You can disable remote commands (EnableRemoteCommands=0).

But yes, the "remote command" feature allows arbitrary commands to be run remotely as the user zabbix_agentd runs as.

zabbix_agentd only handles connections originating from the IP address(es) given in zabbix_agentd.conf (Server=IP1,IP2,...). But of course that doesn't protect from spoofing.

And indeed if one of your zabbix_server is compromised, any command can be run as user zabbix on your monitored hosts that allow remote commands.

Personally I disable remote commands (mainly for security reasons, but I don't really have any reason to use it) and instead use UserParameters that do at least some parameters checks.

Anyway, nobody would do any kind of monitoring over an insecure network: I've always had an admin/backoffice network dedicated to monitoring, administration, internal trafic (ie: database connection). No monitoring or anything sensitive on the "public" network (monitoring servers aren't even connected to the "public" network).

I'm monitoring two remote hosts and use OpenVPN for this (but that's outside zabbix' scope).

In active mode, zabbix_agentd connects to zabbix_server to retrieve a list of what item it has to check (instead of having zabbix_server connect to zabbix_agentd to get each and every item).

Thank you for those ansers Calimero.

If I set the agents only in active mode, is it as good as normal configuration.

Perhaps a lake of performance ?? or not ?