It was discovered that Nagios did not properly parse certain commands
submitted using the WAP web interface. An authenticated user could exploit
this flaw and execute arbitrary programs on the server.
I use Nagios Core 3.5.1. In order to skip the HTTP authentication (guest user without password could also be tedious), I turn off the Nagios authentication based on this article. (even though turning off authentication is not recommended in any situation)
The great thing right now is every one could go to my Nagios address to view, but not able to change anything.
I am trying to install Nagios 4 on an old Pentium 4 machine running Centos 7. I have installed the OS from the x86_64 ISO provided at the website. Nagios is downloaded with wget from Sourceforge. I have followed these instructions to the letter, but every time I seem to hit a wall at the same spot.