783911 – RFE - create a "read-only" agent

Bug 783911 - RFE - create a "read-only" agent

Summary: RFE - create a "read-only" agent

Keywords:
Status:	NEW
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Agent
Sub Component:
Version:	4.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-01-23 08:35 UTC by vlad crc
Modified:	2024-03-04 13:35 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description vlad crc 2012-01-23 08:35:24 UTC

We propose to create the possibility to disable those parts of the agent which can do changes on the monitored platform. This is for preventing possible security issues.

See the discussion here:
https://community.jboss.org/message/647797#647797

Best regards,
Vlad Craciunoiu

Comment 1 Mike Foley 2012-01-23 16:17:22 UTC

per scrum 1/23/2012 crouch, loleary, mfoley

Comment 2 Costel C 2012-03-01 14:42:13 UTC

Hi, 

It seems a good idea to have a "read-only" agent.

The proposed solution (to disable the "write" features like Configuration and Provisioning and leave only "read" features like Monitoring) still has an issue: malicious code can be embedded in the monitoring part of the plugins. 

An idea would be to sign the plugin JAR. The agent will check the signature every time a plugin update is performed. The signature will guarantee that the plugins come only from a trusted source.

What do you think about this idea ?

Regards,
Costel

Note You need to log in before you can comment on or make changes to this bug.