Zabbix Documentation 2.2

3.04.05.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.24.4Guidelines

User Tools

Site Tools


manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Last revision Both sides next revision
manual:installation:requirements:best_practices [2017/11/03 09:25]
martins-v created; best practices for secure Zabbix setup
manual:installation:requirements:best_practices [2018/12/04 07:18]
martins-v updating screenshot
Line 6: Line 6:
  
 The practices contained here are not required for the functioning of Zabbix. They are recommended for better security of the system. The practices contained here are not required for the functioning of Zabbix. They are recommended for better security of the system.
 +
 +=== Secure user for Zabbix agent ===
 +
 +In the default configuration,​ Zabbix server and Zabbix agent processes share one '​zabbix'​ user. If you wish to make sure that the agent cannot access sensitive details in server configuration (e.g. database login information),​ the agent should be run as a different user:
 +
 +  - Create a secure user
 +  - Specify this user in the agent [[:​manual/​appendix/​config/​zabbix_agentd|configuration file]] ('​User'​ parameter)
 +  - Restart the agent with administrator privileges. Privileges will be dropped to the specified user.
 +
 +=== UTF-8 encoding ===
 +
 +UTF-8 is the only encoding supported by Zabbix. It is known to work without any security flaws. Users should be aware that there are known security issues if using some of the other encodings.
  
 === Setting up SSL for Zabbix frontend === === Setting up SSL for Zabbix frontend ===
Line 84: Line 96:
 It is recommended to disable default error pages to avoid information exposure. Web server is using built-in error pages by default: It is recommended to disable default error pages to avoid information exposure. Web server is using built-in error pages by default:
  
-{{:​manual:​installation:​requirements:​error_page.png|}}+{{:​manual:​installation:​requirements:​error_page_text.png|}}
  
 Default error pages should be replaced/​removed as part of the web server hardening process. The "​ErrorDocument"​ directive can be used to define a custom error page/text for Apache web server (used as an example). Default error pages should be replaced/​removed as part of the web server hardening process. The "​ErrorDocument"​ directive can be used to define a custom error page/text for Apache web server (used as an example).