Nagios Login & Brute Force

[balia]

After I installed Nagios on a server, I notice that Nagios is accessed from a webbrowser.
Does Nagios offer any kind of protection against brute force attacks by limiting the number of login attempts?

[sreinhardt]

Considering nagios core uses htpasswd files, no it does not prevent this. However your nagios server should not ideally be allowed external internet access anyway. There are also apache modules that you can use to prevent some issues too.

[balia]

Are there per application firewall rules on linux?
How would you block Nagios from the internet?

[sreinhardt]

Yes you can lock down apache to only allow specific hosts to connect and deny the rest. Additionally to "block" nagios from the internet, simply do not forward a port from your border firewall to the nagios web interface. You do not need to stop nagios from reaching the internet entirely, you need to not allow external sources to access your internal nagios machine. Also you can setup IPtables as a local firewall on the nagios machine to block incoming and outgoing network connections.

[balia]

Doesn't what you recommend require isolating the machine from the network and the internet?

If the machine hosts a website, locking down apache will prevent all users from accessing the website.
The same goes for setting up the iptables to block all incoming and outgoing network traffic.
Lastly, when I accessed Nagios from the browser, I did it from port 80.
Is there a way to restrict Nagios to a specific port?

[slansing]

Well unless those users are not behind the firewall they should be able to access it, as spenser is suggestion firewall level solutions which would make sense for the case you stated. Yes, you can lock nagios to a specific port that is once again done in Apache on vhosts as Apache serves the webpages.