Page 1 of 1
Disable weak ciphers on NagiosXI server?
Posted: Tue May 14, 2013 2:46 pm
by amybrown
My (new) boss decided to run a security scan and my Nagios XI server came up on the list as having "weak ciphers" and I'm expected to remediate this. I did the regular NagiosXI install and have not done any customizations or alterations to the software. Just curious how I should go about making this compliant...
Re: Disable weak ciphers on NagiosXI server?
Posted: Tue May 14, 2013 2:53 pm
by scottwilkerson
Could you ask the boss what this was referring to? As, "weak ciphers" is a little ambiguous..
Re: Disable weak ciphers on NagiosXI server?
Posted: Tue May 14, 2013 2:55 pm
by sreinhardt
Hi Amy, Would it be possible to expand upon what the scan is claiming has weak ciphers? My only guess would be https, as we do create a self assigned cert for apache to use. You could either regenerate a stronger one, 4096 bits or higher, or purchase a third party cert and use that.
Configuring SSL with Nagios XI is probably your best resource on how to get this done.
Re: Disable weak ciphers on NagiosXI server?
Posted: Tue May 14, 2013 2:59 pm
by amybrown
I think I've figured it out. I was confusing myself by looking at NagiosCore on my q/a box first. I saw on the NagiosXI box that the ssl.conf file exists in /etc/httpd/conf.c. I edited the CipherSuite line to exclude LOW:
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:!LOW
I just need to get approval to restart the webserver and we should be good.
Re: Disable weak ciphers on NagiosXI server?
Posted: Tue May 14, 2013 3:09 pm
by sreinhardt
Great! Let us know if there are any other issues!