Tag Archive for 'CentOS'

Nagios Network Analyzer Available in Amazon EC2 Cloud

Amazon Web Services (AWS)We are pleased to announce that you can now easily launch your Nagios Network Analyzer monitoring server in the Amazon Elastic Compute Cloud (EC2). We have clean CentOS 6 images with Nagios Network Analyzer pre-installed available for public and customer use. This makes it extremely easy for Nagios Network Analyzer administrators to start additional servers without the need to procure or invest in hardware. Additionally, those wishing to demo Nagios Network Analyzer can easily do so using the cloud.

Nagios Network Analyzer is a commercial-grade network flow data analysis solution that provides organizations with extended insight into their IT infrastructure and network traffic. Network Analyzer allows you to be proactive in resolving outages, abnormal behavior, and security threats before they affect critical business processes. Continue reading ‘Nagios Network Analyzer Available in Amazon EC2 Cloud’

Heartbleed: One Bug to Rule Them All

If you’ve missed the news in the last few days, OpenSSL has been found to contain a rather large issue in it’s implementation of TLSv1.1 and TLS1.2 for versions 1.0.1 through 1.0.1f and 1.0.2-beta. Thankfully, no other versions contain this issue and due to responsible disclosure, a patch is already available in the form of OpenSSL 1.0.1g, which many distributions are already making available via standard package management, such as yum and apt.

As for the juicy details… Heartbleed is a vulnerability caused by a missing bounds check and lack of validation, with the TLS heartbeat extension, that allows for up to 64k of memory to be leaked to an attacker. This is done via initializing a TLS connection over TCP or UDP. When this connection is begun, a heartbeat is shared between the client and server to validate that they are both in good working order. If a malformed, specifically empty, heartbeat is sent, the responding client or server will attempt to copy memory from a packet that is not available and instead respond with data that was previously at the same location that the packet should have been located in memory on the victim’s system. The process is not limited to a newly initialized connection and may be repeated at any point in time with existing connections as well. This could result in leaked memory containing rather benign large chunks of empty memory or severe issues such as private encryption keys, session id’s, passwords, and anything else that might be in the victim’s memory.

Just to clarify, this can affect both clients and servers. Yes, your Android phone’s web browser is just as affected as your Apache web server or OpenLDAP server. So, while updating your OpenSSL version, firmware and operating system are extremely important, one must also consider applications and services that ship with internal versions of OpenSSL or include libraries with compilation that standard updates may not correct.

Resolving this on most systems including current CentOS, RHEL, and Debian based distributions can already be found via standard updates with the included package managers. Systems that do not currently provide updated versions of OpenSSL can be manually updated by building version 1.0.1g from source or building previous versions with the -DOPENSSL_NO_HEARTBEATS flag. In the case of embedded systems such as switches, routers and phones, a firmware update request may have to be made to the vendor directly.

After seeing the large effect this particular bug is having worldwide, we decided to modify existing proof of concept code and provide Nagios users with an automated way to check your systems. Through a Nagios plugin, you can now validate whether your TCP services are vulnerable to the bug with both TLSv1.1 and TLSv1.2. Soon to be implemented updates will include checking of STARTTLS vulnerabilities and UDP connections.

Without further ado, we present the check_heartbleed plugin and heartbleed testing page.

Nagios Exchange: check_heartbleed.py

Monitoring a Linux Machine with Nagios XI & NCPA

Last week we discussed monitoring a Windows machine with NCPA and Nagios XI to make sure that the server was functioning properly.  In order to showcase the cross-platform capabilities of NCPA (Nagios Cross-Platform Agent) we decided it would be a good idea to show how to monitor a Linux machine as well.  In this article I will show you how easy it is to monitor a Linux box using the same exact agent that we used to monitor the Windows box last week.  Here’s how you do it.

1. Installing and configuring NCPA on the remote box

Instructions on installing NCPA can be found here: NCPA Installations Instructions. For more info on acquiring the correct RPM packages for your Linux distro, please check our documentation here: Finding the Right RPM

Run the following commands from the command line as root:

Note: For my example, I used CentOS 6.5, 64-bit, so I ran:

Next, you will have to edit the “community_string” in the NCPA config file. The “community_string” is the token that you will use to log into the agent and also allows the Nagios XI server to communicate with the NCPA agent. This process is comparable to entering a token in the GUI installer when monitoring a Windows machine. Continue reading ‘Monitoring a Linux Machine with Nagios XI & NCPA’

NRPE 2.15 Released – Now with IPv6 Support

NRPE 2.15 was released earlier today. The primary update in this version of NRPE is full support for IPv6.

The NRPE daemon now has the ability to listen on IPv4 and/or IPv6 addresses. In addition, the check_nrpe plugin now accepts switches that specify whether an IPv4 or IPv6 connection should be made to the NRPE daemon. The NRPE daemon has always had the ability to perform checks using IPv6, assuming the plugin it runs supports it. Thanks to Leo Baltus for the patch that made this possible.

IPv6 communication has been tested on Linux (RHEL/CentOS) and is known to work there. It also known to compile on other Unices that we have access to: Solaris 10, AIX 5.3 and 6.1 and HP-UX 11i v1. Feedback on these and other platforms is welcome. Bugs or enhancements (preferably with patches) can be submitted to http://tracker.nagios.org. Other discussion/questions can be sent to the mailing lists or http://support.nagios.com/forum.