Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

VM Patching

https://support.nagios.com/forum/viewtopic.php?t=33530

Page 1 of 1

VM Patching

Posted: Thu Jun 25, 2015 3:13 pm
by perric
I'm looking at migrating our system onto a Virtual machine, and I'd like to know how it is patched for vulnerabilities. Particularly how the underlying operating system needs to be patched.

Does Nagios need to be taken down when patching? Is it ok to just run periodic updates in CentOS?

Re: VM Patching

Posted: Thu Jun 25, 2015 3:19 pm
by jdalrymple
perric wrote:Does Nagios need to be taken down when patching? Is it ok to just run periodic updates in CentOS?
`yum update` is fine. Make sure you have Nagios backups. No need to take Nagios offline, although of course if any processes that Nagios uses are patched they won't be updated until the process restarts. Applicable processes might be httpd, mysqld, etc.

Re: VM Patching

Posted: Thu Jun 25, 2015 3:27 pm
by perric
Does updating Nagios its self include security updates?

Re: VM Patching

Posted: Thu Jun 25, 2015 3:31 pm
by tmcdonald
I would not count on it. An XI upgrade will only upgrade httpd, for example, if it is required that it be a later version for compatibility reasons. Regular system maintenance is still required, but keep in mind that we install certain versions of packages like php for a reason, and upgrading too far could break functionality. It is always recommended to snapshot/backup before doing any upgrades.

Re: VM Patching

Posted: Thu Jun 25, 2015 7:26 pm
by perric
Do you have any recommendations for a good practice?

Re: VM Patching

Posted: Fri Jun 26, 2015 8:52 am
by lmiltchev
There are many guides online about hardening linux machines. Here's one of them:

http://www.cyberciti.biz/tips/linux-security.html

You can also watch the "Securing Your Nagios Server" video on YouTube here:

https://www.youtube.com/watch?v=lC7AiQWz-Ow

The info in the video may be somewhat outdated as it was made in 2013 but it will give you an idea.

It is entirely up to you what steps you are going to take to secure your server. Keep in mind that securing it "too much" can break Nagios XI instance's functionality. I would recommend trying this in a test environment first. Don't try in production! Spin up a test server. Each Nagios XI license is approved for up to three installations: one primary monitoring/production, one backup/failover, and one test environment. As long as you are only using one install for production monitoring, you are within the boundaries of our licensing policy.

Hope this helps.

Re: VM Patching

Posted: Fri Jun 26, 2015 11:41 am
by perric
Thanks
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited