Security Health Check Tool for Nagios XI

[abidit]

Hi,

We are using Nagios XI 6.5.10 in our Production Environment.
As part of Security Compliance Requirement, we need to do Security Health Check ( HC ) on all our Applications . As Nagios XI has been categorized as an Application & hence requires Security Health Check.

Is there any Security Health Check Tool available for Nagios XI ?

Please let us know.

[benjaminsmith]

Hello @abidit,

I see this is your first post, so welcome to the Nagios Support Forum. Besides the support forum, please check out our knowledgebase for useful tech tips and HowTo's.

That's a good question. While we have tools to help monitor the application itself, we don't have a specific security tool for checking the installation. Typically, we see this done internally by the security team.

A few recommendations:
* Install on a clean system with no other applications installed. Keep the default permission settings on XI folders.
* Keep Nagios XI update-to-date. We make security a priority and patch issues in a timely manner. See: Security Disclosures
* Use SSL/TLS
* Keep your operating system up-to-date
* Change the default passwords
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
* Enable two-factor authentication
* Disable the SSH terminal in XI. See Admin > System Config > System Settings > Security

Hope that helps and let me know if you have other questions.

[abidit]

Thanks for the Response.

If we disable the SSH Terminal in Nagios XI (Admin > System Config > System Settings > Security), will there be any kind of impact on Nagios XI to perform the checks ?

[abidit]

Again, as you said, "we have tools to help monitor the application itself", which are the Tools you are referring to for monitoring Nagios XI Application ?

[benjaminsmith]

Hello,

Yes. We have a built-in wizard for monitoring Nagios XI. Go to Configure > Start Monitoring Now .... then search for Nagios XI Server configuration wizard.

Let me know if you have any questions getting it setup.