Our systems team just enabled CIS benchmarks on our QA Nagios system. Their puppetized process now wants to remove avahi, which is a requirement for nss-mdns. We narrowed down the install date of nss-mdns to the same day we installed 2024 (vR1.1). I cannot find any reference to nss-mdns or mDNS is the change log or any KBs or documentation.
We checked our primary and failover servers as well to verify mDNS isn't installed on either system.
FYI, CIS benchmarks wants it removed (if not needed) because its a zeroconf implementation that is installed by default on a lot of distros but also has the potential to be exploited.
Logged info:
puppet-agent[427]: Execution of '/usr/bin/rpm -e avahi' returned 1: error: Failed dependencies:
puppet-agent[427]: avahi is needed by (installed) nss-mdns-0.14.1-9.el7.x86_64
Thanks in advance.
John
Does Nagios XI 2024 use nss-mdns?
-
gwesterman
- Posts: 268
- Joined: Wed Aug 23, 2023 11:29 am
Re: Does Nagios XI 2024 use nss-mdns?
Hi @shoreypu,
I could not find any references to nss-mdns, mDNS, or avahi within the codebase, so I believe you should be safe to remove it. Since I am not 100% certain as it may be leveraged in a particularly non-obvious way, I recommended snapshotting your system before removing it.
Let us know if anything weird happens when you remove it.
Thank you!
I could not find any references to nss-mdns, mDNS, or avahi within the codebase, so I believe you should be safe to remove it. Since I am not 100% certain as it may be leveraged in a particularly non-obvious way, I recommended snapshotting your system before removing it.
Let us know if anything weird happens when you remove it.
Thank you!
Re: Does Nagios XI 2024 use nss-mdns?
Agreed (on the snapshot)...thanks for looking into this for me.
John
John
Re: Does Nagios XI 2024 use nss-mdns?
This is a rather complex situation, and resolving the dependency between avahi and nss-mdns is important.1v1 lol