Tag Archive for 'Apache'

Monitoring Apache Cassandra Database Nodes with Nagios XI

As cloud services grow in popularity, so do the networks that provide those cloud services.  Few webserver-based distributed databases are as easy to install and configure as Apache Cassandra.  Apache Cassandra is an open source distributed database management system designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. Cassandra offers robust support for clusters spanning multiple data centers, with asynchronous master-less replication allowing low latency operations for all clients.

Cassandra relies on the Java platform, and as those of you who have tried to configure Java app monitoring most likely know, the experience can be painful.  There are a handful of plugins on the Nagios Exchange that attempt to simplify the configuration.  As these plugins rely on the Apache Cassandra utility “nodetool”, you either need to install Cassandra on the Nagios server (which is not suggested) or use an agent (like NRPE) to run the plugin script directly from the Cassandra server (which should have the nodetool utility).

The Cluster Node Check is designed to verify whether the number of live nodes is less than a specified number, and if so trigger a warning or critical alert within Nagios.

Continue reading ‘Monitoring Apache Cassandra Database Nodes with Nagios XI’

Securing Nagios XI Web Front-End with Mod_Security

Today we’re going to walk-through installing a web application firewall for Nagios XI. While not mandatory, this is an important task for anyone with a Nagios XI interface that is accessible through the internet. We do our best to create a secure application and make every effort to protect the data accessible via our software. However, mistakes are made and zero-day exploits do happen, as such, implementing additional measures such as mod_security is a great way to add additional difficulty for any potential attackers.

Mod_Security, is an Apache module that enables a host based web application firewall(waf) before any web traffic actually touches the applications served by Apache. This allows attacks such as sql injection(sqli), cross-site scripting(xss), cross-site request forgery(csrf), and many others to be detected and stopped before they have a chance to effect the web application and back-end databases. In the case of Nagios XI we are most worried about things like sqli, xss, command injection, remote and local file inclusion, and path traversal, as these have the most potential to take or modify vital data or gain access to the server. Mod_Security comes with list of predefined set of rules, that companies like Trustwave and groups like OWASP, regularly submit to and maintain. The module and rules definitions are entirely open source, although there are paid variations of the rules as well.

Setting up Mod_Security to protect your Nagios XI interface is pretty straightforward. The general idea is to install yum provided packages, disable some rules that cause issues with Nagios functionality, and restart Apache. Shall we begin?

1) Install Mod_Security packages.

yum install mod_security_crs-extras mod_security mod_security_crs

2) Download the base exclusion configuration for Apache, and move to the correct location.

cd /tmp

wget http://assets.nagios.com/downloads/nagiosxi/misc/mod_security_excluded_rules.conf

cp /tmp/mod_security_excluded_rules.conf /etc/httpd/conf.d/

3) Restart Apache and verify Nagios is working properly.

service httpd restart

Browse to your Nagios XI server and verify login and that everything looks normal.

Further documentation and troubleshooting can be found at: Integrating Mod_Security with Nagios XI