Page 1 of 1
Nagios - Mod-Gearman - NSclient Encyption
Posted: Tue Aug 15, 2017 6:25 am
by andyb4u
I have been tasked to find out how to configure Nagios to work securely with mod-gearman and monitor windows machines which have NSclient installed. At a high level, am I right in thinking that the Nagios server communicates with the mod-gearman workers using it's own encryption? If so what level of encryption is this? Can the worker server then be configured to communicate securely with the NSClients using certs? Apologies if these questions have been answered before.
Re: Nagios - Mod-Gearman - NSclient Encyption
Posted: Tue Aug 15, 2017 10:31 am
by mcapra
Mod_Gearman uses Rijndael 256 by default I believe:
https://github.com/sni/mod_gearman/blob ... .h#L36-L37
https://github.com/sni/mod_gearman/blob ... rypt.c#L60
Unless the
encryption directive in the workers is disabled, then that worker will send it's results un-encrypted. You'd need to verify all of this against the Nagios XI setup script if you used that, I'm not sure what it sets.
andyb4u wrote:Can the worker server then be configured to communicate securely with the NSClients using certs?
That depends on the NSClient++ setup. Following some official NSClient++ documentation, it seems doable:
https://www.medin.name/blog/2012/12/02/ ... ntication/
But I don't have any direct experience with such a setup.
Re: Nagios - Mod-Gearman - NSclient Encyption
Posted: Tue Aug 15, 2017 12:59 pm
by tgriep
Thanks
@mcapra for the help.
@andyb4u if you have any more questions, let us know.