How to secure the Icinga For Windows API?
I wanted to set it up like in the Icinga for Windows without an Icinga 2 agent post but then the API can be queried anonymously from any computer.
Did I do that wrong or is that really the case?
You can adapt the firewall rule:
New-NetFirewallRule -DisplayName IfwApi -Direction Inbound -Protocol TCP -LocalPort 5668 -Action Allow -RemoteAddress IpOfMonitoringMaster
There is also the possibility to use basic auth using a domain user / local user but this breaks the icinga2 execution since icinga2 is not aware of these credentials
1 Like
Hello @moreamazingnick,
Thank you for your suggested solution!
I like the idea of using only the Icinga PowerShell service as an agent, but as long as there is no proper authentication I will probably use the agent + PowerShell service.