With security being a top priority, and the increase in cyber threats, it’s important to ensure that your monitoring system is secure and the checks you are performing are secure. Using ReChecked Manager, you can significantly improve security just by implementing a few simple practices.
Here’s what you can do for the different check types to improve security:
- Active Checks
- Passive Checks – via NRDP
Active Checks
One of the problems with current agent solutions is that the agent API cannot be verified for active checks. You can generate self signed certificates manually and manage a CA certificate that you can use to verify authenticity of your active checks when you call the agent. However, this process is tedious and time consuming, especially if your certificates are set to expire at a proper expiration date.
When you create an organization in ReChecked Manager, you will generate a CA certificate that you can download and install on your local machine and your Nagios XI or Nagios Core server. To get your certificate, go to My Account in the top right corner:
From there, select the organization who’s CA certificate you are trying to access.
Select the Show CA Certificate button. From there, you can download the CA certificate to your local machine.
Once you download the .crt file, you can install the CA certificate on your machines.
Passive Checks
By default, rcagent will verify the NRDP location’s SSL certificate if you’re sending it over HTTPS. You should ensure that there is a trusted SSL certificate for your Nagios XI or Nagios Core NRDP URL. A valid trusted SSL certificate is the easiest way to ensure this. If you’re on an internal network and/or cannot get one for your hostname, you’ll have to ensure you have your own valid certificate that is valid on the agent side for when it tries to send data to NRDP.