Hello!
I am monitoring disk health using smartctl on some XenServer hypervisors of various models (Dell, UCS chassis).
I am using concepts highlighted from the excellent github repo - https://github.com/v-zhuravlev/zbx-smartctl.
I am using item vaue preprocessing which is an excellent Zabbix 3.4 new feature (we are running Zabbix 3.4.15 and a PostgreSQL 10+ DB).
A security implication came up based on the userparameter_smart.conf file highlighted in the code snippet below.
Question(s): Would you be able to specify items in the Zabbix key (template attached below and importable in Zabbix 3.4) to allow one to execute commands via sudo? Could you for example bring down the client system with the wildcard usage (*) in the userparameter_smart.conf seen below?
userparameter_smart.conf:
I would be very curious to hear about any item key injections that have caused Zabbix issues in the past.
I am monitoring disk health using smartctl on some XenServer hypervisors of various models (Dell, UCS chassis).
I am using concepts highlighted from the excellent github repo - https://github.com/v-zhuravlev/zbx-smartctl.
I am using item vaue preprocessing which is an excellent Zabbix 3.4 new feature (we are running Zabbix 3.4.15 and a PostgreSQL 10+ DB).
A security implication came up based on the userparameter_smart.conf file highlighted in the code snippet below.
Question(s): Would you be able to specify items in the Zabbix key (template attached below and importable in Zabbix 3.4) to allow one to execute commands via sudo? Could you for example bring down the client system with the wildcard usage (*) in the userparameter_smart.conf seen below?
userparameter_smart.conf:
Code:
UserParameter=uHDD.discovery,sudo /etc/zabbix/smartctl-disks-discovery.pl UserParameter=uHDD.A[*],sudo /usr/sbin/smartctl -A /dev/$1 $2 UserParameter=uHDD.i[*],sudo /usr/sbin/smartctl -i /dev/$1 $2 UserParameter=uHDD.health[*],sudo /usr/sbin/smartctl -H /dev/$1 $2 UserParameter=uHDD.selftest[*],sudo /usr/sbin/smartctl -l selftest /dev/$1 $2 UserParameter=uHDD.error[*],sudo /usr/sbin/smartctl -l error /dev/$1 $2 UserParameter=uHDD.ssd[*],sudo /usr/sbin/smartctl -l ssd /dev/$1 $2