ThomasKaiser / Check_MK

Some Check_MK tweaks
GNU General Public License v2.0
27 stars 9 forks source link

[Question] Only allow output for specified IPs? #1

Closed Erikmitk closed 4 years ago

Erikmitk commented 4 years ago

First of all thank you for this repo! It helped me to get the check_mk agent running on a macMini. 👍

Do you know any way to restrict the output of the agent to specified IP addresses? My goal is to only allow the check_mk-server to harvest the information about the system. When installing the agent on Windows/Linux there are additional configuration files where this is an option. I couldn't find a way to add this kind of restriction to the .plist of the daemon though.

ThomasKaiser commented 4 years ago

Not that I know of. If you are concerned in this area I would suggest switching to SSH instead. By utilizing ssh-copy-id as the monitoring user on the check_mk server, using a sudo enabled user on the Mini and then adjusting the authorized_keys file similar to this:

command="/usr/local/bin/check_mk_agent" ssh-ed25519 $key $check_mk-user@$check_mk-server
ThomasKaiser commented 4 years ago

https://hope-this-helps.de/serendipity/archives/Check_MK-Agent-ueber-SSH-Verbindung-562.html