I was wondering if anyone has gone through and checked for and found ways to lock down Zabbix.
All my servers including my Zabbix server are publicly accessible and making them private is not an option. So I need to make sure Zabbix is locked down.
Things I have done so far.
*Set "AllowOverride All" globally in Apache
*Enabled SSL and disabled "Listen 80" in Apache so only https port 443 access is possible
*Set mysql on the zabbix server to skip-networking so only local access is possible
*Blocked everything except Zabbix required ports in iptables
*Limited zabbix-agent to specific sudoer commands on the servers.
Anything else anyone can think of? If I get paranoid enough about it I may consider setting Apache to only listen to localhost and then putty tunnel in.
All my servers including my Zabbix server are publicly accessible and making them private is not an option. So I need to make sure Zabbix is locked down.
Things I have done so far.
*Set "AllowOverride All" globally in Apache
*Enabled SSL and disabled "Listen 80" in Apache so only https port 443 access is possible
*Set mysql on the zabbix server to skip-networking so only local access is possible
*Blocked everything except Zabbix required ports in iptables
*Limited zabbix-agent to specific sudoer commands on the servers.
Anything else anyone can think of? If I get paranoid enough about it I may consider setting Apache to only listen to localhost and then putty tunnel in.