Zabbix security question

Kerrygeek

Senior Member

Joined: Dec 2008

Posts: 115
#1

Zabbix security question

09-04-2009, 15:54

I have a network assessment coming up next week so in preparation I scanned my new Zabbix server. I turned off several unused services but I have these ports open:

821 - ?
3306 - Mysql
10051 - Zabbix
443 - https

I'm running a single Zabbix server and ONLY using pings and snmp, no agents anywhere. Do I need to have 3306 and 10051 open in that case? I don't know what port 821 is yet but I can use Iptables to block any or all these ports if Zabbix doesn't need them. If I'm not connecting to the server for mysql I assume I can block 3306 and since I'm not using any agents or any other Zabbix servers I'm hoping I can also block 10051. Will that break anything?

Thanks,
Kerry
Tags: None
Calimero

Senior Member

Joined: Nov 2006

Posts: 481
#2

10-04-2009, 11:46

"netstat -lnp" to see who's listening to what.

zabbix_server must of course be able to connect to mysqld.

if mysqld and zabbix_server are on the same server, you can bind mysqld to 127.0.0.1 (use 'bind-address=127.0.0.1' in the [mysqld] section of my.cnf) and then tell zabbix_server to connect to 127.0.0.1 (or use the unix socket).

If you don't use agents, you can filter trafic coming to the server on port 10051.

Port 443 depends on how you configured Apache. Whether you use HTTP or HTTPS is not a concern for zabbix_server.

Port 821 isn't related to zabbix as far as I know.
Comment

Ad Widget