Hello,
I just started managing our Nagios server which hasn't been updated in some time. I noticed that several of the servers are being queried over NRPE and referenced by their public IP address. Is this a security risk? We do have firewall rules set up to lock down connections and allow only for specific IP addresses but I am concerned about what information may be transmitted across the internet.
NRPE safe over public IP
Re: NRPE safe over public IP
Hello @brian.bbc
Thanks for reaching out. There are pros and cons of monitoring off of WAN where everybody can snoop. The good thing is that NRPE only uses one port for monitoring and only needs that one port open for monitoring. If you are concerned about the security aspects of monitoring over WAN, you could configure over ssh.
Thanks,
Perry
Thanks for reaching out. There are pros and cons of monitoring off of WAN where everybody can snoop. The good thing is that NRPE only uses one port for monitoring and only needs that one port open for monitoring. If you are concerned about the security aspects of monitoring over WAN, you could configure over ssh.
Thanks,
Perry
Re: NRPE safe over public IP
It's not good practice to have any "monitoring stuff" be public facing, regardless of whether that's NRPE or NCPA or a Prometheus exporter or a Telegraf agent. From the perspective of a malicious actor It's at least a useful recon tool, and at best an attack surface.brian.bbc wrote:I noticed that several of the servers are being queried over NRPE and referenced by their public IP address. Is this a security risk?
Assuming your org has solid change control processes around this firewall:
You should be fine.brian.bbc wrote:We do have firewall rules set up to lock down connections and allow only for specific IP addresses
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/