1

One of my machine set by a third party contractor is running zabbix_agentd in the network that can be accessed from the Internet (i.e. no firewall port blocking)

I want to ask, it is safe? Is the connection encrypted?

Howard
  • 2,135
  • 13
  • 48
  • 72

3 Answers3

0

I would say it might be risky: http://www.cvedetails.com/vulnerability-list/vendor_id-5667/Zabbix.html

Even for remote monitoring there should be a VPN between the main site and the branch office. Don't expose things to the internet you don't need to.

krugger
  • 411
  • 2
  • 4
0

The Zabbix agent doesn't use any encryption. All communications are in the clear. Also if you have the agent configured to allow remote command execution that can add risk. It would be possible to MITM the Zabbix agent with another Zabbix server.

By default you should have firewall rules defined on what can connect to the agent. You also want to provide a secure transport layer between the server and agent. I would also suggest that if you do have remote commands enabled that you also implement strict sudoers rules and logging of both sudo and agent remote commands. Errors from either log should trigger.

Also this isn't just a Zabbix specific problem. I wouldn't allow any monitoring agent to be accessible from the Internet neither HP Operations Manager, Nagios, or anything else.

tnicholson
  • 36
  • 1
-3

Already use since 3.0 U can use encryption between server and agents or u can use Zabbix Proxy :) (Best practice for zabbix over Internet :) )

Mr.Pelovski
  • 21
  • 1
  • 3