There are a lot of changes in Nagios XI 5.5. We’ve built a more robust backend with better performance, upgraded the internal, added various new and improved features, and upgraded the base components. We’ve also improved the security of the software.
Security
Two Factor Authentication TPS#12189
Email two factor authentication can be enabled in the Security tab in Admin > System Settings. You can also allow users to check a box to save the browser they are logging in from for a period of time you specify after successfully completing two factor authentication. This feature is turned off by default.
Passwords and Sensitive Info TPS#4689
We have started using stronger hashing algorithms for password storage. We have also added encryption/decryption of stored password data for passwords that are stored by the server throughout the UI. We have also included SSH key authentication as an option for SSH Scheduled Backups.
Session Timeout TPS#9938
You can now turn on and set a session timeout in the Admin > Global Settings > Security section. The Nagios XI system will logout the user if their session expires without moving pages. A few pages (NOC screen, Birdseye, Operations Center) will not adhere to the timeout and won’t log you out.
Mobile Phone Verification TPS#12042
Users are now required to verify mobile phone numbers before receiving SMS/text notifications. If you are upgrading XI to 5.5 and a user already has SMS/text notifications enabled, it will be considered verified after upgrade and would only need to be verified again if changed.
User Account Changes TPS#12158 TPS#12132 TPS#7099 TPS#10895
Passwords are now stored with a more secure hashing algorithm. In the Passwords & Account tab in Admin > System Settings admins can Disallow Old Passwords so that users are not able to use previously used passwords when changing their password. Users can now leave the text message subject field blank in SMS templates. Emails can now be sent in plain text only, using a checkbox in the User’s Notification Methods page.
Restricted Rapid Response URL
The new rapid response URL links only allow a response for a certain amount of time. They also will only authenticate you for the rapid response page and not let users go into the full XI interface without logging in first.
Single Use Auth Tokens
With the new
api/v1/authenticate
API endpoint, you can create authentication tokens by passing your username and password over an HTTP POST request. Auth tokens can then be used to authenticate a user into the interface. This can also be used for 3rd party auth services.File Permissions TPS#12730
Permissions for backend scripts and files have been updated to be more secure. This includes scripts that are ran through sudo, config files in Nagios Core, and the files in Nagios XI.
Interface
Host and Service Status Pages TPS#7893 TPS#12059 TPS#12055 TPS#7112
Added a notes_url and actions_url icon in the main service and host status details pages. These can be hovered over and/or clicked to see the information that is put in the config option. These options can be set in the CCM. Also updated the names of the pages to remove the word details from the menu links for host and service status. Added links to the host/service details pages to hostgroups and servicegroups. Updated the displaying of host/service aliases to accurately reflect the display name.
Updated Help TPS#12830
Added a help document about how to contribute to translations of the XI interface. Also added a help document about how to use single use auth tokens.
SNMP Trap Interface Enterprise
We added a new feature for managing incoming traps. This new component allows you to define, test, view, and keep track of incoming SNMP traps easily from an interface. You can also edit the trap definitions with helpful popup information.
NagVis Integration
We’ve updated the version of NagVis to the latest. We have also added a new module, to allow session login from the XI interface. This means if you’re logged into XI you will not need to log into NagVis separately.
Reporting
Report Filtering Options TPS#5970 TPS#9194 TPS#12048
You can now filter by state (OK, WARNING, CRITICAL, UNKNOWN, DOWN, UP, UNREACHABLE) in the state history report. Tables in the scheduled downtime page can now be sorted by clicking on the table header. Added a date time and timeperiod picker to all the main XI reports so you can now add in the time through the dropdown time picker. Useful for reporting on only a few hours or even minutes of data.
User Settings TPS#8082
Users can now set the start of the week using the week format setting. They can set the start of the week to be Sunday or Monday in the user settings.
Manage Scheduled Reports Page Enterprise TPS#11609
Admins can now manage user’s scheduled reports (edit, copy, delete) from a new admin page located in the reports tab.
Install
New Interface
We have updated the installation interface to be simple, informative, and to allow you to set up more general options on install.
