Details
-
Type:
New Feature Request
-
Status: Closed
-
Priority:
Trivial
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 5.0.0alpha1, 5.0 (plan)
-
Component/s: Agent (G)
-
Labels:None
-
Team:Team C
-
Sprint:Sprint 59 (Dec 2019), Sprint 60 (Jan 2020)
-
Story Points:2
Description
As a security measure, Zabbix agent provides a configuration parameter EnableRemoteCommands to restrict system.run[] checks.
However, system.run[] is not the only way to compromise security through Zabbix agent. For instance, a malicious administrator can potentially query vfs.file.contents[] on a user's workstation to peek on files in the system that contain cached passwords.
Thus, it would be nice if there would be a way to restrict availability of arbitrary checks on the agent, not just system.run[].
C agent implementation done in parent task: ZBXNEXT-1085
ACC: https://confluence.zabbix.lan/x/Q5RLAw
SPEC: https://confluence.zabbix.lan/x/xJZLAw
PLAN: https://teamplan.zabbix.lan/project/view/3431
Attachments
Issue Links
- mentioned in
-
Page Loading...