Nagios XI 5.5 is here! All the changes

A comprehensive list of the changes in Nagios XI 5.5.

There are a lot of changes in Nagios XI 5.5. We've built a more robust back-end with better performance, upgraded the internal, added various new and improved features, and upgraded the base components.

We've also improved the security of the software.

Security

Two-factor authentication TPS#12189

E-mail two-factor authentication can be enabled in the Security tab in Admin > System Settings. You can also allow users to check a box to save the browser they are logging in from for a period of time you specify, after successfully completing two-factor authentication. This feature is turned off by default.

Passwords and sensitive info TPS#4689

We have started using stronger hashing algorithms for password storage. We have also added encryption/decryption of stored password data for passwords that are stored by the server throughout the UI. We have also included SSH key authentication as an option for SSH scheduled backups.

Session timeout TPS#9938

You can now turn on and set a session timeout in the Admin > Global Settings > Security section. The Nagios XI system will log-out users if their sessions expire without moving pages. A few pages (NOC screen, Birdseye, Operations Center) will not adhere to the timeout and won't log you out.

Mobile phone verification TPS#12042

Users are now required to verify mobile phone numbers before receiving SMS/text notifications. If you are upgrading XI to 5.5 and a user already has SMS/text notifications enabled, it will be considered verified after upgrade and would only need to be verified again if changed.

User account changes TPS#12158 TPS#12132 TPS#7099 TPS#10895

Passwords are now stored with a more secure hashing algorithm. In the Passwords & Account tab in Admin > System Settings admins can disallow old passwords so users are not able to use previously used passwords when changing their password. Users can now leave the text message subject field blank in SMS templates. E-mails can now be sent in plain text only, using a checkbox in the User's Notification Methods page.

Restricted rapid response URL

The new rapid response URL links only allow a response for a certain amount of time. They also will only authenticate you for the rapid response page and not let users go into the full XI interface without logging in first.

Single use auth tokens

With the new api/v1/authenticate API endpoint, you can create authentication tokens by passing your username and password over an HTTP Post request. Auth tokens can then be used to authenticate a user into the interface. This can also be used for third-party auth services.

File permissions TPS#12730

Permissions for back-end scripts and files have been updated to be more secure. This includes scripts that are run through sudo, config files in Nagios Core, and the files in Nagios XI.

Interface

Host and service status pages TPS#7893 TPS#12059 TPS#12055 TPS#7112

A notes_url and actions_url icon have been added in the main service and host status details pages. These can be hovered over and/or clicked to see the information that is put in the config option. These options can be set in the CCM. Also updated are the names of the pages to remove the word details from the menu links for host and service status. Added links to the host/service details pages to host groups and service groups. Updated the displaying of host/service aliases to accurately reflect the display name.

Updated help TPS#12830

Added a help document about how to contribute to translations of the XI interface. Also added a help document about how to use single use auth tokens.

SNMP trap interface enterprise

We added a new feature for managing incoming traps. This new component allows you to define, test, view, and keep track of incoming SNMP traps easily from an interface. You can also edit the trap definitions with helpful pop-up information.

NagVis integration

We've updated the version of NagVis to the latest. We have also added a new module to allow session login from the XI interface. This means if you're logged into XI you will not need to log into NagVis separately.

Reporting

Report filtering options TPS#5970 TPS#9194 TPS#12048

You can now filter by state (ok, warning, critical, unknown, down, up, unreachable) in the state history report. Tables in the scheduled downtime page can now be sorted by clicking on the table header. Also added is a date, time and time period picker to all the main XI reports, so you can now add in the time through the drop-down time picker. Useful for reporting on only a few hours or even minutes of data.

User settings TPS#8082

Users can now set the start of the week using the week format setting. They can set the start of the week to be Sunday or Monday in the user settings.

Manage scheduled reports page enterprise TPS#11609

Admins can now manage users' scheduled reports (edit, copy, delete) from a new admin page located in the reports tab.

