We are actively developing the monitoringjobs receiver which schedules the execution of local host commands. We are concerned that this receiver introduces a potential security risk when combined with remote management. In order to control the risk, we need to add a OpAMP agent setting to enable the remote management of the monitoringjobs receiver(s).
Possible Implementations
Inspect ALLOW/DENY Remote Configuration
Update OpAMP agent extension to inspect received remote configuration contents
By default, reject remote configuration that contains one or more instances of the monitoringjobs receiver
Also reject remote configuration that contains one or more instances of the receivercreator receiver that manages one or more instances of the monitoringjobs receiver
Add a extension setting to allow the remote configuration of the monitoringjobs receiver
Consider denying the remote management of the receivercreator receiver altogether
portertech
commented
9 months ago
We are actively developing the monitoringjobs receiver which schedules the execution of local host commands. We are concerned that this receiver introduces a potential security risk when combined with remote management. In order to control the risk, we need to add a OpAMP agent setting to enable the remote management of the monitoringjobs receiver(s).
Possible Implementations
Inspect ALLOW/DENY Remote Configuration