Nagios Support Forum

Hello,

We have received a report from our weekly security scans that the version of PostgresSQL that is running on our Nagios xi instances has multiple vulnerabilities.
There are no specific vulnerability listed, just that we should upgrade to 9.3.23 or later.

I went through the Nagios xi change logs and did not find that PostgresSQL has been upgraded; but I am not positive if this is a database that is bundled with Nagios xi or RHEL.

If this is bundled with Nagios xi, are there plans to upgrade PostgresSQL to a newer version in the future? If it is not bundled, will we be safe to upgrade PostgresSQL to a newer version, and if so, is there a recommended version that falls into these version numbers: 9.3.23 / 9.4.18 / 9.5.13 / 9.6.9 / 10.4 or later.

Best,
Paul

It likely came from xi, I would need a copy of your profile.zip file from Admin > System Profile in order to see if xi is using it or not.

xi systems that were upgraded from pre-xi 5.X versions would still utilize the postgresql DB for the nagiosxi database if not manually converted by the below process:

You can migrate the nagiosxi database from postgresql to mysql if you'd like (not required):

https://support.nagios.com/kb/article.php?id=560

You can upgrade postgresql (I don't think we have a limitation on the version as far as I'm aware) to v9+ but you must do this once on v9.1 or later:

https://support.nagios.com/kb/article/n ... r-754.html

Hello,

I have sent a copy of our profile.zip via PM.

Best,
Paul

Yes, your system is using postgresql so it must've been upgraded from a pre-xi 5 system, so you can either convert to mysql or upgrade postgresql to close the vulnerabilities.

Thank you ssax,

I believe we will be going the route of MySQL migration.

Best,
Paul