Ad Widget

Collapse

security question: privilegs of zabbix client - how secure host

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • grefabu
    Member
    • Jul 2019
    • 33
    #1

    security question: privilegs of zabbix client - how secure host

    Hi,

    I see the zabbix client run (on linux systems) with user zabbix.
    So I think the user is only running with user privilegs?

    It is an question of security, the zabbix client could run Scripts, but we want that zabbix client diddn't harm the host.

    I see in the passage AllowKey: "If no AllowKey or DenyKey rules defined, all keys are allowed"

    So our question is, how secure the host?

    I hope you understand my intention,...

    Bye

    Gregor
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4811
      #2
      Yes.. zabbix user is a nonprivileged user in host. Your host is as secure as tight as you make your user permissions.
      If your configuration does not contain any specific UserParameters then you can see standard (built-in) items from here https://www.zabbix.com/documentation...s/zabbix_agent . These are "read only", you cannot really harm any host with just querying some data.
      Agent can run scripts, only if configured so. You really need to add those scripts there somehow, they cannot be pushed there through agent.
      Mentioned AllowKey and DenyKey options allow you to more restrict, which items that agent can use. Want that agent not read any logfiles, deny the keys..

        Comment

        • grefabu
          Member
          • Jul 2019
          • 33
          #3
          Thank you, so I was right with my suspection.

            Comment

            Previous template Next
            Working...