-
Documentation task
-
Resolution: Fixed
-
Trivial
-
None
-
None
-
Sprint 90 (Jul 2022)
-
1
Hello,
Can we apply the following changes to this page https://www.zabbix.com/documentation/current/en/manual/installation/requirements/best_practices
- New Table of Contents
- Overview
- Access control
- Principle of least privilege
- Secure user for Zabbix agent
- Zabbix Windows agent with OpenSSL
- Cryptography
- Setting up SSL for Zabbix frontend
- Web server hardenning
- Enabling Zabbix on root directory of URL
- Enabling HTTP Strict Transport Security (HSTS) on the web server
- Disabling web server information exposure
- Disabling default web server error pages
- Removing web server test page
- Zabbix settings
- Hiding the file with list of common passwords
- UTF-8 encoding
- Security vulnerabilities
- Rename “Zabbix settings” section to “Set X-Frame-Options HTTP response header”
- Rename “Zabbix Windows agent with OpenSSL” to “Revoke write access to SSL configuration file in Windows”
- Rename “Security vulnerabilities” to “Zabbix Security Advisories and CVE database”; completely remove CVE-2021-42550 section; add this link https://www.zabbix.com/security_advisories to the section
Also please add additional information to https://www.zabbix.com/documentation/6.0/en/manual/web_interface/frontend_sections/administration/authentication
Replace “Anonymous binding is also supported.” with “Anonymous binding is also supported. Remember anonymous binding potentially opens up domain configuration to unauthorized users (information about users, computers, servers, groups, services, etc.). For security reasons, disable anonymous binds on LDAP hosts and use authenticated access instead.”
