I just realized, at the bottom of my Nagios Log Server page, prior to logging in, is displayed the current version of NLS. This is not within best IT security practices, as it provides an intruder with potential information specific to that version of NLS that could be used as an attack vector.
I recommend moving the "Nagios Log Server • 2015R1.1 • Check for updates" to an authenticated page.
The same would apply to NNA as well, but I'm not going to double post.
Remove product version from non-authenticated page
Remove product version from non-authenticated page
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Remove product version from non-authenticated page
Agreed, I'm going to work to get this removed for all products...
Thanks Eric.
Thanks Eric.