How to Enhance the Security of Zabbix Agent

Network security

1. Agent Installation Method

Compile and install

2. Agent Operating Mode

Active mode

3.Configuration Parameters for Zabbix_agentd.conf in Active Mode

Server= # IP address of the Zabbix Server for passive mode connections. ServerActive= # IP address of the Zabbix Server for active mode connections. Enabling this parameter will automatically activate active mode; commenting it out will disable active mode. Hostname=Host-001 # In active mode, the hostname is used as the unique identifier for data processing by Zabbix Server. Hostname must be unique within Zabbix Server for active mode. Having multiple Zabbix Agents configured with the same hostname will lead to data storage confusion for active mode monitoring items under that hostname because, at different time intervals, it stores data from different Zabbix Agents. StartAgents=0 # Number of Agent processes for passive mode. If greater than 0, it will listen on port 10050. If only active mode is needed, it can be set to 0 to deactivate passive mode.

4. Disabling the Passive Mode Port 10050

If StartAgents is greater than 0, the Agent will listen on port 10050 for passive connections. Having an additional open port on the monitored server increases the attack surface. Therefore, when using active mode, it’s advisable not to start port 10050 and to consolidate ports. This way, it becomes harder to determine if the monitored server has the Agent installed through port scanning techniques. The main focus should be on securing the Zabbix Server in active mode.

Share this