Wir nutzen Cookies, um Ihnen eine optimale Nutzung dieser Webseite zu ermöglichen. Mehr Informationen finden Sie im Datenschutzhinweis. Wir nehmen an, dass Sie damit einverstanden sind, falls Sie diese Webseite weiter besuchen.

Ihre Cookie-Einstellungen
Ihre Einstellungen wurden aktualisiert.
Damit die Änderungen wirksam werden, löschen Sie bitte Ihre Browser-Cookies und den Cache und laden dann die Seite neu.

Werk #11400: Linux agent service: IP Access List support for systemd

KomponenteAgent Bakery
TitelLinux agent service: IP Access List support for systemd
Datum2020-08-20 11:36:39
Checkmk EditionCheckmk Enterprise Edition (CEE)
Checkmk Version2.0.0i1
LevelTrivial Change
KlasseNew Feature
KompatibilitätKompatibel - benötigt kein manuelles Eingreifen

Previously, an IP restriction for the access to the Checkmk agent, as configured in WATO ruleset "Allowed agent access via IP address", could only be realized with the help of an "only_from" entry at the xinetd service that is shipped with a baked agent package.

With this Werk, the restriction is also realizable via "IP Access Lists" for the Checkmk agent systemd service/socket. Depending on the configuration of the "Checkmk agent network service" WATO ruleset, a configured IP restriction will be realized activating either the systemd service/socket, or the xinetd service, with the systemd service/socket being the default.

There is no action needed to activate this new behavior.

The benefit of this change is, that you won't need to install xinetd any more to realize an IP restriction, but can rely on systemd, that is standard on most Linux distributions.

Note: The feature "IP Access Lists" is supported by systemd versions >= 235 only. The agent installation will check for a sufficient version and prevent the systemd service/socket from being activated, if the check fails. Depending on the "Checkmk agent network service" configuration, the installation will try to fall back to the xinetd service, see also Werk #10431.