Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-4943

Change Zabbix Agent and Server to use different user accounts in packages

    Details

      Description

      At the suggestion of Richlv, I am creating this. Per Chapter 1, page 15 of the Zabbix Network Monitoring: Second Edition book, it is a bad idea to use the same account for server and agent on the server.

      Steps to fix:

      1. Create a /var/log/zabbixagent
      2. Create a zbxagent user account with nologin
      3. sudo cp /usr/lib/systemd/system/zabbix-agent.service /etc/systemd/system
      4. Modify the PidFile parameter to /var/run/zabbixagent/zabbix_agentd.pid
      5. Add a line User=zbxagent under the [Service] section
      6. Modify PidFile and LogFile in /etc/zabbix/zabbix_agentd.conf
      7. systemctl daemon-reload
      8. systemctl start zabbix-agent

      Currently both start as zabbix user which could be a security vulnerability as the Zabbix agent on the server could read its configuration and give up details there were not intended outside of the server.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sstory W. S. Story
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated: