I'm looking at migrating our system onto a Virtual machine, and I'd like to know how it is patched for vulnerabilities. Particularly how the underlying operating system needs to be patched.
Does Nagios need to be taken down when patching? Is it ok to just run periodic updates in CentOS?
VM Patching
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: VM Patching
`yum update` is fine. Make sure you have Nagios backups. No need to take Nagios offline, although of course if any processes that Nagios uses are patched they won't be updated until the process restarts. Applicable processes might be httpd, mysqld, etc.perric wrote:Does Nagios need to be taken down when patching? Is it ok to just run periodic updates in CentOS?
Re: VM Patching
Does updating Nagios its self include security updates?
Re: VM Patching
I would not count on it. An XI upgrade will only upgrade httpd, for example, if it is required that it be a later version for compatibility reasons. Regular system maintenance is still required, but keep in mind that we install certain versions of packages like php for a reason, and upgrading too far could break functionality. It is always recommended to snapshot/backup before doing any upgrades.
Former Nagios employee
Re: VM Patching
Do you have any recommendations for a good practice?
Re: VM Patching
There are many guides online about hardening linux machines. Here's one of them:
http://www.cyberciti.biz/tips/linux-security.html
You can also watch the "Securing Your Nagios Server" video on YouTube here:
https://www.youtube.com/watch?v=lC7AiQWz-Ow
The info in the video may be somewhat outdated as it was made in 2013 but it will give you an idea.
It is entirely up to you what steps you are going to take to secure your server. Keep in mind that securing it "too much" can break Nagios XI instance's functionality. I would recommend trying this in a test environment first. Don't try in production! Spin up a test server. Each Nagios XI license is approved for up to three installations: one primary monitoring/production, one backup/failover, and one test environment. As long as you are only using one install for production monitoring, you are within the boundaries of our licensing policy.
Hope this helps.
http://www.cyberciti.biz/tips/linux-security.html
You can also watch the "Securing Your Nagios Server" video on YouTube here:
https://www.youtube.com/watch?v=lC7AiQWz-Ow
The info in the video may be somewhat outdated as it was made in 2013 but it will give you an idea.
It is entirely up to you what steps you are going to take to secure your server. Keep in mind that securing it "too much" can break Nagios XI instance's functionality. I would recommend trying this in a test environment first. Don't try in production! Spin up a test server. Each Nagios XI license is approved for up to three installations: one primary monitoring/production, one backup/failover, and one test environment. As long as you are only using one install for production monitoring, you are within the boundaries of our licensing policy.
Hope this helps.
Be sure to check out our Knowledgebase for helpful articles and solutions!