Werk #3114: Linux and Windows agent can now encrypt their output
| Component | Core & setup | ||||
| Title | Linux and Windows agent can now encrypt their output | ||||
| Date | Apr 5, 2016 | ||||
| Level | Prominent Change | ||||
| Class | New Feature | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
This feature can be configured through {{Host & Service Parameters|Access to agents|Encryption}}. When {{Encryption for Agents}} is set to {{enforce}} or {{enable}}, two things will happen:
LI:Baked Windows or Linux agents will be configured to encrypt their output LI:Check_mk will be configured to try to decrypt output from agents.
In case of {{enable}} it will also accept unencrypted output, in case of {{enforce}} it won't.
This change also affects real-time updates as these were already encrypted. The passphrase configured for real-time updates will now only serve as a default, agents with "Encryption" configured will use the same passphrase for rt and regular updates. Finally, it is now also possible to configure real-time updates to be unencrypted.
All encryption happens with AES using 256 bit keys and CBC.
The new encryption feature is completely optional, the default behaviour for everything (including real-time updates) is compatible with previous versions.