[ZBXNEXT-4943] Change Zabbix Agent and Server to use different user accounts in packages Created: 2019 Jan 07 Updated: 2019 Feb 13 |
|
Status: | Open |
Project: | ZABBIX FEATURE REQUESTS |
Component/s: | Agent (G), Packages (C) |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Change Request | Priority: | Major |
Reporter: | W. S. Story | Assignee: | Unassigned |
Resolution: | Unresolved | Votes: | 0 |
Labels: | account, agent, package, security, user | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
CentOS 7 |
Description |
At the suggestion of Richlv, I am creating this. Per Chapter 1, page 15 of the Zabbix Network Monitoring: Second Edition book, it is a bad idea to use the same account for server and agent on the server. Steps to fix:
Currently both start as zabbix user which could be a security vulnerability as the Zabbix agent on the server could read its configuration and give up details there were not intended outside of the server.
|
Comments |
Comment by W. S. Story [ 2019 Jan 07 ] |
I failed to mention that volter discovered this vulnerability. |
Comment by Edgar Akhmetshin [ 2019 Jan 07 ] |
Hello W.S. Story, You can change the user in accordance with the security policy applied in your enterprise. The steps that you use to change a user are not correct:
Could you describe in more detail what the vulnerability is? Regards, |
Comment by richlv [ 2019 Jan 07 ] |
|
Comment by Arturs Lontons [ 2019 Jan 08 ] |
Hi, |