Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Security Vulnerabilities on Nagios Port 5666

https://support.nagios.com/forum/viewtopic.php?t=47191

Page 1 of 1

Security Vulnerabilities on Nagios Port 5666

Posted: Mon Jan 22, 2018 12:26 am
by rohithroki
Hi Team,

We are using Nagios Core - Version 3.5.0 in our environment.

Recently we were reported that there are security vulnerabilities reported by NRPE module of NSClient.

Like Port 5666 NRPE for Nagios, the scan result showed below vulnerabilities

--- TLS/SSL Server Supports DES and IDEA Cipher Suites
--- TLS/SSL Server is enabling the POODLE attack
--- TLS/SSL Server Supports SSLv3
--- TLS/SSL Server Supports Anonymous Cipher Suites with no Key Authentication
--- OpenSSL SSL/TLS MITM vulnerability
--- TLS/SSL Server Supports Export Cipher Algorithms
--- TLS/SSL Server Supports RC4 Cipher Algorithms
--- TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Kindly share the recommendation that you have or tried earlier (like upgrading NSclient, reconfiguring NSC.ini with any specific security restrictions) can fix the issue.

Thanks and Regards,
Vivek

Re: Security Vulnerabilities on Nagios Port 5666

Posted: Mon Jan 22, 2018 7:19 am
by rohithroki
Dear Team,

Awaiting your help on the below fix. Kindly help to fix the issue.

Thanks in advance.
Vivek

Re: Security Vulnerabilities on Nagios Port 5666

Posted: Mon Jan 22, 2018 1:40 pm
by dwhitfield
We did not write and do not have control of development for NSClient. Your best bet is to move to NCPA: https://www.nagios.org/ncpa/getting-started.php

That said, what version of NSClient are you running? Certainly, if you are running something in the .3 series, you should move up to the .4 series. We do not currently support the .5 series, though we know some users have gotten it to work.

Re: Security Vulnerabilities on Nagios Port 5666

Posted: Tue Jan 23, 2018 1:37 am
by rohithroki
Hi dwhitfield,

Thanks for the reply. We are currently using nsclient version 0.3.9.328 installed on the server.

If I go with installing .4 nsclient version, could help to fix the below vulnerabilities..?

Also Is NCPA agent is applicable for the nagios core?

Kindly clarify on this.

Thanks in advance,
Vivek

Re: Security Vulnerabilities on Nagios Port 5666

Posted: Tue Jan 23, 2018 1:12 pm
by dwhitfield
I can't say for certain if all of those have been fixed in NSClient. While we haven't tested .5 of NSClient, but they are on .5.2: https://www.nsclient.org/download/ -- They are better suited to answer your questions about the security of NSClient. One easy thing you could do is set up .5 of NSClient on a test server and run your security scan against that.
rohithroki wrote: Also Is NCPA agent is applicable for the nagios core?
Yes, here's the github: https://github.com/NagiosEnterprises/ncpa/

If you run a security scan against the latest version of NCPA and it finds something, we can either submit a bug report on your behalf or you can submit it directly on github.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited