This post is also available in: French
We wish to draw your attention to one of the latest security alerts impacting Nagios. This could possibly affect your Centreon monitoring.
Here’s what the Merethis technical teams advocate.
You should know that this warning only applies to Nagios CGIs and it allows to execute code remotely. Nagios CGIs correspond to its web interface. This vulnerability requires that the attacker has an account on the CGIs. If it doesn’t have an account or the CGI are not installed then the intrusion is impossible.
If CGIs are installed, it is recommended to check that the following user accounts are not enabled by default:
To secure your installation, you can:
- go to Nagios 3.4.4 (not recommended)
- disable CGIs (recommended)
- prohibit any unidentified person from accessing the CGIs (recommended)
Find more details on this security alert
Useful and significant information: Centreon Engine is NOT affected by this security warning