NRPE safe over public IP

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
brian.bbc
Posts: 1
Joined: Thu Aug 05, 2021 12:09 pm

NRPE safe over public IP

Post by brian.bbc »

Hello,
I just started managing our Nagios server which hasn't been updated in some time. I noticed that several of the servers are being queried over NRPE and referenced by their public IP address. Is this a security risk? We do have firewall rules set up to lock down connections and allow only for specific IP addresses but I am concerned about what information may be transmitted across the internet.
User avatar
pbroste
Posts: 1288
Joined: Tue Jun 01, 2021 1:27 pm

Re: NRPE safe over public IP

Post by pbroste »

Hello @brian.bbc

Thanks for reaching out. There are pros and cons of monitoring off of WAN where everybody can snoop. The good thing is that NRPE only uses one port for monitoring and only needs that one port open for monitoring. If you are concerned about the security aspects of monitoring over WAN, you could configure over ssh.

Thanks,
Perry
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: NRPE safe over public IP

Post by mcapra »

brian.bbc wrote:I noticed that several of the servers are being queried over NRPE and referenced by their public IP address. Is this a security risk?
It's not good practice to have any "monitoring stuff" be public facing, regardless of whether that's NRPE or NCPA or a Prometheus exporter or a Telegraf agent. From the perspective of a malicious actor It's at least a useful recon tool, and at best an attack surface.

Assuming your org has solid change control processes around this firewall:
brian.bbc wrote:We do have firewall rules set up to lock down connections and allow only for specific IP addresses
You should be fine.
Former Nagios employee
https://www.mcapra.com/
Locked