Extended Options TPS#12073
Added option to enable SSL/HTTPS redirect. You will need to install a valid SSL certificate if you’d like to see a green bar. Added ability to setup the Admin email notification settings during the install.
Administration
Automatic Passive Check Configuration TPS#2231
In the Unconfigured Objects page, you can now set up automatic processing of incoming unknown passive checks. This allows you to have Nagios XI automatically set up these passive checks with templates, contacts, and even restart Core.
Activation and Renewals
You can now activate the product from inside of XI once you’ve put in your License Key, click on the “Activate Now” button on the License page and you can activate by adding in your client ID or unique code. You can also stop renewal reminders from being given to users in the Global Settings area.
SSH Terminal Changes Enterprise TPS#12202
We removed Ajaxterm and replaced it with shellinabox, which is a better, easier to use SSH terminal.
Manage User Changes TPS#6186 TPS#8239 TPS#11608
Admins can now edit a user by clicking their username on the manage users page. When users are deleted, the cron jobs for scheduled reports are deleted for that user. Account usernames can now be up to 255 characters long.
System Profile Changes TPS#1456 TPS#9108
Profile download now comes with versions in an html file. Profile download now contains the versions of all components, wizards, and dashlets. Added the
ipcs
command output to the profile zip. Added the versions of Nagios Core, Nagios-Plugins, SSH Terminal, NRPE, NSCA, PNP, etc.Performance Options TPS#8345
Added a new setting to Admin > Performance Settings to set the amount of Snapshots to keep for Core/CCM configurations.
Core Config Manager
Restricted CCM Access for Users
We have added the ability for users to be able to be automatically logged into the CCM just like admins. This can be with limited permissions for only what the users themselves can see, or with permissions to view everything. You get to choose.
Apply Config Changes TPS#6127
Now after an apply config, the BPI configuration will sync for hostgroups and servicegroups. These are part of an enterprise feature that is available inside the Business Process Intelligence component.
Ease of Use TPS#13227 TPS#12270 TPS#10049 TPS#13158
Regular users are now able to be given session-style access just like admins. They can also be given limited access to only view objects they are able to view. Copying services will no longer create a new config name. Config search is no longer case sensitive. Added contact alias next to contact names. Also added the services that are applied to a host via hostgroups to the service groups list.
Service Import Updates TPS#13303
The CCM will now properly import services that have multiple hosts or hostgroups applied to then.
Apply Config Audit Logging TPS#7954
When someone applies config in the CCM it is now logged in the audit log.
Backend
API Endpoints
Added multiple API endpoints such as
scheduleddowntime
, auth_servers
, sla
, bpi
, and many more. You can also send raw Core configs in to be important and send Core commands to new API endpoints.API Encoding Changes
Objects API calls will no longer return with
<object>list
root. JSON is now valid and using the json_encode() function built into PHP instead of a 3rd party library, allowing for better PHP version compatibility in PHP 7+.Backend Script Changes TPS#9908 TPS#12386
The scripts for applying config, resetting system permissions, importing and exporting configs have been changed. We also updated the scripts to no longer call
wget
. Some scripts have also changed, below is a list of old scripts and their equivalents. Scripts italicized below are still available on upgraded systems, but not on new installs.- Apply Config Scripts
ccm_export.php
replacesexport_nagiosql.sh
andnagiosql_exportall.php
ccm_import.php
replacesimport_nagiosql.sh
andnagiosql_importall.php
ccm_snapshot.php
replacesnagiosql_snapshot.php
- scripts no longer require the
nagiosql_login.php
script to log into the ccm and is no longer in XI - Object Deletion Scripts
ccm_delete_object.php --type <type> --id <id>
replacesnagiosql_delete_object.sh
ccm_delete_object.php --type contact
replacesnagiosql_delete_contact.php
ccm_delete_object.php --type timeperiod
replacesnagiosql_delete_timeperiod.php
ccm_delete_object.php --type host
replacesnagiosql_delete_host.php
ccm_delete_object.php --type service
replacesnagiosql_delete_service.php
Bug Fixes
Various Bug Fixes TPS#13163 TPS#13211 TPS#13213 TPS#13251
Cleaned up some bugs that were causing some issues throughout the interface.