Hello,
We have latest Nagios XI 5.4.5 running on Red Hat Enterprise Linux Server release 7.3 (Maipo).
Our security team reported the following result of potential vulnerabilities:
"OpenSSL Weak RSA Key Exchange Vulnerability"
"OpenSSL BASE64 Decode Interger Underflow Vulnerability"
"OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20150319)"
"Potential Vulnerability - level 4 123407 OpenSSL Weak RSA Key Exchange Vulnerability"
"OpenSSL BASE64 Decode Interger Underflow Vulnerability"
"OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20150319)"
"OpenSSL Diffie-Hellman Weak Encryption Vulnerability (Logjam)"
"OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20160128)"
"PHP Prior to 5.4.32/5.5.16 Multiple Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities (GHOST)"
"PHP Prior to 5.6.8/5.5.24/5.4.40 Multiple Remote Code Execution Vulnerabilities"
"PHP Versions Prior to 5.6.9/5.5.25/5.4.41 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.10/5.5.26/5.4.42 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.2/5.5.18/5.4.34 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.7/5.5.23/5.4.39 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.12/5.5.28/5.4.44 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.10 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities"
"PHP Prior to 5.4.32/5.5.16 Multiple Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities (GHOST)"
"PHP Prior to 5.6.8/5.5.24/5.4.40 Multiple Remote Code Execution Vulnerabilities"
"PHP Versions Prior to 5.6.9/5.5.25/5.4.41 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.10/5.5.26/5.4.42 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.2/5.5.18/5.4.34 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.7/5.5.23/5.4.39 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.12/5.5.28/5.4.44 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.10 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities"
"OpenSSL Diffie-Hellman Weak Encryption Vulnerability (Logjam)"
"OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20160128)"
"PHP Prior to 5.4.32/5.5.16 Multiple Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities (GHOST)"
"PHP Prior to 5.6.8/5.5.24/5.4.40 Multiple Remote Code Execution Vulnerabilities"
"PHP Versions Prior to 5.6.9/5.5.25/5.4.41 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.10/5.5.26/5.4.42 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.2/5.5.18/5.4.34 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.7/5.5.23/5.4.39 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.12/5.5.28/5.4.44 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.10 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities"
"PHP Prior to 5.4.32/5.5.16 Multiple Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities"
"PHP Multiple Remote Code Execution Vulnerabilities (GHOST)"
"PHP Prior to 5.6.8/5.5.24/5.4.40 Multiple Remote Code Execution Vulnerabilities"
"PHP Versions Prior to 5.6.9/5.5.25/5.4.41 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.10/5.5.26/5.4.42 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.2/5.5.18/5.4.34 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.7/5.5.23/5.4.39 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.12/5.5.28/5.4.44 Multiple Vulnerabilities"
"PHP Versions Prior to 5.6.13/5.5.29/5.4.45 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.10 Multiple Vulnerabilities"
"Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities"
I noticed that php version which is deployed using Naxios XI install script is 5.4.16.
[lxadmin@ymq-lpnagapp1 lxadmin]$ php -v
PHP 5.4.16 (cli) (built: Aug 5 2016 07:50:38)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
[lxadmin@ymq-lpnagapp1 castroi]$
Could you please assess on the potential vulnerabilities ?
thank you,
Vulnerabilities detected
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Vulnerabilities detected
The php version is what is in the base repositories. These usually stay static as far as minor release but have security vulnerabilities patch by package maintainers.
Re: Vulnerabilities detected
None of those seem to be related to the Nagios software itself, but rather to the PHP and Apache versions, and the strength of the SSL certificate in place. As of XI 5.4.5, the supported versions are PHP 7.0 and Apache 2.4. The SSL certificate you will need to do some research on according to your organization's needs, but this article is pretty comprehensive: https://github.com/ssllabs/research/wik ... -Practices
Former Nagios employee
Re: Vulnerabilities detected
Hello,
I have upgraded to php 7 as mentioned to remove the vulnerabilities but Nagios XI stopped working.
