Security Issue: Nagios Core - Performance Graphs Using Influ

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

Security Issue: Nagios Core - Performance Graphs Using Influ

Postby marcosjr83 » Tue Aug 10, 2021 9:57 am

Hi,

The article Nagios Core - Performance Graphs Using InfluxDB + Nagflux + Grafana + Histou (https://support.nagios.com/kb/article/n ... lux_Config), have a critical security issue. When you install InfluxDB in a host with public IP without configure authentication (https://docs.influxdata.com/influxdb/v1 ... orization/): anybody in anywhere can access Influx database with one command (influx -host "IP or hostname"). Locally anybody in the network do the same. I'm tested this, my server had this issue.
marcosjr83
 
Posts: 1
Joined: Tue Aug 10, 2021 9:50 am

Re: Security Issue: Nagios Core - Performance Graphs Using I

Postby mcapra » Wed Aug 11, 2021 6:30 am

I'd suggest shooting an email to security@nagios.com.

https://www.nagios.com/products/security/

I think a simple disclaimer at the top of the docs to the effect of "don't do this in prod, it exposes your influxdb instance to anything with a network connection" would go a long way.
Former Nagios employee
https://www.mcapra.com/
User avatar
mcapra
 
Posts: 3729
Joined: Thu May 05, 2016 3:54 pm


Return to Community Support

Who is online

Users browsing this forum: No registered users and 18 guests