NagiosXI : Vulnerability Scanner & Application Firewall

[abidit]

Hi,

We are using Nagios XI 6.5.10 in our Production Environment.
As part of Security Compliance Requirement, we need to determine the following for all our Applications --

(i) Security Vulnerability Scanner
(ii) Application Firewall

As Nagios XI has been categorized as an Application , is there any Tool available for Vulnerability Scanning & Application Firewall for NagiosXI ?

Please let us know.

[jdunitz]

We can't recommend a specific tool to scan your environment, but whatever tool your security team is using for the rest of your site can be pointed at your Nagios server, and we can answer questions about the findings.

To mitigate security vulnerabilities while avoiding backward compatibility issues, RHEL, and by extension CentOS uses a process known as backporting. Here's how it works: RHEL patches the supported versions of these packages with the security fixes from the newer versions of these packages. For example, they will take the code from say PHP 7.2 and apply the security vulnerability fixes from that version to the shipped version, in the case of RHEL 7, PHP 5.4.16. A security audit that checks only the version numbers of installed packages does not take this process into account.

Please share this information with your security team and let us know if you have any additional questions.