I have added ixed.7.1.lin as displayed in directory mentioned.
[castroi@ymq-lpnagapp1 ~]$ sudo cat /etc/php.ini | grep ixe
extension=ixed.7.1.lin
[castroi@ymq-lpnagapp1 ~]$
I got following error:
This page isn’t working
ymq-lpnagapp1 is currently unable to handle this request.
HTTP ERROR 500
Could you please assist?
thank you
I have upgraded to php 7 as mentioned to remove the vulnerabilities but Nagios XI stopped working.
I have added ixed.7.1.lin as displayed in directory mentioned.
[castroi@ymq-lpnagapp1 ~]$ sudo cat /etc/php.ini | grep ixe
extension=ixed.7.1.lin
[castroi@ymq-lpnagapp1 ~]$
I got following error:
This page isn’t working
ymq-lpnagapp1 is currently unable to handle this request.
HTTP ERROR 500
Could you please assist?
thank you
-
dwhitfield
- Former Nagios Staff
- Posts: 4583
- Joined: Wed Sep 21, 2016 10:29 am
- Location: NoLo, Minneapolis, MN
- Contact:
Re: Vulnerabilities detected
7.0 is supported, not 7.1. Did you install 7.0? If so, you'll need to use ixed.7.0.lincastroi wrote: I have added ixed.7.1.lin as displayed in directory mentioned.
[castroi@ymq-lpnagapp1 ~]$ sudo cat /etc/php.ini | grep ixe
extension=ixed.7.1.lin
Re: Vulnerabilities detected
In addition to what dwhitfield said, the sourceguardian setting usually in not in the /etc/php.ini file but the /etc/php.d/sourceguardian.ini file.
Remove the line from the php.ini file and update the /etc/php.d/sourceguardian.ini instead if it exists.
Remove the line from the php.ini file and update the /etc/php.d/sourceguardian.ini instead if it exists.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Vulnerabilities detected
Hello,
Thank you so we have removed 7.1 and installed 7.0 as mentioned.
[castroi@ymq-lpnagapp1 ~]$ php -v
PHP 7.0.20 (cli) (built: Jun 7 2017 07:50:14) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
[castroi@ymq-lpnagapp1 ~]$
I have now also updated the file /etc/php.d/sourceguardian.ini only:
[root@ymq-lpnagapp1 nagiosxi]# cat /etc/php.d/sourceguardian.ini
extension=ixed.7.0.lin
[root@ymq-lpnagapp1 nagiosxi]#
I have still same error
This page isn’t working
ymq-lpnagapp1.corp.ad.iata.org is currently unable to handle this request.
HTTP ERROR 500
Thank you so we have removed 7.1 and installed 7.0 as mentioned.
[castroi@ymq-lpnagapp1 ~]$ php -v
PHP 7.0.20 (cli) (built: Jun 7 2017 07:50:14) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
[castroi@ymq-lpnagapp1 ~]$
I have now also updated the file /etc/php.d/sourceguardian.ini only:
[root@ymq-lpnagapp1 nagiosxi]# cat /etc/php.d/sourceguardian.ini
extension=ixed.7.0.lin
[root@ymq-lpnagapp1 nagiosxi]#
I have still same error
This page isn’t working
ymq-lpnagapp1.corp.ad.iata.org is currently unable to handle this request.
HTTP ERROR 500
Re: Vulnerabilities detected
Hello,
Notice that main home page is working but when i click on "Access Nagios XI" button and is redirected to "http://server-name/nagiosxi/" or "https://server-name/nagiosxi/" it got the error page with :
This page isn’t working
server-name is currently unable to handle this request.
HTTP ERROR 500
Could you please assist on what is required ?
thank you
Notice that main home page is working but when i click on "Access Nagios XI" button and is redirected to "http://server-name/nagiosxi/" or "https://server-name/nagiosxi/" it got the error page with :
This page isn’t working
server-name is currently unable to handle this request.
