Skip to main content

Hello everyone,

Do you know, how could I block in nsclient++ for the web server (host: 8443) the protocol SSL/TLS and the cipher suites?

I have tried several configuration, but I still have the sames vulnerabilities.

I saw that is possible using NRPE using:

[/settings/NRPE/server]

use ssl = true
insecure = false
ssl options = no-sslv2,no-sslv3,no-tlsv1.0,no-tlsv1.1
allowed ciphers=HIGH:!aNULL:!MD5:!3DES

But like i said i’m using [/settings/WEB/server] for the restapi monitoring

But that don’t work

Do you have a solution?

Best regards

Hello

sorry but you won’t find a solution with NSClient, the software is no longer updated/maintained and nothing in the code has been done for the “webserver” to be able to use these parameters.

 

there is a NSClient alternative (I still need to try it) : snclient ConSol-Monitoring/snclient: SNClient+ - Cross platform monitoring agent (github.com)

it support the restapi for checks, and is being implemented (not fully as you can see on the git, a few windows check are missing)

 

as I’ve said, I have not yet tried this, but will soon

Hi, 

Thanks for your interest in Centreon.

Centreon Monitoring Agent will be release in Beta this Friday (annoucement will be published in Beta group).

It’s dedicated to replace NSClient++/NRPE, for all Centreon, custom & native checks, and provide better integration (dedicated management UI) and performance.

Cipher configuration limitation is a known issue with NSClient++, and some specific tests are planed on Centreon Agent to validate this critical part.

Let me know if you need anything else about the Agent strategy.

 

Reply


Terms & ConditionsCookie settings