Werk #3114: Linux and Windows agent can now encrypt their output
Component | Core & setup |
Title | Linux and Windows agent can now encrypt their output |
Date | Apr 5, 2016 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 1.4.0i1 1.5.0i1 |
Level | Prominent Change |
Class | New Feature |
Compatibility | Compatible - no manual interaction needed |
This feature can be configured through {{Host & Service Parameters|Access to agents|Encryption}}. When {{Encryption for Agents}} is set to {{enforce}} or {{enable}}, two things will happen:
LI:Baked Windows or Linux agents will be configured to encrypt their output LI:Check_mk will be configured to try to decrypt output from agents.
In case of {{enable}} it will also accept unencrypted output, in case of {{enforce}} it won't.
This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted.
All encryption happens with AES using 256 bit keys and CBC.
The new encryption feature is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.