HTTP ERROR 500
Could you please assist on what is required ?
thank you
Re: Vulnerabilities detected
Hello,
I have made temporary a phpinfo(); script and attached the result.
here is also the output from apache logs:
[castroi@ymq-lpnagapp1 ~]$ sudo tail /var/log/httpd/error_log
[Wed Jun 21 22:16:39.487662 2017] [lbmethod_heartbeat:notice] [pid 25956] AH02282: No slotmem from mod_heartmonitor
[Wed Jun 21 22:16:39.499871 2017] [mpm_prefork:notice] [pid 25956] AH00163: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips PHP/7.0.20 configured -- resuming normal operations
[Wed Jun 21 22:16:39.499899 2017] [core:notice] [pid 25956] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jun 21 22:17:49.713636 2017] [mpm_prefork:notice] [pid 25956] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Jun 21 22:17:50.774239 2017] [suexec:notice] [pid 51577] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jun 21 22:17:50.803004 2017] [auth_digest:notice] [pid 51577] AH01757: generating secret for digest authentication ...
[Wed Jun 21 22:17:50.803663 2017] [lbmethod_heartbeat:notice] [pid 51577] AH02282: No slotmem from mod_heartmonitor
[Wed Jun 21 22:17:50.816344 2017] [mpm_prefork:notice] [pid 51577] AH00163: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips PHP/7.0.20 configured -- resuming normal operations
[Wed Jun 21 22:17:50.816383 2017] [core:notice] [pid 51577] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jun 21 22:23:58.898220 2017] [:error] [pid 40296] [client 10.59.130.111:13247] script '/var/www/html/test.php' not found or unable to stat
[castroi@ymq-lpnagapp1 ~]$
Kindly advise on next steps.
thank you,
I have made temporary a phpinfo(); script and attached the result.
here is also the output from apache logs:
[castroi@ymq-lpnagapp1 ~]$ sudo tail /var/log/httpd/error_log
[Wed Jun 21 22:16:39.487662 2017] [lbmethod_heartbeat:notice] [pid 25956] AH02282: No slotmem from mod_heartmonitor
[Wed Jun 21 22:16:39.499871 2017] [mpm_prefork:notice] [pid 25956] AH00163: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips PHP/7.0.20 configured -- resuming normal operations
[Wed Jun 21 22:16:39.499899 2017] [core:notice] [pid 25956] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jun 21 22:17:49.713636 2017] [mpm_prefork:notice] [pid 25956] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Jun 21 22:17:50.774239 2017] [suexec:notice] [pid 51577] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jun 21 22:17:50.803004 2017] [auth_digest:notice] [pid 51577] AH01757: generating secret for digest authentication ...
[Wed Jun 21 22:17:50.803663 2017] [lbmethod_heartbeat:notice] [pid 51577] AH02282: No slotmem from mod_heartmonitor
[Wed Jun 21 22:17:50.816344 2017] [mpm_prefork:notice] [pid 51577] AH00163: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips PHP/7.0.20 configured -- resuming normal operations
[Wed Jun 21 22:17:50.816383 2017] [core:notice] [pid 51577] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Jun 21 22:23:58.898220 2017] [:error] [pid 40296] [client 10.59.130.111:13247] script '/var/www/html/test.php' not found or unable to stat
[castroi@ymq-lpnagapp1 ~]$
Kindly advise on next steps.
thank you,
You do not have the required permissions to view the files attached to this post.
Re: Vulnerabilities detected
Hello,
We have reverted to php 5.4 for time being.
Please provide proper instruction or script to install Nagios xi with php 7.0 on red hat 7.3.
It is currently problematic.
Thank you,
We have reverted to php 5.4 for time being.
Please provide proper instruction or script to install Nagios xi with php 7.0 on red hat 7.3.
It is currently problematic.
Thank you,