Werk #3114: Linux and Windows agent can now encrypt their output

Component Core & setup
Title Linux and Windows agent can now encrypt their output
Date Apr 5, 2016
Checkmk Edition Checkmk Raw (CRE)
Checkmk Version 1.4.0i1 1.5.0i1
Level Prominent Change
Class New Feature
Compatibility Compatible - no manual interaction needed

This feature can be configured through {{Host & Service Parameters|Access to agents|Encryption}}. When {{Encryption for Agents}} is set to {{enforce}} or {{enable}}, two things will happen:

LI:Baked Windows or Linux agents will be configured to encrypt their output LI:Check_mk will be configured to try to decrypt output from agents.

In case of {{enable}} it will also accept unencrypted output, in case of {{enforce}} it won't.

This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted.

All encryption happens with AES using 256 bit keys and CBC.

The new encryption feature is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.

To the list of all Werks