Security Issue: Nagios Core - Performance Graphs Using Influ

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
marcosjr83
Posts: 1
Joined: Tue Aug 10, 2021 9:50 am

Security Issue: Nagios Core - Performance Graphs Using Influ

Post by marcosjr83 »

Hi,

The article Nagios Core - Performance Graphs Using InfluxDB + Nagflux + Grafana + Histou (https://support.nagios.com/kb/article/n ... lux_Config), have a critical security issue. When you install InfluxDB in a host with public IP without configure authentication (https://docs.influxdata.com/influxdb/v1 ... orization/): anybody in anywhere can access Influx database with one command (influx -host "IP or hostname"). Locally anybody in the network do the same. I'm tested this, my server had this issue.
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: Security Issue: Nagios Core - Performance Graphs Using I

Post by mcapra »

I'd suggest shooting an email to security@nagios.com.

https://www.nagios.com/products/security/

I think a simple disclaimer at the top of the docs to the effect of "don't do this in prod, it exposes your influxdb instance to anything with a network connection" would go a long way.
Former Nagios employee
https://www.mcapra.com/
Locked