Install

New interface

We have updated the installation interface to be simple, informative, and to allow you to set up more general options on install.

Extended options TPS#12073

Added option to enable SSL/HTTPS redirect. You will need to install a valid SSL certificate if you'd like to see a green bar. Added ability to set up the admin e-mail notification settings during the install.

Administration

Operating system support

We have added support for Ubuntu (14, 16, 18) and Debian (8, 9) in this release.

Automatic passive check configuration TPS#2231

In the Unconfigured Objects page, you can now set up automatic processing of incoming unknown passive checks. This allows you to have Nagios XI automatically set up these passive checks with templates, contacts, and even restart Core.

Activations and renewals

You can now activate the product from inside of XI; once you've put in your licence key, click on the "Activate Now" button on the Licence page and you can activate by adding in your client ID or unique code. You can also stop renewal reminders from being given to users in the Global Settings area.

SSH terminal changes enterprise TPS#12202

We removed Ajaxterm and replaced it with shell in a box, which is a better, easier to use SSH terminal.

Manage user changes TPS#6186 TPS#8239 TPS#11608

Admins can now edit a user by clicking on the username on the manage users page. When users are deleted, the cron jobs for scheduled reports are deleted for that user. Account usernames can now be up to 255 characters long.

System profile changes TPS#1456 TPS#9108

Profile download now comes with versions in an html file. Profile download now contains the versions of all components, wizards, and dashlets. Added the ipcs command output to the profile zip. Added the versions of Nagios Core, Nagios-Plugins, SSH Terminal, NRPE, NSCA, PNP, etc.

Performance options TPS#8345

Added a new setting to Admin > Performance Settings to set the amount of snapshots to keep for Core/CCM configurations.

Core Config Manager

Restricted CCM access for users

We have added the ability for users to be able to be automatically logged into the CCM, just like admins. This can be with limited permissions for only what the users themselves can see, or with permissions to view everything. You get to choose.

Apply config changes TPS#6127

Now, after an apply config, the BPI configuration will sync for host groups and service groups. These are part of an enterprise feature that is available inside the Business Process Intelligence component.

Ease of use TPS#13227 TPS#12270 TPS#10049 TPS#13158

Regular users are now able to be given session-style access just like admins. They can also be given limited access to only view objects they are able to view. Copying services will no longer create a new config name. Config search is no longer case-sensitive. Added contact alias next to contact names. Also added the services that are applied to a host via host groups to the service groups list.

Service import dates TPS#13303

The CCM will now properly import services that have multiple hosts or host groups applied to them.

Apply config audit logging TPS#7954

When someone applies config in the CCM, it is now logged in to the audit log.

Back-end

API endpoints

Added multiple API endpoints such as scheduled downtime, auth_servers, sla, bpi, and many more. You can also send raw Core configs in to be imported and send Core commands to new API endpoints.

Back-end script changes TPS#9908 TPS#12386

The scripts for applying config, resetting system permissions, importing and exporting configs have been changed. We also updated the scripts to no longer call wget. Some scripts have also changed; below is a list of old scripts and their equivalents. Scripts italicised below are still available on upgraded systems, but not on new installs.

Apply config scripts

ccm_export.php replaces export_nagiosql.sh and nagiosql_exportall.php
ccm_import.php replaces import_nagiosql.sh and nagiosql_importall.php
ccm_snapshot.php replaces nagiosql_snapshot.php
scripts no longer require the nagiosql_login.php script to log into the ccm and is no longer in XI

Object deletion scripts

ccm_delete_object.php --type --id replaces nagiosql_delete_object.sh
ccm_delete_object.php --type contact replaces nagiosql_delete_contact.php
ccm_delete_object.php --type timeperiod replaces nagiosql_delete_timeperiod.php
ccm_delete_object.php --type host replaces nagiosql_delete_host.php
ccm_delete_object.php --type service replaces nagiosql_delete_service.php

Share

Editorial contacts

Dirk Robinson
Robinson Distribution
(012) 841 0480
dirk@rdgroup.co.za