Hi All,
I am trying to get clearance of ports from my security team for using ports 12489(For NSclient++ windows) , 5666 (NRPE Linux) .
I came across below questions related to how the client is functioning can anyone please help me in answering these queries ?
- For the windows solution, is it possible to encrypt the flow like the unix solution ?
- Is it possible to execute some commands on the monitored hosts ?
- Is the accounts used to run nagios have the smallest required privileges ?
I have provided attached screenshot explaination regarding the usage of ports for which I got this queries.
Usage of Ports
Usage of Ports
You do not have the required permissions to view the files attached to this post.
Regards,
Ranjit W
Ranjit W
Re: Usage of Ports
Firstly, consider using the NCPA client for Windows (which is what we do) as it supports strong SSL encryption.
The NCPA agent can execute a command on the monitored host, but also provides a range of built-in monitors that require no additional plugins on the monitored host. The NCPA (and NRPE for UNIX) agent will execute commands using the privileges of the user it is run under. What those privileges are is up to your system administrators, but generally a standard "user" account is more than sufficient unless elevated privileges are required.
When installed, the NCPA (and NSClient++ I think) agent on Windows can run with whatever privileges you grant it. Both agents run as a service that you can configure however you like.
The NCPA agent can execute a command on the monitored host, but also provides a range of built-in monitors that require no additional plugins on the monitored host. The NCPA (and NRPE for UNIX) agent will execute commands using the privileges of the user it is run under. What those privileges are is up to your system administrators, but generally a standard "user" account is more than sufficient unless elevated privileges are required.
When installed, the NCPA (and NSClient++ I think) agent on Windows can run with whatever privileges you grant it. Both agents run as a service that you can configure however you like.
Re: Usage of Ports
Hi,
Can we not achieve SSL by only installing NSclient ++ ?
As per my understanding NSclient++ service runs as a local system account and doesn't require a user creation .
Not sure about Linux ? Do we need a user to be created for Linux?
Can we not achieve SSL by only installing NSclient ++ ?
As per my understanding NSclient++ service runs as a local system account and doesn't require a user creation .
Not sure about Linux ? Do we need a user to be created for Linux?
Regards,
Ranjit W
Ranjit W
Re: Usage of Ports
NSClient is able to use SSL encryption, but the tricky part is it's technically running a NRPE server under the hood, and the NRPE server is what supports SSL. See the following docs for more (search "SSL"):
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://docs.nsclient.org/reference/cli ... erver.html
For Linux you don't need to create a new user specifically for NRPE, but it's good practice to do so.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://docs.nsclient.org/reference/cli ... erver.html
For Linux you don't need to create a new user specifically for NRPE, but it's good practice to do so.
Former Nagios employee