search

NagiosEnterprises / ncpa

Nagios Cross-Platform Agent
Other
177 stars 95 forks source link

NCPA port 5693 detected as vulnerable #819

Closed hassleboy123 closed 2 years ago

hassleboy123 commented 3 years ago

The vulnerability team has detected port 5693. How can I disable this or switch off this feature?

curl -k -i -X OPTIONS -I https://localhost:5693 HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Allow: HEAD, OPTIONS, GET X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self' Content-Length: 0 Date: Wed, 13 Oct 2021 01:03:12 GMT

ericloyd commented 3 years ago

To my knowledge, this has never been implemented. See https://github.com/NagiosEnterprises/ncpa/issues/792

But the port only needs to be accessible for the NCPA agent to act in active mode. If you're using passive mode, it can be turned off or firewalled.

jomann09 commented 2 years ago

I've looked into this before and it's kind of a pain to try to disable OPTIONS in flask, since it automatically handles them and doesn't really give me good options to disable it. As ericloyd said, that's about the only option besides waiting for the issue he mentioned to be able to disable the whole frontend. I'm going to close this since we won't be able to disable it atm.

hassleboy123 commented 2 years ago

Hi

This is now fixed by upgrading the ncpa agent.

On Tue, Oct 26, 2021 at 11:39 PM Jake Omann @.***> wrote:

I've looked into this before and it's kind of a pain to try to disable OPTIONS in flask, since it automatically handles them and doesn't really give me good options to disable it. As ericloyd said, that's about the only option besides waiting for the issue he mentioned to be able to disable the whole frontend. I'm going to close this since we won't be able to disable it atm.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/NagiosEnterprises/ncpa/issues/819#issuecomment-952065337, or unsubscribe https://github.com/notifications/unsubscribe-auth/AU3N33ABVC7C7IYBELUHD6TUI3DUDANCNFSM5F4A3VBA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

--

NEIL-ANTHONY CAMARA

UNIX SYSTEM ADMINISTRATOR, RHCE, ORACLE PROFESSIONAL, ORACLE SYSTEM ADMINISTRATOR, ITIL v3

Red Hat https://www.redhat.com/ASIA PACIFIC

Philippines @.*** M: +639176344816