[2.3.0] Checkmk Werk 15197 created: Improve Symmetric Agent Encryption on Linux

Title: Improve Symmetric Agent Encryption on Linux Class: feature Compatible: compat Component: checks Date: 1702055121 Edition: cre Level: 1 Version: 2.3.0b1 This Werk improves the agent's built-in symmetric encryption for Linux hosts. The new encryption scheme adds authentication of the encrypted data and improves the method used to derive cryptographic key material from the shared secret configured in the rule. To use the new encryption scheme, OpenSSL >= 1.0.0, better OpenSSL >= 1.1.1, must be available on the host. For testing and debugging purposes, a bash script to decrypt the agent's output can be found in the Checkmk repository under `doc/treasures/agent_legacy_encryption/decrypt.sh`. Older encryption schemes can still be decrypted by the Checkmk site. **Important disclaimers:** If the Agent Controller with TLS encryption is available, use that instead. The build-in symmetric encryption should only be used if TLS is not available. Moreover, there is no advantage in using both. Disable the symmetric encryption if you can use TLS. The security of this encryption scheme strongly depends on the security of the shared secret configured in the rule. Use a long, random secret.