Nagios Support Forum

Hi,

We use Nagios core with NRPE remote agent. In our analysis, we find that the network security that this offers is limited to allowed hosts - white listed IPs and ADH encryption. So, we want to know if Nagios XI/NCPA or any other remote agent offers additional security/authentication measures mitigating the risk from the Nagios remote client perspective.

Thanks,
Rakesh

You are correct that nrpe has minimal encryption. NCPA uses much stronger ssl encryption . . .

Thanks for your response.

Could you please provide specific info about the NCPA SSL support, or point me to a link where I can get the details? Does it do it certificate based, or is it still using Anon-DH?

Does Nagios XI professional suite provide such SSL certificate based encrypted/authenticated communication between Nagios and remote agents?

Please see the following NCPA configuration doc for cert/ssl info:
http://assets.nagios.com/downloads/ncpa ... ation.html

rakesh2 wrote:Does Nagios XI professional suite provide such SSL certificate based encrypted/authenticated communication between Nagios and remote agents?

This is primarily dictated by the agent itself. Different agents use different varying degrees of encryption.

I see below config option for NCPA, and I guess this talks about certificate based SSL for communication between Nagios and remote agent. If so, could you please help us with the details/link on how to set it up?

certificate
EXPERIMENTAL. Allows you to specify the file name for the SSL certificate you wish to use with the NCPA server. If left adhoc, a new self-signed certificate will be generated and used for the server.

It should use a self signed cert by default:

rakesh2 wrote: If left adhoc, a new self-signed certificate will be generated and used for the server.