h4llm3n
commented
11 months ago Hi! Can't confirm that issue here. And the port should be 6556, not 5665. Maybe you want to check your WAN rules and also the auto generated one here.
Open Pr1mEzz opened 11 months ago
h4llm3n
commented
11 months ago Hi! Can't confirm that issue here. And the port should be 6556, not 5665. Maybe you want to check your WAN rules and also the auto generated one here.
thorstenspille
commented
7 months ago Hi, if your firewall ruleset is configured properly, incoming packages on the WAN interface will be dropped. You can ignore the CVE, this is an unoffical agent and we are using other version numbers. The dependencies are also others, than the official checkmk agent and t's using the python3 system interpreter of the opnsense, do for dependencies just check the known vulnerabilities for opnsense.
Hello,
yesterday we had a Vulnerability Testing and we found an Information Disclosure in our Agent Config.
The Agent is listening AND answering any requests at our WAN-Interfaces/IP's with any informations the agent is gathering. (you can check ist with "telnet ip port") Worryingly, the port is not even open in the firewall policys.
Today we helped us with one workaround. In /usr/local/etc/checkmk.conf we added the CheckMK-IPs:
onlyfrom: our ipaddresses, comma seperatedSo the Output with telnet after starting and stopping the agent is now:
Is there anyway to configure listen interfaces or IP-Adresses so that the Agentport is not open at all Interfaces?
Thanks in Advance