What is best practice in making Nagios server available to public internet?
I'd like to implement in public DMZ and allow clients communication with core network. What firewall configs / firewall rules should be in place if NRPRE requires TCP 5666?
Best Practice Public Access and NRPE
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: Best Practice Public Access and NRPE
If you wish to allow access to the public internet, I would suggest only allowing port 443 incoming and unless you have external checks, also restrict apache to https only. Allow as few if any external ports as well. Secondly a Web Application Firewall(WAF) would not be a bad idea, whether physical host in front of it or mod_security type setup.
NRPE would need 5666 coming from the nagios machine to the internal network, then back out only as an established connection.
NRPE would need 5666 coming from the nagios machine to the internal network, then back out only as an established connection.
Nagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.