Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 2128b21f06819963592d3e6633309ed5a2311fa3
https://github.com/tribe29/checkmk/commit/2128b21f06819963592d3e6633309ed5a…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2021-03-25 (Thu, 25 Mar 2021)
Changed paths:
M agents/check_mk_agent.linux
M cmk/core_helpers/tcp.py
M cmk/gui/plugins/wato/check_mk_configuration.py
M cmk/gui/valuespec.py
Log Message:
-----------
SUP-5036: Improve Linux agent encryption
- add random salt when encrypting
- use pbkdf2 key derivation function with 100000 iterations instead
of simple openssl key derivation algorithm
- Generate passphrase automatically on ruleset activcation and don't
make it accessible on the GUI.
- The passphrase now is a key suitable for usage as a 256bit AES key,
represented as hex string. However, we still use it in combination with
a key derivation function.
- Already existing keys will continue to work
- Clarify in Encryption rulespec that agent encryption will only work for
Linux and Windows.
Change-Id: I020d54dab12f67b4496cc78d171a9a6c99a39489