We recently had a security audit and pen test completed against our network and below is one of the findings for our Nagios server. I was hoping I could get some direction on securing the install without breaking any of the functionality. Below is a description of what the auditor found.
Description The nagios user on the internal Nagios server is allowed to execute numerous
scripts as root that it also has the ability to modify. This defeats the purpose of restricted
sudo permissions, because those scripts can be modified to contain arbitrary commands. For
example, we temporarily replaced one of the scripts with the following
contents, which granted unrestricted sudo access to the nagios user when the script was
executed via sudo:
#!/bin/bash
echo -e "nagios\tALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
Ability to escalate to root privileges
Re: Ability to escalate to root privileges
The upcoming Nagios XI 5.5 directly addresses the root escalation issues in the sudo scripts we use.
Former Nagios employee
Re: Ability to escalate to root privileges
My deadline to have a fix implemented is June 1st 2018. Any chance we will see the update released before then.
Re: Ability to escalate to root privileges
I do not have a fixed release date I can give you, unfortunately however I do not believe it will be released by June 1.
Former Nagios employee