Zabbix Documentation 3.4

2.23.04.0 (current)In development:4.2 (devel)Unsupported:1.82.02.43.23.4

User Tools

Site Tools


manual:installation:requirements:best_practices

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:installation:requirements:best_practices [2018/06/11 11:30]
natalja.cernohajeva Best practices for secure Zabbix setup section update (copied from 3.0)
manual:installation:requirements:best_practices [2018/12/04 07:42] (current)
martins-v updating screenshot
Line 14: Line 14:
   - Specify this user in the agent [[:​manual/​appendix/​config/​zabbix_agentd|configuration file]] ('​User'​ parameter)   - Specify this user in the agent [[:​manual/​appendix/​config/​zabbix_agentd|configuration file]] ('​User'​ parameter)
   - Restart the agent with administrator privileges. Privileges will be dropped to the specified user.   - Restart the agent with administrator privileges. Privileges will be dropped to the specified user.
 +
 +=== UTF-8 encoding ===
 +
 +UTF-8 is the only encoding supported by Zabbix. It is known to work without any security flaws. Users should be aware that there are known security issues if using some of the other encodings.
  
 === Setting up SSL for Zabbix frontend === === Setting up SSL for Zabbix frontend ===
Line 97: Line 101:
 It is recommended to disable default error pages to avoid information exposure. Web server is using built-in error pages by default: It is recommended to disable default error pages to avoid information exposure. Web server is using built-in error pages by default:
  
-{{:​manual:​installation:​requirements:​error_page.png|}}+{{:​manual:​installation:​requirements:​error_page_text.png|}}
  
 Default error pages should be replaced/​removed as part of the web server hardening process. The "​ErrorDocument"​ directive can be used to define a custom error page/text for Apache web server (used as an example). Default error pages should be replaced/​removed as part of the web server hardening process. The "​ErrorDocument"​ directive can be used to define a custom error page/text for Apache web server (used as an example).