[checkmk-commits] [tribe29/checkmk] 2128b2: SUP-5036: Improve Linux agent encryption

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 2128b21f06819963592d3e6633309ed5a2311fa3 https://github.com/tribe29/checkmk/commit/2128b21f06819963592d3e6633309ed5a… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2021-03-25 (Thu, 25 Mar 2021) Changed paths: M agents/check_mk_agent.linux M cmk/core_helpers/tcp.py M cmk/gui/plugins/wato/check_mk_configuration.py M cmk/gui/valuespec.py Log Message: ----------- SUP-5036: Improve Linux agent encryption - add random salt when encrypting - use pbkdf2 key derivation function with 100000 iterations instead of simple openssl key derivation algorithm - Generate passphrase automatically on ruleset activcation and don't make it accessible on the GUI. - The passphrase now is a key suitable for usage as a 256bit AES key, represented as hex string. However, we still use it in combination with a key derivation function. - Already existing keys will continue to work - Clarify in Encryption rulespec that agent encryption will only work for Linux and Windows. Change-Id: I020d54dab12f67b4496cc78d171a9a6c99a39489