tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7347 from Icinga/feature/docs-tls-security 

Docs: Improve security chapters
This commit is contained in:
Michael Friedrich 2019-07-22 15:57:38 +02:00 committed by GitHub
parent b71ec527ac eef26ccc33
commit 8ca78f0aca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/06-distributed-monitoring.md
View File

@ -173,8 +173,10 @@ While there are certain mechanisms to ensure a secure communication between all
nodes (firewalls, policies, software hardening, etc.), Icinga 2 also provides nodes (firewalls, policies, software hardening, etc.), Icinga 2 also provides
additional security: additional security:
* TLS/SSL certificates are mandatory for communication between nodes. The CLI commands * TLS v1.2+ is required.
help you create those certificates. * TLS cipher lists are hardened [by default](09-object-types.md#objecttype-apilistener).
* TLS certificates are mandatory for communication between nodes. The CLI command wizards
help you create these certificates.
* Child zones only receive updates (check results, commands, etc.) for their configured objects. * Child zones only receive updates (check results, commands, etc.) for their configured objects.
* Child zones are not allowed to push configuration updates to parent zones. * Child zones are not allowed to push configuration updates to parent zones.
* Zones cannot interfere with other zones and influence each other. Each checkable host or service object is assigned to **one zone** only. * Zones cannot interfere with other zones and influence each other. Each checkable host or service object is assigned to **one zone** only.

7
doc/12-icinga2-api.md
View File

@ -154,6 +154,13 @@ was malformed.
A status in the range of 500 generally means that there was a server-side problem A status in the range of 500 generally means that there was a server-side problem
and Icinga 2 is unable to process your request. and Icinga 2 is unable to process your request.
### Security <a id="icinga2-api-security"></a>
* HTTPS only.
* TLS v1.2+ is required.
* TLS cipher lists are hardened [by default](09-object-types.md#objecttype-apilistener).
* Authentication is [required](12-icinga2-api.md#icinga2-api-authentication).
### Authentication <a id="icinga2-api-authentication"></a> ### Authentication <a id="icinga2-api-authentication"></a>
There are two different ways for authenticating against the Icinga 2 API: There are two different ways for authenticating against the Icinga 2 API: