I'm running a few EC2/Scalr instances with zabbix monitoring.
I received complaints about one of my servers port scanning other servers. the logs show it is accessing port 22 on consecutive IP addresses.
I looked at the processes list and saw scanssh is running under the user Zabbix.
My question is- Is scanssh part of zabbix? Is it suppesd to run?
I have active autodiscovery on zabbix but it is looking at another IP addresses and definately not port 20.
Is it possible that something in the config of zabbix agent is controlling it and not the settings on zabbix server?
What can I do to find out if zabbix is somehow misbehaving or it is a hacker?
Any advice is highly appreciated.
I received complaints about one of my servers port scanning other servers. the logs show it is accessing port 22 on consecutive IP addresses.
I looked at the processes list and saw scanssh is running under the user Zabbix.
My question is- Is scanssh part of zabbix? Is it suppesd to run?
I have active autodiscovery on zabbix but it is looking at another IP addresses and definately not port 20.
Is it possible that something in the config of zabbix agent is controlling it and not the settings on zabbix server?
What can I do to find out if zabbix is somehow misbehaving or it is a hacker?
Any advice is highly appreciated.
Comment