[ZBXNEXT-2904] Option to securely pass sensitive arguments to External check and User parameter Created: 2015 Aug 15 Updated: 2021 Apr 08 |
|
| Status: | Open |
| Project: | ZABBIX FEATURE REQUESTS |
| Component/s: | Agent (G), Proxy (P), Server (S) |
| Affects Version/s: | 2.2.10 |
| Fix Version/s: | None |
| Type: | New Feature Request | Priority: | Major |
| Reporter: | Marc | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 1 |
| Labels: | externalchecks, security, userparameters | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Description |
|
Command line arguments or environment variables can easily be exposed via the /proc file system. Since Now I wonder whether it is feasible to improve External check and User parameter functionality to be usable for such cases too - to get sensitive data passed more securely. The only way I currently can think of is by optionally passing data to stdin of the custom command. I've no clue whether it should rather be configurable in a fixed format with two variables only (username and password) or a free form field supporting line breaks. The first allows to use existing form fields. The latter provides maximum flexibility for instance to adapt a format that is already supported by a given custom command. I know, without something like |
| Comments |
| Comment by Justin Addams [ 2021 Apr 08 ] |
|
If I understand correctly, this is still an issue experienced even when using the new secure macros? |