Nagios Support Forum

NESSUS scans reported issue with port 5639 not enforcing HTTP Strict Transport Security (HSTS) on our Redhat servers with NCPA

Is this a configuration setting somewhere in NCPA, or do we need to have the SA configure the server to enforce HSTS?

Redhat 7.x
Running NCPA 2.4.0 agents
Nagios XI 5.9.1

Thanks,

Craig

Did you ever find an answer to this question? I have the same exact situation. Thanks in advance for sharing any information regarding this.

Nothing yet, looking at https://support.nagios.com/forum/viewto ... TS#p325867

Nagios server isn't on the NSUS naughty list, and only the monitored Linux server with NCPA are being flagged as not having HSTS for the Nagios port.

My SA sent me this today:

But the servers with the nagios agent running answer on the port like this, looks like a GUI login prompt:

[root@usxpsrhjump01 ~]# curl -k https://localhost:5693/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>Redirecting...</title>
<h1>Redirecting...</h1>
<p>You should be redirected automatically to target URL: <a href="/login">/login</a>. If not click the link.

The issue appears to be with the NCPA internal web server on the listener, and we'll be testing next Monday by disabling that feature on one of the monitored Linux servers to see what breaks.

Will post an update afterwards with results.

Craig