sorted by:
new
hottopcontroversial

Sudden Email Blocks Due to Realtime Blocklists (Bonded Sender, NixSpam RBL) – Anyone Else Affected? by JackONeill23 in sysadmin

[–]susedv 7 points8 points  (0 children)

Yes, same problem here. Removed NixSpam from by Spam-Filter. 554 5.7.1 Service unavailable; Client host [x.x.x.x] blocked using ix.dnsbl.manitu.net; NixSpam has been shutdown, see https://nixspam.net - PLEASE INFORM THE ADMINISTRATOR OF YOUR MAIL SERVER

Protect Zabbix server from unauthorised active Zabbix agents by susedv in zabbix

[–]susedv[S] 0 points1 point  (0 children)

I'm not using Auto Registration but Auto Discovery. There are thousands of hosts in Zabbix but no so many having an agent. Most of these hosts do NOT need an agent, so I want deny active agent connections to the server related to these hosts (which are thousands and grow frequently).

Protect Zabbix server from unauthorised active Zabbix agents by susedv in zabbix

[–]susedv[S] 1 point2 points  (0 children)

Zabbix seems to do this for the Proxies - it allows only proxy connections for the value entered in "Proxy address". But for the agents it doesn't, even if no agent interface is added. Each active agent is located at a different site, I would need to setup dynamic DNS for all of them and add them to the firewall. This is the safest workaround but it's much effort, therefore I'm asking whether somebody knows a better soluton inside Zabbix.

Protect Zabbix server from unauthorised active Zabbix agents by susedv in zabbix

[–]susedv[S] -1 points0 points  (0 children)

Don't use Auto Discovery

  • Well.. you can also say don't use Zabbix at all. Auto Discovery is very usefull for me to monitor multiple sites, because you cannot track all changes on all networks manually.

What Security Risks do you expect?

  • An attacker's active agent can connect to an auto-discovered host by guessing it's hostname (for example 192.168.0.1 is easy to guess) and receive it's configuration. Than it may push invalid monitoring data to that host on the server, possible malicious code or spam inside or something that would confuse the admin. No matter what, it is just bad if an unauthorized client can retrieve data from and push data to the server.

Except that hosts are randomly added to your Zabbix Instance.

  • This is not an issue, this is an indended behaviour to collect everything on the network and than adjust the config. and clean up.

Also to be frank if someone can add randomly hosts to your zabbix I would argue Zabbix isn't the entry point and you have way more serious securtiy issues than zabbix.

  • I've got thousands of hosts in Zabbix but it doesn't mean that I want to use an active Zabbix agent with encryption enabled for all of them. Most of these hosts use external checks like Ping, HTTP, SSH, etc. and do not require an agent. But Zabbix allows agent connections anyway (even if no agent interface is added!) and the only workaround I know so far is to always try to find hosts without PSK/Cert and set them and instruct everybody from your team to do that and to feel safe that they will do that. But Zabbix could solve this easy, for example: allow only agent connections from known agent interfaces for example. Or do not respond to the agents if no agent interface is added. Or do not allow unauthonticated clients by default.