Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-5639

Agent2: restrict available checks on the agent side

XMLWordPrintable

    • Icon: New Feature Request New Feature Request
    • Resolution: Fixed
    • Icon: Trivial Trivial
    • 5.0.0alpha1, 5.0 (plan)
    • None
    • Agent (G)
    • None
    • Team C
    • Sprint 59 (Dec 2019), Sprint 60 (Jan 2020)
    • 2

      As a security measure, Zabbix agent provides a configuration parameter EnableRemoteCommands to restrict system.run[] checks.

      However, system.run[] is not the only way to compromise security through Zabbix agent. For instance, a malicious administrator can potentially query vfs.file.contents[] on a user's workstation to peek on files in the system that contain cached passwords.

      Thus, it would be nice if there would be a way to restrict availability of arbitrary checks on the agent, not just system.run[].

      C agent implementation done in parent task: ZBXNEXT-1085

      ACC: https://confluence.zabbix.lan/x/Q5RLAw
      SPEC: https://confluence.zabbix.lan/x/xJZLAw
      PLAN: https://teamplan.zabbix.lan/project/view/3431

        1. conf_refactor.diff
          8 kB
          Andris Zeila

            atumilovics Andrejs Tumilovics
            atumilovics Andrejs Tumilovics
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: