Red Hat Bugzilla – Bug 783911
RFE - create a "read-only" agent
Last modified: 2015-02-01 18:29:30 EST
We propose to create the possibility to disable those parts of the agent which can do changes on the monitored platform. This is for preventing possible security issues.
See the discussion here:
per scrum 1/23/2012 crouch, loleary, mfoley
It seems a good idea to have a "read-only" agent.
The proposed solution (to disable the "write" features like Configuration and Provisioning and leave only "read" features like Monitoring) still has an issue: malicious code can be embedded in the monitoring part of the plugins.
An idea would be to sign the plugin JAR. The agent will check the signature every time a plugin update is performed. The signature will guarantee that the plugins come only from a trusted source.
What do you think about this idea ?