Disable weak ciphers on NagiosXI server?

amybrown · Post by **amybrown** » Tue May 14, 2013 2:46 pm

My (new) boss decided to run a security scan and my Nagios XI server came up on the list as having "weak ciphers" and I'm expected to remediate this. I did the regular NagiosXI install and have not done any customizations or alterations to the software. Just curious how I should go about making this compliant...

scottwilkerson · Post by **scottwilkerson** » Tue May 14, 2013 2:53 pm

Could you ask the boss what this was referring to? As, "weak ciphers" is a little ambiguous..

sreinhardt · Post by **sreinhardt** » Tue May 14, 2013 2:55 pm

Hi Amy, Would it be possible to expand upon what the scan is claiming has weak ciphers? My only guess would be https, as we do create a self assigned cert for apache to use. You could either regenerate a stronger one, 4096 bits or higher, or purchase a third party cert and use that.

Configuring SSL with Nagios XI is probably your best resource on how to get this done.

amybrown · Post by **amybrown** » Tue May 14, 2013 2:59 pm

I think I've figured it out. I was confusing myself by looking at NagiosCore on my q/a box first. I saw on the NagiosXI box that the ssl.conf file exists in /etc/httpd/conf.c. I edited the CipherSuite line to exclude LOW:

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW

I just need to get approval to restart the webserver and we should be good.

sreinhardt · Post by **sreinhardt** » Tue May 14, 2013 3:09 pm

Great! Let us know if there are any other issues!

Nagios Support Forum

Disable weak ciphers on NagiosXI server?

Disable weak ciphers on NagiosXI server?

Re: Disable weak ciphers on NagiosXI server?

Re: Disable weak ciphers on NagiosXI server?

Re: Disable weak ciphers on NagiosXI server?

Re: Disable weak ciphers on NagiosXI server?