Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-2638

Separate zabbix_agent remote execution into a separate poller

    XMLWordPrintable

    Details

    • Type: New Feature Request
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Agent (G)
    • Labels:

      Description

      I would like if you separated out the portions of the agent into a new process. (E.g. zabbix_exec, zabbix_agent_execd, or something..) This process would perform the following actions:

      • Run scripts requested from server
      • Process userparameters
      • Remote execution
      • SSH agent commands
      • Basically anything else where the agent executes something provided by a custom command

      This would gain large configuration flexibility and security benefits such as "Now being able to...":

      • Filter access by host for this process (Firewall) <--- Critical!
      • Change the listen port for these more dangerous types of agent commands
      • Configure a different set of trusted IP's listed in the config to be allowed to run these more dangerous commands.
      • Configure the daemon user separately for zabbix_agent and zabbix_exec
      • Code greatly simplified in both the zabbix_agent and zabbix_sshd
      • Configure separate sudo, apparmor, SElinux, etc for this process.
      • Separate logging
      • Tunnel this functionality over SSH/SSL very easily
      • Etc..

      As we don't have agent ssl or auth, this is IMO a critical security issue as well.

      Splitting this code out to it's own daemon might even make it easier for you or someone else to implement server<->agent authentication and encryption.

      Thanks for your time guys!

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            tagwolf David Cahill
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: