Nagios Support Forum

We recently run into problem with security scanning on our Nagios XI server due to php 5.3.3. We would like to upgrade php to 5.6
It looks like from the release note, Nagios XI 5.3.2 does support php 5.6. We will be using CentOS Software Collections repo for php 5.6.

However, multiple packages are no longer exist in all standard channel Red Hat or CentOS but it looks like Nagios XI is still use them such as php-mycrypt, php-pecl-ssh2, and php-mysql. Where do I go to get these packages and still be supported?

Thanks,

Nagios XI will run on PHP 5.6 and you can upgrade to it. However it is not covered under support.

I do not know what release notes you're looking but the only thing in our official documentation is this:

- Updated sourceguardian loaders supporting up to php 5.6 -SW

This note does not mean Nagios XI supports 5.6 in any official capacity.

Do you have a supported image for Nagios XI that has new version of PHP? LIke a CentOS 7 image?

No, we only support the version of PHP which ships with the distro. For CentOS 7, that is currently 5.4.16.

Well, that's better than nothing. Should cut down some on the security scan.
Where can I get the Nagios XI CentOS 7? I have the current Nagios XI backed up. Is there a procedure to migrate Nagios IX?

Thanks,

You can download VM's or the source here:

https://www.nagios.com/downloads/nagios-xi/

You should also use caution with those security scanners. They throw many false positives and can lead to much time wasted. If you have specific and legitimate security concerns they should be addressed as we take security very seriously here.

You can create your own minimal + wget CentOS 7 VM and use the source installer.

Migration procedure -- Backing Up And Restoring Your Nagios XI System

Yes, we know that. The pen testers a lot of the time use the scan that only looks for php version and automatically flag you for every CVE possible with that php version. Frustrated as hell but it's a reality we have to deal with.

hqnguyen wrote:Yes, we know that. The pen testers a lot of the time use the scan that only looks for php version and automatically flag you for every CVE possible with that php version. Frustrated as hell but it's a reality we have to deal with.

As a security guy myself, that's a vulnerability assessment more than a pen-test, but I digress :)

Was there anything else you needed or were we good to close this?

Both Red Hat and CentOS have Software Collection repo which is supported by Red Hat. This repo does have php 5.6.

You guys do not consider this as a supported option for Nagios XI php package?

I will deploy a RHEL 7 VM and install Nagios XI from source. Is this a supported configuration?