Agent2: restrict available checks on the agent side

XMLWordPrintable

    • Type: New Feature Request
    • Resolution: Fixed
    • Priority: Trivial
    • 5.0.0alpha1, 5.0 (plan)
    • Affects Version/s: None
    • Component/s: Agent (G)
    • None
    • Sprint 59 (Dec 2019), Sprint 60 (Jan 2020)
    • 2

      As a security measure, Zabbix agent provides a configuration parameter EnableRemoteCommands to restrict system.run[] checks.

      However, system.run[] is not the only way to compromise security through Zabbix agent. For instance, a malicious administrator can potentially query vfs.file.contents[] on a user's workstation to peek on files in the system that contain cached passwords.

      Thus, it would be nice if there would be a way to restrict availability of arbitrary checks on the agent, not just system.run[].

      C agent implementation done in parent task: ZBXNEXT-1085

      ACC: https://confluence.zabbix.lan/x/Q5RLAw
      SPEC: https://confluence.zabbix.lan/x/xJZLAw
      PLAN: https://teamplan.zabbix.lan/project/view/3431

        1. conf_refactor.diff
          8 kB

            Assignee:
            Andrejs Tumilovics
            Reporter:
            Andrejs Tumilovics
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: