have any "monitoring stuff" be public facing, regardless of whether that's NRPE or NCPA or a Prometheus exporter or a Telegraf agent. From the perspective of a malicious actor It's at least a useful recon tool, and at best an attack surface.

Assuming your org has solid change control processes around this firewall:
brian.bbc wrote:We do have firewall rules set up to lock down connections and allow only for specific IP addresses
You should be fine.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited