Hello,
running an md5sum item / trigger on a file like /etc/passwd gives a notification on change and also a red status until the next check. (given that the logic uses .last(0) )
Although this makes sence for most of the items / triggers like http / tcp / load etc. it is quite confusing for tests that refers to a modification like /etc/passwd. It might be that the system was compromised or that this change was not authorized.
Therefore i suggest to have a new option for such kind of items / triggers, where the "zabbix admin" has to confirm this change via the webinterface and maybe to add comment refering to that change.
running an md5sum item / trigger on a file like /etc/passwd gives a notification on change and also a red status until the next check. (given that the logic uses .last(0) )
Although this makes sence for most of the items / triggers like http / tcp / load etc. it is quite confusing for tests that refers to a modification like /etc/passwd. It might be that the system was compromised or that this change was not authorized.
Therefore i suggest to have a new option for such kind of items / triggers, where the "zabbix admin" has to confirm this change via the webinterface and maybe to add comment refering to that change.