Archive for the 'Cool Stuff' Category

Page 5 of 8

Securing Nagios XI Web Front-End with Mod_Security

Today we’re going to walk-through installing a web application firewall for Nagios XI. While not mandatory, this is an important task for anyone with a Nagios XI interface that is accessible through the internet. We do our best to create a secure application and make every effort to protect the data accessible via our software. However, mistakes are made and zero-day exploits do happen, as such, implementing additional measures such as mod_security is a great way to add additional difficulty for any potential attackers.

Mod_Security, is an Apache module that enables a host based web application firewall(waf) before any web traffic actually touches the applications served by Apache. This allows attacks such as sql injection(sqli), cross-site scripting(xss), cross-site request forgery(csrf), and many others to be detected and stopped before they have a chance to effect the web application and back-end databases. In the case of Nagios XI we are most worried about things like sqli, xss, command injection, remote and local file inclusion, and path traversal, as these have the most potential to take or modify vital data or gain access to the server. Mod_Security comes with list of predefined set of rules, that companies like Trustwave and groups like OWASP, regularly submit to and maintain. The module and rules definitions are entirely open source, although there are paid variations of the rules as well.

Setting up Mod_Security to protect your Nagios XI interface is pretty straightforward. The general idea is to install yum provided packages, disable some rules that cause issues with Nagios functionality, and restart Apache. Shall we begin?

1) Install Mod_Security packages.

yum install mod_security_crs-extras mod_security mod_security_crs

2) Download the base exclusion configuration for Apache, and move to the correct location.

cd /tmp

wget http://assets.nagios.com/downloads/nagiosxi/misc/mod_security_excluded_rules.conf

cp /tmp/mod_security_excluded_rules.conf /etc/httpd/conf.d/

3) Restart Apache and verify Nagios is working properly.

service httpd restart

Browse to your Nagios XI server and verify login and that everything looks normal.

Further documentation and troubleshooting can be found at: Integrating Mod_Security with Nagios XI

Nagios XI 1.3 New Features For Developers

It seems almost daily that we get new feature requests for Nagios XI, and thanks to a great extensible design by Ethan Galstad, the development team here at Nagios is able to produce new features and components for Nagios XI on a fairly regular basis. However, as the popularity of Nagios XI continues to grow, so does the need for custom features, modifications, and tools for our customers to use. We’ve added several new features and developer hooks into this most recent version of Nagios XI that we wanted to highlight for users who are interested in creating their own custom feature.

#1. Custom login splash. Several of our resellers have requested the ability to customize the login splash page when users log in to direct their end users to their own support channels and services. We’ve add the ability to allow users to specify their own PHP include for that splash by using the Custom Login Component. A template splash file has been added to the Nagios XI directory tree, and will be preserved through upgrades if users want to modify it. This file is located at /usr/local/nagiosxi/html/loginsplash.inc.php.

#2. Custom status column. We’ve added some new callback functions with this release of Nagios XI, one of which is a callback that allows users to add a new table column to the host or service status tables in Nagios XI. A developer example that adds the host notes field to the status tables can be downloaded from the following link. Custom Column Component.

#3. Custom table icons. Thanks to active community member jsmurphy for this one. We’ve added a new callback function in Nagios XI where custom table icons can be inserted the status tables to act as links, or to perform special actions. This feature is demonstrated in the latest version of the Graph Explorer component, where it inserts a graph icon that can be clicked to show a performance graph pop up for the selected host or service right from the status table.

 

The bottom line is, we love feature ideas! We base our development priorities largely on what users are requesting from us, so if there’s a feature you want to see in Nagios XI, by all means post a request to tracker.nagios.com or discuss an idea with our tech team at our Nagios Ideas forum.

 

How to Clone a Host Along With Its Services in Nagios XI

Many customers, especially the ones running large environments, have been asking us what is the best way to clone a host along with its services. We have a great tool called “Bulk Host Import Wizard” which does just that.

You can learn more about this wizard by reading our “Nagios XI – Bulk Host Import Usage” document, posted on the Nagios Library.

You can download the wizard from the Nagios Exchange by following this link.

Nagios XI Google Map Component v1.1

The Nagios XI Google Map Component v1.1 displays host status as an overlay on a Google Map within Nagios XI. It uses lat/long coordinates defined in the “notes” config field to identify host location. Version 1.1 now support polylines for parent->child relationships. Any parent->child relationship that has coordinates defined for both hosts will now draw a polyline displayed between the two.  This can be useful for drawing a topology map on real geographic locations. Special thanks to Wesley Zhao for your work on this feature!

 

Continue reading ‘Nagios XI Google Map Component v1.1’