See www.zabbix.com for the official Zabbix site.

Acknowledge via sms

From Zabbix.org
Jump to: navigation, search

Technical draft how to acknowledge events via SMS

Purpose

Acknowledge events by reacting to Zabbix notifications via SMS or other means, where a reverse channel exists, but visiting the frontend is not an option

Concept

  • Establish some reverse channel for SMS

We'll assume incoming SMS arrive as e-mails from the remote gateway and seem to come from <caller-id>@remote-gateway.example.com.

  • Set up your actions to include the eventid
  • Have people respond on their phone in a comfortable way that includes the eventid
  • Use your MTA or mailproc to trigger a script on arrival of such an e-mail:

Using the Zabbix API and a super-admin's credentials, do the following lookups:

   Is there a user with that caller id?
   Is there an event with the given eventid, is it not resolved or acknowledged yet and less than x hours old?
   Is the user, belonging to that caller id, allowed to access that host?
   If all matches: Acknowledge the event, including something like "<user>: Acknowledged via SMS." Bear in mind, it's the super-admin actually acknowledging it.
   Notify the sender that acknowledging worked or failed

Discussion

Possible abuse from 3rd party

Incoming e-mails must be verified as actually coming from the remote gateway.

If not readable in transit, an attacker would have to guess the following:

  • Phone number used to send messages from remote gateway
  • Phone number of an employee
  • Syntax of the message
  • A valid eventid that matches all conditions the script is testing for

That's close to impossible. Additionally, the number of incoming acknowledgement messages could be monitored to detect abuse.

Possible abuse from employees

If a user tried to acknowledge an event for a host he has no permission to, he'd also have to fake another user's caller id. That seems unlikely.