hi,
It seems to me that zabbix is accepting any data from any agent without any checking on the source of the data. Here is a scénario:
- zabbix is used to monitor host on the internet therefor is listening on public unfirewalled ip
- someone find the server and flood false data with zabbix_sender spoofing the hostname of the node
result: your monitoring is reporting false data (your host is down but the bad/missconfigured setting send you active data to make it appear up on your zabbix server)
Would it be handy to have a shared secret we could give to the agent and set in the zabbix node configuration (like a macro). This way each agent providing data should have the shared secret to be accepted by zabbix.
With ability to have a shared secret set in a macro we could setup a trust mecanism for the whole zabbix server and change the secret by group or host etc..
This would make it more secure and very easy to create a security policy to suit your need.
It seems to me that zabbix is accepting any data from any agent without any checking on the source of the data. Here is a scénario:
- zabbix is used to monitor host on the internet therefor is listening on public unfirewalled ip
- someone find the server and flood false data with zabbix_sender spoofing the hostname of the node
result: your monitoring is reporting false data (your host is down but the bad/missconfigured setting send you active data to make it appear up on your zabbix server)
Would it be handy to have a shared secret we could give to the agent and set in the zabbix node configuration (like a macro). This way each agent providing data should have the shared secret to be accepted by zabbix.
With ability to have a shared secret set in a macro we could setup a trust mecanism for the whole zabbix server and change the secret by group or host etc..
This would make it more secure and very easy to create a security policy to suit your need.
Comment