Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-5639

Agent2: restrict available checks on the agent side

    XMLWordPrintable

Details

    • New Feature Request
    • Resolution: Fixed
    • Trivial
    • 5.0.0alpha1, 5.0 (plan)
    • None
    • Agent (G)
    • None
    • Team C
    • Sprint 59 (Dec 2019), Sprint 60 (Jan 2020)
    • 2

    Description

      As a security measure, Zabbix agent provides a configuration parameter EnableRemoteCommands to restrict system.run[] checks.

      However, system.run[] is not the only way to compromise security through Zabbix agent. For instance, a malicious administrator can potentially query vfs.file.contents[] on a user's workstation to peek on files in the system that contain cached passwords.

      Thus, it would be nice if there would be a way to restrict availability of arbitrary checks on the agent, not just system.run[].

      C agent implementation done in parent task: ZBXNEXT-1085

      ACC: https://confluence.zabbix.lan/x/Q5RLAw
      SPEC: https://confluence.zabbix.lan/x/xJZLAw
      PLAN: https://teamplan.zabbix.lan/project/view/3431

      Attachments

        Issue Links

          Activity

            People

              atumilovics Andrejs Tumilovics
              atumilovics Andrejs Tumilovics
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: