At the suggestion of Richlv, I am creating this. Per Chapter 1, page 15 of the Zabbix Network Monitoring: Second Edition book, it is a bad idea to use the same account for server and agent on the server.
Steps to fix:
- Create a /var/log/zabbixagent
- Create a zbxagent user account with nologin
- sudo cp /usr/lib/systemd/system/zabbix-agent.service /etc/systemd/system
- Modify the PidFile parameter to /var/run/zabbixagent/zabbix_agentd.pid
- Add a line User=zbxagent under the [Service] section
- Modify PidFile and LogFile in /etc/zabbix/zabbix_agentd.conf
- systemctl daemon-reload
- systemctl start zabbix-agent
Currently both start as zabbix user which could be a security vulnerability as the Zabbix agent on the server could read its configuration and give up details there were not intended outside of the server.