Page 1 of 1
NRPE_Security
Posted: Fri Aug 21, 2020 2:14 am
by y-badrou
Hi,
Until now, I really want to know what are security vulnerabilities related to NRPE ? What do I have to do to prevent and avoid those vulnerabilities ?
Thank you
Re: NRPE_Security
Posted: Fri Aug 21, 2020 3:34 pm
by jbrunkow
Hello
@y-badrou!
Welcome to the forum.
This is a fairly broad topic, but I will do the best I can. The exact security procedures you follow should be defined by your information security team. The best policies may vary depending on how your environment is set up and what compliance regulation your industry is subject to.
There was one vulnerability reported for NRPE, but it is only present if the administrator enables
dont_blame_nrpe in the
nrpe.conf and has since been fixed.
CVE 2014-2913
Your first defense should be to put your systems behind a strong firewall. If you are not able to do that,
make sure the connections between devices is encrypted. If you need this system to be super secure for some reason, you could even
setup Nagios offline.
I hope that helps! Let me know if I can answer any more specific questions.
Re: NRPE_Security
Posted: Wed Aug 26, 2020 1:49 am
by y-badrou
Thank you so much for your answer
Re: NRPE_Security
Posted: Wed Aug 26, 2020 7:01 am
by scottwilkerson
y-badrou wrote:Thank you so much for your answer
No problem
Locking thread