Loading...

XML

Word

Printable

Type: New Feature Request
Resolution: Fixed
Priority: Minor
Fix Version/s: 5.0.0alpha1, 5.0 (plan)
Affects Version/s: 1.8.10
Component/s: Agent (G)
Labels:
- security

Sprint:
Sprint 58 (Nov 2019), Sprint 59 (Dec 2019), Sprint 60 (Jan 2020)
Story Points:
2.125

As a security measure, Zabbix agent provides a configuration parameter EnableRemoteCommands to restrict system.run[] checks.

However, system.run[] is not the only way to compromise security through Zabbix agent. For instance, a malicious administrator can potentially query vfs.file.contents[] on a user's workstation to peek on files in the system that contain cached passwords.

Thus, it would be nice if there would be a way to restrict availability of arbitrary checks on the agent, not just system.run[].

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

ZBXNEXT-1085-restriction-of-metrics.png
50 kB
2019 Nov 15 12:21

causes

ZBX-17367 Deprecated flag EnableRemoteCommands is still required to use system.run keys

Open

ZBX-17699 Unsupported item key error on manual script execution when item key is denied by DenyKey

Closed

ZBX-17700 Enabling remote commands on Zabbix agent is very hard and misleading

Closed

is duplicated by

ZBXNEXT-1681 Restrict item keys offered by Zabbix-Agent

Closed

ZBX-11290 Zabbix agent execute command

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...

(3 mentioned in)

Assignee:: Andrejs Tumilovics

Reporter:: Aleksandrs Saveljevs

Team:: Team C

Votes:: 8 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2012 Jan 18 10:14

Updated:: 2024 Apr 10 16:18

Resolved:: 2020 Jan 17 09:26

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates