Patrik Uytterhoeven - Hardening Zabbix

•

5 likes•1,991 views

A short talk about SELinux configuration for Zabbix Many people just disable SELinux because they don't know how to use it In this talk Patrik Uytterhoeven will cover the basics of SELinux configuration with Zabbix, common pitfalls and solutions to problems, and explain why we need it to keep Zabbix secure. Zabbix Conference 2015

Technology

Who am I
● Name: Patrik Uytterhoeven
● Company: Open-Future
● Job: Open-Source Consultant
● Author: Zabbix Cookbook

Why This Talk ?
● Too many guides on the internet saying: ignore
SELinux
● People ignore to check there distro for updates
● Lazy SYSadmins (sometimes not bad :-) )

What can we do to improve Security
● Configure Apache, Nginx, … to make use of
HTTPS instead of HTTP
● Do not connect to the internet ( use vpn ! )
● Disable the GUEST user !
● Enable and configure SELinux
● Check for security updates on your OS.
(remember hearthbleed,Ghost, … )

Wrong ideas about SELinux
● SELinux is too difficult to configure . It is easier
to disable.
● Some people think it has NSA backdoors
because it is developed by the NSA.

The Truth
● SELinux is developed to protect us. Adding a
backdoor would also put American companies
at risk.
● The Kernel code is free available. Feel free to
have a look and let me know if you can find
some backdoor …
● SELinux was difficult to use but has been
improved over the years. Since RedHat 6
SELinux is very easy to debug. No excuse to
not use it anymore.

How to Activate SELinux ?
● Check the SELinux status with: getenforce
● This should return “Enforcing”
● Edit SELinux Config: /etc/selinux/config
● SELINUX=enforcing
● Run “setenforce 1”

Some SELinux Settings for Zabbix
● On the Agent Side
● setsebool -P zabbix_can_network 1
● On the Server Side
● setsebool -P httpd_can_network_connect on
● setsebool -P httpd_can_network_connect_db on
● getsebool -a “This will list all booleans”

More Advanced troubleshooting
Fping will always return 0 in Zabbix with SELinux
active. How to resolve this ?
Install setroubleshoot-server package:
● Yum install setroubleshoot-server
Run sealert
● sealert -a /var/log/audit/audit.log to check the errors in
selinux. (-a is the option to analyze the file )
SELinux will try to propose a solution when
possible

Solutions
● Run “setenforce 0” temporary to test if SELinux is blocking
access.
● Check /var/log/messages
● Make use of sealert
● Ls -Z (to see selinux context of files)
● restorecon
● will restore the original context.
● chcon --reference <source> <destination>
● To copy context from source to destination

Now that you know more about
SeLinux
I hope that you will not disable it anymore.
This Zabbix extension will check if SELinux is
active and if there are any security updates
available on your rhel 6/7 system
● https://github.com/Open-Future-Belgium/zabbix
/tree/master/check-yum-updates
● https://share.zabbix.com/operating-
systems/redhat-centos/check-yum-updates

More from Zabbix

Zabbix API offers us a lot of power and possibilities. We will talk about automation and integrations at scale, at Globo.com. Automating gives us power to clone instances of Zabbix, perform batch operations, manage MANY networks for discovery and more. We will present our layer of abstraction to API, democratizing API access, offering a nice UI and standards for every new service monitored and few cached responses. Also, we will show how we have integrated with CloudStack, to deliver automated private cloud monitoring into Zabbix.

Zabbix Conference LatAm 2016 - Filipe Paternot - Zbx@Globo Automation+Integra...

Zabbix

Zabbix Conference LatAm 2016 - Douglas Esteves - Zabbix at UNICAMP

Zabbix

Ryan will describe a Skunkworks project executed by Kinetic IT at the Department of Education to deliver an autonomous infrastructure monitoring solution for over 6000 devices distributed across WA. The team were given opportunity to experiment with DevOps practices such as Scrum product development, Infrastructure As Code and Continuous Integration to determine where the value lay and which practices should be adopted at greater scale.

Ryan Armstrong - Monitoring More Than 6000 Devices in Zabbix | ZabConf2016

Zabbix

A case study showing the problems we have resolved with Zabbix and the challenges we had when we implemented Zabbix as the main monitoring tool at the University of Oslo. The number of challenges is not low in an organization as heterogenous as ours, with many thousands of servers and clients, all kinds of devices connected to our infrastructure, different operating systems, multiple locations and hundreds of IT staff. Full automation and delegation of privileges are the key words in the work we have done during the past year and a half.

Rafael Martinez Guerrero - Zabbix at the University of Oslo | ZabConf2016

Zabbix

Zabbix is an excellent tool to do network monitoring and to alert if something bad happens. But Zabbix can do more. An underestimated feature of Zabbix is its ability to perform actions in addition to simple notifications. However, this requires to precisly setup those actions within zabbix, which is not always an easy task and might duplicate existing work. So what if Zabbix actually worked in concert with an external taskrunner / jobscheduler that is build to do exactly this: run a task or action against a host and report its outcome? Zabbix would perform the same well defined steps that an ops member would perform in case of certain failures using this kind of tool. A well know example of this kind of software is "Rundeck" which is licensed under the Apache License Version 2.0.

Wolfgang Alper - Zabbix Meets OPS Control / Rundeck | ZabConf2016

Zabbix

Wolfgang Alper - Zabbix Meets OPS Control / Rundeck | ZabConf2016

Zabbix

With global shift towards flexibility of cloud there are different demands on monitoring availability and performance of applications provided in the cloud. There are obvious limitations in accessing components of app hosted by third party run outside of internal environment. Same time there are opportunities of using vendor API and status page. In Salesforce, one of the most innovative company in the world by Forbes and one of the biggest cloud service provider, we understand the need of customer to be able to see in real time availability and performance of cloud application. In the following presentation we're going to list and describe multiple ways of monitoring cloud apps. Some of the methods are: building in web monitoring using Curl, web browser automation tools like Selenium, external scripts (reading vendor status dashboard) and API calls to the app.

Sumit Goel - Monitoring Cloud Applications Using Zabbix | ZabConf2016

Zabbix

We will explore a fairly complicated Zabbix environment at one division in Nokia. Having several different Zabbix versions in use and a lot of custom products monitored, it is a place one can get lost in easily. We'll discuss JMX monitoring, approaches to keep notification configuration simple and notifications useful, different usecases for the Zabbix API and a lot of other topics. The importance of the SSL compliance will be covered along with some of the many ways custom solutions are monitored.

Rihards Olups - Zabbix at Nokia - Case Study

Zabbix

Zabbix monitoring solution can help bring balance to your organisation's IT landscape. However, the success greatly depends on the templates you use to setup your monitoring system. As any Zabbix veteran will tell you, the default templates don't really suffice for any setup other than a proof-of-concept. How then do you set about creating your own templates? Following practical examples, we'll discuss some of the design decisions that need to be made to achieve template perfection.

Raymond Kuiper - Zen and The Art of Zabbix Template Design | ZabConf2016

Zabbix

Dimitri Bellini and Pietro Antonacci - Manage Zabbix Proxies in Remote Networ...

Zabbix

Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016

Zabbix

For the last two years I've been working in Cambridge (US) in Novartis Institute for Biomedical Research (NIBR) on a project related to a support of HPC cluster infrastructure and users. We're using Zabbix for HPC cluster monitoring (more than 1000 nodes, 10000+ cores, GPU cores, etc). In this presentation we will cover interesting use cases of Zabbix for HPC cluster, as it's not a regular infrastructure monitoring. We will talk about some challenges we have in HPC monitoring, how Zabbix helps us to work with scientists as well as present some solutions, which might be interesting for Zabbix community.

Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016

Zabbix

Datasys ELISA log management is robust, powerful, yet inexpensive solution for collection, correlation and analysis of logs. Core system consists of the Elasticsearch “noSQL“ database and the web user interface Kibana, which provides high comfort for analysis of detected security incidents and relevant logs. It is common that the database ElasticSearch is distributed to multiple servers to achieve load balancing and high availability of indexed data. ELISA heavily utilizes ZABBIX for user authentication and role based access control, notifications and self-monitoring. Elasticsearch Indices can be managed right in ZABBIX Frontend. ZABBIX "trapper" items and monitoring templates are used to centrally manage configuration of distributed environment of NXlog agents. Agents are capable to securely auto-register as ZABBIX "hosts".

Lukáš Malý - Log management ELISA controlled by Zabbix | ZabConf2016

Zabbix

During outages on 10k+ hosts environment, NOC and Operations teams may face hundreds of alerts in order to perform root cause analysis, remediation or escalation, meanwhile logging resolution progress to Incident Management system for audit purposes. This presentation will describe RingCentral approach to Incident and Problem Management in large Zabbix monitored cloud. Co-authors of the presentation: Dmitry Shchemelinin, Ph.D., Sr. Director of Operations, RingCentral, USA.

Konstantin Yakovlev - Event Analysis Toolset | ZabConf2016

Zabbix

Oleg Ivanivskyi - Lessons Learned While Being On-Site | ZabConf2016

Zabbix

Ingus Vilnis - Benefits of Zabbix Training | ZabConf2016

Zabbix

Alexei Vladishev - Opening Speech | ZabConf2016

Zabbix

Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016

Zabbix

Large Environments rely on TroubleTicket tool and HelpDesk for managing IT issues. Bridging Zabbix with over 5000 servers and HelpDesk manually is a painful and impossible project. In this presentation we will cover how we may integrate Zabbix with HelpDesk, the architecture and what are the issues specially in Large Environments. As an example, we will cover the case study of Zabbix - ServiceNow integration, as it was developped for SwissLife and released as OpenSource.

Alain Ganuchaud - Trouble Ticket Integration with Zabbix in Large Environment...

Zabbix

Rihards Olups - Zabbix log management

Zabbix

More from Zabbix (20)

Zabbix Conference LatAm 2016 - Filipe Paternot - Zbx@Globo Automation+Integra...

Zabbix Conference LatAm 2016 - Douglas Esteves - Zabbix at UNICAMP

Ryan Armstrong - Monitoring More Than 6000 Devices in Zabbix | ZabConf2016

Rafael Martinez Guerrero - Zabbix at the University of Oslo | ZabConf2016

Wolfgang Alper - Zabbix Meets OPS Control / Rundeck | ZabConf2016

Sumit Goel - Monitoring Cloud Applications Using Zabbix | ZabConf2016

Rihards Olups - Zabbix at Nokia - Case Study

Raymond Kuiper - Zen and The Art of Zabbix Template Design | ZabConf2016

Dimitri Bellini and Pietro Antonacci - Manage Zabbix Proxies in Remote Networ...

Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016

Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016

Lukáš Malý - Log management ELISA controlled by Zabbix | ZabConf2016

Konstantin Yakovlev - Event Analysis Toolset | ZabConf2016

Oleg Ivanivskyi - Lessons Learned While Being On-Site | ZabConf2016

Ingus Vilnis - Benefits of Zabbix Training | ZabConf2016

Alexei Vladishev - Opening Speech | ZabConf2016

Alexander Naydenko - Nagios to Zabbix Migration | ZabConf2016

Alain Ganuchaud - Trouble Ticket Integration with Zabbix in Large Environment...

Rihards Olups - Zabbix log management

Recently uploaded

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Scaling API-first – The story of a global engineering organization

Radu Cotescu

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Real Time Object Detection Using Open CV

Khem

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Automating Google Workspace (GWS) & more with Apps Script

Finology Group – Insurtech Innovation Award 2024

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

A Year of the Servo Reboot: Where Are We Now?

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

HTML Injection Attacks: Impact and Mitigation Strategies

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Data Cloud, More than a CDP by Matt Robison

How to Troubleshoot Apps for the Modern Connected Worker

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Strategies for Landing an Oracle DBA Job as a Fresher

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Scaling API-first – The story of a global engineering organization

AWS Community Day CPH - Three problems of Terraform

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Real Time Object Detection Using Open CV

Axa Assurance Maroc - Insurer Innovation Award 2024

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Patrik Uytterhoeven - Hardening Zabbix

1. Zabbix Conference 2015 Hardening Zabbix

2. Who am I ● Name: Patrik Uytterhoeven ● Company: Open-Future ● Job: Open-Source Consultant ● Author: Zabbix Cookbook

3. Why This Talk ? ● Too many guides on the internet saying: ignore SELinux ● People ignore to check there distro for updates ● Lazy SYSadmins (sometimes not bad :-) )

4. What can we do to improve Security ● Configure Apache, Nginx, … to make use of HTTPS instead of HTTP ● Do not connect to the internet ( use vpn ! ) ● Disable the GUEST user ! ● Enable and configure SELinux ● Check for security updates on your OS. (remember hearthbleed,Ghost, … )

5. Wrong ideas about SELinux ● SELinux is too difficult to configure . It is easier to disable. ● Some people think it has NSA backdoors because it is developed by the NSA.

6. The Truth ● SELinux is developed to protect us. Adding a backdoor would also put American companies at risk. ● The Kernel code is free available. Feel free to have a look and let me know if you can find some backdoor … ● SELinux was difficult to use but has been improved over the years. Since RedHat 6 SELinux is very easy to debug. No excuse to not use it anymore.

7. How to Activate SELinux ? ● Check the SELinux status with: getenforce ● This should return “Enforcing” ● Edit SELinux Config: /etc/selinux/config ● SELINUX=enforcing ● Run “setenforce 1”

8. Some SELinux Settings for Zabbix ● On the Agent Side ● setsebool -P zabbix_can_network 1 ● On the Server Side ● setsebool -P httpd_can_network_connect on ● setsebool -P httpd_can_network_connect_db on ● getsebool -a “This will list all booleans”

9. More Advanced troubleshooting Fping will always return 0 in Zabbix with SELinux active. How to resolve this ? Install setroubleshoot-server package: ● Yum install setroubleshoot-server Run sealert ● sealert -a /var/log/audit/audit.log to check the errors in selinux. (-a is the option to analyze the file ) SELinux will try to propose a solution when possible

10. fping example

11. Solutions ● Run “setenforce 0” temporary to test if SELinux is blocking access. ● Check /var/log/messages ● Make use of sealert ● Ls -Z (to see selinux context of files) ● restorecon ● will restore the original context. ● chcon --reference <source> <destination> ● To copy context from source to destination

12. Now that you know more about SeLinux I hope that you will not disable it anymore. This Zabbix extension will check if SELinux is active and if there are any security updates available on your rhel 6/7 system ● https://github.com/Open-Future-Belgium/zabbix /tree/master/check-yum-updates ● https://share.zabbix.com/operating- systems/redhat-centos/check-yum-updates

13. Thank You for you time. Questions ?

Patrik Uytterhoeven - Hardening Zabbix

Recommended

Recommended

More Related Content

More from Zabbix

More from Zabbix (20)

Recently uploaded

Recently uploaded (20)

Patrik Uytterhoeven - Hardening Zabbix