Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-571

create trust between server and agent

    XMLWordPrintable

    Details

    • Type: New Feature Request
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Agent (G)
    • Environment:
      all

      Description

      hi,

      It seems to me that zabbix is accepting any data from any agent without any checking on the source of the data. Here is a scénario:

      • zabbix is used to monitor host on the internet therefor is listening on public unfirewalled ip
      • someone find the server and flood false data with zabbix_sender spoofing the hostname of the node

      result: your monitoring is reporting false data (your host is down but the bad/missconfigured setting send you active data to make it appear up on your zabbix server)

      Would it be handy to have a shared secret we could give to the agent and set in the zabbix node configuration (like a macro). This way each agent providing data should have the shared secret to be accepted by zabbix. Could be a simple hexa string or piece of text.

      With ability to have a shared secret set in a macro we could setup a trust mecanism for the whole zabbix server and change the secret by group or host etc..

      This would make it more secure and very easy to create a security policy to suit your need. This can also be created with ssl and certs but the simple shared secret mecanism should be easier to implement and require much less changes to the whole code.

      __________________
      Regards,
      Ghislain.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              ghislain ghislain
              Votes:
              7 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: