Hello Everyone,
For our distributed environment we have to send data from our clients over the internet to our nagios central server. I had the idea to use NRDP for this since its easy to install and get to work. However i am wondering how it is with the security.
For example when i look at NSCA it has a password and encryption available so the data can safely be transmitted over the internet.
How is this arranged with NRDP? Also is it possible to just use port443 to send/receive the data on?
NRDP security
Re: NRDP security
NRDP does not have a username/password functionality. Instead, it leverages the Apache web server to transmit encrypted data over the internet using SSL. You can find some documentation discussing this here.
Re: NRDP security
Sorry for the last response but i tried the above thing and it doesn't seem to work.
I have the NRDP server available on HTTPS only. As command i use:
define command{
command_name submit_check_result
command_line /usr/bin/php /usr/local/nrdp/clients/send_nrdp.php --url=https://server/nrdp --token=sometoken --host=$HOSTNAME$ --service='$SERVICEDESC$' --state=$SERVICESTATE$ --output='$SERVICEOUTPUT$ | $SERVICEPERFDATA$ [$SERVICECHECKCOMMAND$]'
}
When i try it with a test command i get the error:
PHP Warning: fsockopen(): unable to connect to server:80 (Connection timed out) in /usr/local/nrdp/clients/send_nrdp.php on line 368
So i opened the file and changed the port to 443 on that line but it still doesn't seem to work. Am i missing something? The documentation is really sketchy about this.
I have the NRDP server available on HTTPS only. As command i use:
define command{
command_name submit_check_result
command_line /usr/bin/php /usr/local/nrdp/clients/send_nrdp.php --url=https://server/nrdp --token=sometoken --host=$HOSTNAME$ --service='$SERVICEDESC$' --state=$SERVICESTATE$ --output='$SERVICEOUTPUT$ | $SERVICEPERFDATA$ [$SERVICECHECKCOMMAND$]'
}
When i try it with a test command i get the error:
PHP Warning: fsockopen(): unable to connect to server:80 (Connection timed out) in /usr/local/nrdp/clients/send_nrdp.php on line 368
So i opened the file and changed the port to 443 on that line but it still doesn't seem to work. Am i missing something? The documentation is really sketchy about this.
Re: NRDP security
Make sure you are using the proper authentication tokens. Also, check your "/etc/httpd/conf.d/nrdp.conf" file, "Allow from ..." line in particular. Restart Apache to make the changes take effect:
Code: Select all
# service httpd restartBe sure to check out our Knowledgebase for helpful articles and solutions!
Re: NRDP security
I checked that both the authentication codes are the same and i also checked the allow from part. Both where correct. What i am wondering however is if i have to set ssl on the client side aswell so nrdp knows it has to be ssl encrypted or if its enough to have it encrypted on the main server.
Re: NRDP security
Check your /etc/php.ini file, there is a config directive that allows remote fsockopen to work, and I think it might be turned off by default for security reasons.
Re: NRDP security
If your remote webserver is forcing SSL encryption and you're receiving proper data from NRDP than it is going through encrypted channels. If you can connect to your Nagios XI server without using an SSL certificate then NRDP probably isn't encrypted. However, if you cannot connect to port 443 or https without using SSL then NRDP is for sure using SSL (as long as you have NRDP set to use https or 443.)
I hope I'm answering this question properly. The big thing to keep in mind is if you are forcing encryption on 443 or https, NRDP will not successfully send information through if it cannot successfully establish an SSL handshake with the server.
I hope I'm answering this question properly. The big thing to keep in mind is if you are forcing encryption on 443 or https, NRDP will not successfully send information through if it cannot successfully establish an SSL handshake with the server.
Nicholas Scott
Former Nagios employee
Former Nagios employee
Re: NRDP security
Thanks for the info. Next week i will check it out with a co-worker who knows this stuff better.
Re: NRDP security
There i am again with the nrdp problem.
I have the main central set on SSL and working aswell from what i can tell. When i browse to this machine i get no errors that the certificate is wrong so my best guess is it works.
On 1 of our clients i try to connect to the nrdp ssl server but here begin the problems. When i use the standard file with the https:// link it doesn't show up on the central but on a other server which runs on the http part of the same site. When i open the nrdp file and change port 80 to port 443 nothing happens at all. Is there a way to force the ssl access?
I have the main central set on SSL and working aswell from what i can tell. When i browse to this machine i get no errors that the certificate is wrong so my best guess is it works.
On 1 of our clients i try to connect to the nrdp ssl server but here begin the problems. When i use the standard file with the https:// link it doesn't show up on the central but on a other server which runs on the http part of the same site. When i open the nrdp file and change port 80 to port 443 nothing happens at all. Is there a way to force the ssl access?