[ZBX-18893] Make config files with db password unreadable by zabbix daemons - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Defect (Security)
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.28rc1, 5.0.8rc1, 5.2.4rc1, 5.4.0alpha1, 5.4 (plan)
Component/s: Frontend (F), Packages (C)
Labels:
None

Team:
Team I
Sprint:
Sprint 72 (Jan 2021)
Story Points:
1

Description

Currently zabbix config files containing db password can be read as user or group zabbix. This causes ZBXSEC-7.

Allow server & proxy config files to be read only as root.
Fix permissions of zabbix.conf.php file, which currently can be read by anyone.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

cancel_button_disappear.gif
134 kB
2021 Jan 12 14:51
image-2021-01-13-14-31-23-871.png
35 kB
2021 Jan 13 14:32
Screenshot 2021-01-29 at 21.01.29.png
158 kB
2021 Jan 29 22:02
Screenshot 2021-01-29 at 21.01.29-1.png
158 kB
2021 Jan 29 22:02
Screenshot 2021-01-29 at 21.01.48.png
115 kB
2021 Jan 29 22:02
Screenshot 2021-01-29 at 21.01.48-1.png
115 kB
2021 Jan 29 22:02
Screenshot 2021-01-29 at 21.01.48-2.png
115 kB
2021 Jan 29 22:03
Selection_161.png
39 kB
2021 Jan 12 14:50

Issue Links

causes

ZBXNEXT-6498 Provide Frontend option to reload Zabbix Server configuration cache and show last cache update time

Open

ZBX-18954 config_cache_reload not working when run via frontend script

Open

mentioned in: Page Loading...

Activity

People

Assignee:: Jurijs Klopovskis

Reporter:: Jurijs Klopovskis

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2021 Jan 05 14:51

Updated:: 2022 Jan 07 14:23

Resolved:: 2021 Jan 18 19:30