Werk #3114: Linux and Windows agent can now encrypt their output
Komponente | Core & setup | ||||
Titel | Linux and Windows agent can now encrypt their output | ||||
Datum | 05.04.2016 | ||||
Level | Bedeutende Änderung | ||||
Klasse | Neues Feature | ||||
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen | ||||
Checkmk versions & editions |
|
This feature can be configured through {{Host & Service Parameters|Access to agents|Encryption}}. When {{Encryption for Agents}} is set to {{enforce}} or {{enable}}, two things will happen:
LI:Baked Windows or Linux agents will be configured to encrypt their output LI:Check_mk will be configured to try to decrypt output from agents.
In case of {{enable}} it will also accept unencrypted output, in case of {{enforce}} it won't.
This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted.
All encryption happens with AES using 256 bit keys and CBC.
The new encryption feature is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.