Apache and PHP Upgrade Path

[MikeMAN987]

Hello,

We are getting ready to move a new Nagios XI install into production, however, security is still finding the following exceptions in their scans from the security scanning tool (Qualys).

I wanted to check, is there a supported upgrade path to update PHP and Apache? Both are currently installed from the Nagios XI 5.4.4 package:

PHP - 5.4.16 (EOL Sept 2015)
Apache 2.4.6 (EOL jan 2018)

[cdienger]

This has been brought up recently here:

https://support.nagios.com/forum/viewto ... hp#p250762

Please be aware that a lot of scanners falsely flag things as vulnerable simply based on a version number. Fixes are often back ported to older versions though to resolve the vulnerability.

https://access.redhat.com/security/updates/backporting
https://wiki.centos.org/FAQ/General#hea ... b096cbff2f

[MikeMAN987]

Thanks for that info, having dealt with Qualys a lot this is indeed one of those "unvalidated" vulnerabilities (they show up "yellow" instead of red, which red indicates a vulnerability has been tested and validated). Based on the link above and upgrading PHP/Apache, would the configuration still be supported by Nagios? (I don't want to put us in a worse place by fixing a "vulnerability" only to be non-vendor supported). That said, is there a target for Nagios XI's next version that would resolve this?

Regards,
Mike

[cdienger]

We only really test with the packages from the CentOS/RHEL repos which will usually be a little "behind". As long as you stick with those there will be no issue with support.

XI 5.5 will support php 7.