Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-21208

Security best practices and authentication pages' update

    XMLWordPrintable

Details

    • Documentation task
    • Status: Confirmed
    • Trivial
    • Resolution: Unresolved
    • None
    • None
    • Documentation (D)
    • None

    Description

      Hello,

      Can we apply the following changes to this page https://www.zabbix.com/documentation/current/en/manual/installation/requirements/best_practices

      1. New Table of Contents
        1. Overview
        2. Access control
          • Principle of least privilege
          • Secure user for Zabbix agent
          • Zabbix Windows agent with OpenSSL
        3. Cryptography
          • Setting up SSL for Zabbix frontend
        4. Web server hardenning
          • Enabling Zabbix on root directory of URL
          • Enabling HTTP Strict Transport Security (HSTS) on the web server
          • Disabling web server information exposure
          • Disabling default web server error pages
          • Removing web server test page
          • Zabbix settings
          • Hiding the file with list of common passwords
        5. UTF-8 encoding
        6. Security vulnerabilities
      2. Rename “Zabbix settings” section to “Set X-Frame-Options HTTP response header”
      3. Rename “Zabbix Windows agent with OpenSSL” to “Revoke write access to SSL configuration file in Windows”
      4. Rename “Security vulnerabilities” to “Zabbix Security Advisories and CVE database”; completely remove CVE-2021-42550 section; add this link https://www.zabbix.com/security_advisories to the section

      Also please add additional information to https://www.zabbix.com/documentation/6.0/en/manual/web_interface/frontend_sections/administration/authentication

      Replace “Anonymous binding is also supported.” with “Anonymous binding is also supported. Remember anonymous binding potentially opens up domain configuration to unauthorized users (information about users, computers, servers, groups, services, etc.). For security reasons, disable anonymous binds on LDAP hosts and use authenticated access instead.”

      Attachments

        Activity

          People

            zabbix.dev Zabbix Development Team
            amitrofanov Alexey Mitrofanov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: