Werk #3114: Linux and Windows agent can now encrypt their output
Komponente | Core & setup |
Titel | Linux and Windows agent can now encrypt their output |
Datum | 05.04.2016 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 1.4.0i1 1.5.0i1 |
Level | Bedeutende Änderung |
Klasse | Neues Feature |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
This feature can be configured through {{Host & Service Parameters|Access to agents|Encryption}}. When {{Encryption for Agents}} is set to {{enforce}} or {{enable}}, two things will happen:
LI:Baked Windows or Linux agents will be configured to encrypt their output LI:Check_mk will be configured to try to decrypt output from agents.
In case of {{enable}} it will also accept unencrypted output, in case of {{enforce}} it won't.
This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted.
All encryption happens with AES using 256 bit keys and CBC.
The new encryption feature is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.