Originally Posted by and36y
After following the Nagios installation instructions, it lead to the Nagios dir being created under /usr/local. The nagios directory is then given ownership to the nagios user.
A more senior colleague said that this is a security risk and it should not be installed there. Is he correct , are there any issues, what can my argument be ( i've just installed about 10 of these and don't fancy having to change them)
any guidance would be appreciated...
there are many ways to secure nagios.
the first thing is to make sure web interface requests are sent over https
secondly make sure nrpe requests are sent using SSL
make sure only certain IPs can connect to nagios
and make sure only certain hosts can connect to nrpe.
apart from that it should be ok. have a look at