I have recently installed the Nagios Core 4.4.5 on OEL 7.
I am trying to migrate my Current Nagios(Which is installed on CentOS) to the above mentioned installation.
I have just installed Nagios and installed the ndo2db as well on the new server. Also installed the some pre-requisites for the monitoring the ESX Hosts data store.
But the Qualys Scan shows the Vulnerability
1) EOL Software PostgreSQL--- Can you please do let me if Nagios uses the this or not, If not can i remove this software from the server.
2) HTTP Trace/Track methods enabled
3) Web directories Listable Vulnerability
Also please do let me know how to remove the other vulnerabilities.
Regards
Amit
Nagios Core Vulnerabilities
-
amitgupta19
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Nagios Core Vulnerabilities
I just saw one post regarding converting the PostgreSQL to the mysql.
Is it same applicable for the Nagios core?
I hope that it will help us with removing the vulnerability as well.
https://support.nagios.com/kb/article/c ... i-560.html
Is it same applicable for the Nagios core?
I hope that it will help us with removing the vulnerability as well.
https://support.nagios.com/kb/article/c ... i-560.html
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core Vulnerabilities
ndoutils used mysql, so if you have postgresql installed if was from something else.
None of these advisories are Nagios related
None of these advisories are Nagios related
-
amitgupta19
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Nagios Core Vulnerabilities
Thnaks Scott for taking time out and giving the clarification.
So i will remove the Software PostgreSQL.
Also I will
Disable the HTTP Trace/Track methods.
Disable Web directories Listable
Hope it will not have any impact on the Nagios Server/Monitoring.
So i will remove the Software PostgreSQL.
Also I will
Disable the HTTP Trace/Track methods.
Disable Web directories Listable
Hope it will not have any impact on the Nagios Server/Monitoring.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core Vulnerabilities
It should not at allamitgupta19 wrote:Thnaks Scott for taking time out and giving the clarification.
So i will remove the Software PostgreSQL.
Also I will
Disable the HTTP Trace/Track methods.
Disable Web directories Listable
Hope it will not have any impact on the Nagios Server/Monitoring.
-
amitgupta19
- Posts: 286
- Joined: Fri Sep 08, 2017 5:53 am
Re: Nagios Core Vulnerabilities
Do you have any idea how to disable the following:
HTTP Trace/Track methods enabled
Web directories Listable Vulnerability
HTTP Trace/Track methods enabled
Web directories Listable Vulnerability
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios Core Vulnerabilities
No, that would likely be in the web server (httpd) documentation for your OSamitgupta19 wrote:Do you have any idea how to disable the following:
HTTP Trace/Track methods enabled
Web directories Listable Vulnerability