Hi Michael,
On Thu, Aug 03, 2006 at 03:06:09PM +0200, Michael Ablassmeier wrote:
> it would be great if one of you could have a look at the zabbix server
> and zabbix agent sources (source package zabbix). Zabbix is an
> monitoring solution like nagios. The Server is there for collecting the
> data from the agents (even tho it also supports Active Checks, then the
> agent sends its data to the server). Im quite curious about how well the
> agent and server are implemented.
I've had a very quick look at zabbix. I should be doing lots
of other work, so maybe procrastination IS good for security ;-)
There are a number of basic but severe problems in the code. I'm
not sure where to send details that someone else could maybe
pick up and continue researching, so I'll send a quick list with
the problems I noticed privately. If someone has more time at
hand, I think zabbix would make a good audit target.
cheers,
Max
|
