Hi,
We use Nagios core with NRPE remote agent. In our analysis, we find that the network security that this offers is limited to allowed hosts - white listed IPs and ADH encryption. So, we want to know if Nagios XI/NCPA or any other remote agent offers additional security/authentication measures mitigating the risk from the Nagios remote client perspective.
Thanks,
Rakesh
NRPE/NCPA - Security
Re: NRPE/NCPA - Security
You are correct that nrpe has minimal encryption. NCPA uses much stronger ssl encryption . . .
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: NRPE/NCPA - Security
Thanks for your response.
Could you please provide specific info about the NCPA SSL support, or point me to a link where I can get the details? Does it do it certificate based, or is it still using Anon-DH?
Does Nagios XI professional suite provide such SSL certificate based encrypted/authenticated communication between Nagios and remote agents?
Could you please provide specific info about the NCPA SSL support, or point me to a link where I can get the details? Does it do it certificate based, or is it still using Anon-DH?
Does Nagios XI professional suite provide such SSL certificate based encrypted/authenticated communication between Nagios and remote agents?
Re: NRPE/NCPA - Security
Please see the following NCPA configuration doc for cert/ssl info:
http://assets.nagios.com/downloads/ncpa ... ation.html
http://assets.nagios.com/downloads/ncpa ... ation.html
This is primarily dictated by the agent itself. Different agents use different varying degrees of encryption.rakesh2 wrote:Does Nagios XI professional suite provide such SSL certificate based encrypted/authenticated communication between Nagios and remote agents?
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: NRPE/NCPA - Security
I see below config option for NCPA, and I guess this talks about certificate based SSL for communication between Nagios and remote agent. If so, could you please help us with the details/link on how to set it up?
certificate
EXPERIMENTAL. Allows you to specify the file name for the SSL certificate you wish to use with the NCPA server. If left adhoc, a new self-signed certificate will be generated and used for the server.
certificate
EXPERIMENTAL. Allows you to specify the file name for the SSL certificate you wish to use with the NCPA server. If left adhoc, a new self-signed certificate will be generated and used for the server.
Re: NRPE/NCPA - Security
It should use a self signed cert by default:
rakesh2 wrote: If left adhoc, a new self-signed certificate will be generated and used for the server.
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.