I am new to monitoring tools. Recently our server with phpMyAdmin was attacked with botnet. So I want to do some monitoring on my server for any their health and also security. What I am worried is that nagios is also another web application like phpMyAdmin is there any security loop hole in it where hackes can intrude via it? Secondly if there is no problem what should I do to setup monitoring for mysql and web servers? Or if there is any other options then?
SnapOverflow
The web interface you can protect with addional authentication at the web server layer (with an administrative, non public app there is hardly a reason to rely on builtin auth alone, same with phpmyadmin).
What you need to setup far more carefully is your remote plugin layer (nrpe, ssh, client-driven nsca...) since there are non interactive trusts involved, with some setups straight across the open internet.
IMHO none of administrating www tools such as phpmyadmin and nagios should be accessible from internet, if the business does not explicitly request it.
But if you must do that protect such apps with additional passwords with .htaccess .
If you have to provide phpmyadmin for large number of users then protecting it with .htaccess is not such good idea(it's cumbersome to generate password for all users(clients), and users don't like double autentication).
You can always share it on uniqe url not
https://yoursite/phpmyadminall you have to do is to change alias in phpmyadmin visrtualhost file.You should always share those apps over https!
Nagios is only for administrator, you can restrict access to it only for ips that should have accces with .htaccess.
You can serve phpmyadmin and on none standard port. If you share apps on none standart port (other than 80 and 443 ) you can restrict acces to it whith iptables.
Good idea is to protect those apps from brute force with fail2ban.
There are none idealy secured systems. There is always a risk but you must do all to minimize it.
Known security holes are usually not a problem because they get plugged. It is the ones you don't know about that are a problem. But then, asking if there are any unknown holes does not make sense, does it?
You don't have to have your nagios installation open to the public by the way. Keep the admin services on a different server with a different IP and you will be a tiny bit safer (botnets tend to focus on publicly visible sites).
Depending on what you want to monitor, Nagios may or may not be the right tool for the job. And there are also other companies that you can pay to do the monitoring for you. Then you don't have to worry about monitoring the monitoring system itself. The guys at monitis are even offerring MySQL monitoring.
There aren't any known security holes in Nagios. If there are unknown security holes, then you can't do much about it.
There are some security measures you can take:
/etc/nrpe.cfglook forallowed_hosts=. This will limit who can actually ask the NRPE what is happening. (or execute remote commands)I presume you are running apache2, so to do this have a look at the file /etc/apache2/nagios.conf (or your equivalent apache2 configuration file if you have a compiled version). In the directory match block there is a like that says:
You can change this to:
or
Allow from IP