��Ĳ�

Table of Contents

????? ????? ??????? ?????? ��Ĳ� ???????

????? ????? ??????? ?????? ��Ĳ� ???????

????? ?????

???? ?? ???? ????? ????? ??????? ??? ?????? ?? ?? ???? ?? ��Ĳ� ????? ???????.

?????? ???????? ??? ???? ?????? ?????? ?? ??????. ?? ??????? ?????? ???? ???? ?? ??????.

???? ????

????? ???????? ???????

?? ?????? ?????? ???????? ????? ??? ?? ???? ��Ĳ�. ?????? ?? ???? ???????? ????? (????? ��Ĳ�) ?? ?????? ?????? (???? ???/?????? ?? ��Ĳ� ?? ?????) ?? ?? ?? ??????? ???? ??????? ?????? ????????? ????????. ?????? ?????, ????? ??????? ?????? ????? ??? ?? ?? ??? ????? ??????.

::: ???? ?? ???? ??? ?????? ?????? ?????? 'zabbix' ???? ????? ?? ???? ????? ????? ????? ?????? ??????? ???? ?? ?????? ?????? ?? ??????. :::

??? ????? ?????? ??????? ??????? ???? ??????? ?????, ��Ĳ� ????? ????? ????? ?? ???? ??????. ???? ????? ?? ???? ????? "?????". ???? ?? ???? ?????? ???? ???? ?????? "???? ?????", ?? ?? ?????? ????? ???????? ????? ????? ?????? ???????? ??????? ?????.

??? ?????? ???? ?? ???? ??????? ????? ??????. ??????, ???? ????? �� ???????? ???? ???? ???? ????? ????? ??, ???????? ???? ?????? ?????? ?? ??? ??????? ��Ĳ� API. ????? ?????? ?????? ??? ????? ?????? ?? ?????? ????? (??? ?????? ???? ???') ??? ?????? ????? ?? ???? ???? ???? ????? ???????.

????? ?????? ????? ��Ĳ�

?????? ????? ?????, ???? ��Ĳ� ???? ��Ĳ� ????? ��Ĳ� ??? ????? 'zabbix' ???. ?? ??? ???? ????? ?????? ?? ???? ???? ?????? ?????? ?????? ???? (???? ??????? ???? ?????? ????), ?? ?????? ?? ????? ?????? ???:

??? ????? ??????
???? ????? ?? ????? ????? file (????? '?????')
???? ???? ?? ????? ?? ?????? ????. ?????? ???? ??? ?????? ?????.

??? ???? ????? ????? ????? SSL ?-Windows

???? ��Ĳ� Windows ???????? ?? OpenSSL ???? ????? ?-SSL ???? ????? ?-c:\openssl-64bit. ?????? "openssl-64bit". ????? C: ???? ????? ?? ??? ??????? ????? ??????.

?? ?????? ?????, ?? ???? ????? ?? ??????? ??? ????? ???? ????? ???? ????? ???????? ????? ????? ?????.

??? ?? ????? ??????? ???? ????? ?-32 ?????? ? ?????? 64 ?????? ?? Windows.

???????????

????? SSL ???? ???? ��Ĳ�

?-RHEL, ???? ?? ????? mod_ssl:

 dnf ?????? mod_ssl

??? ?????? ???? ?????? SSL:

 mkdir -p /etc/httpd/ssl/private
        chmod 700 /etc/httpd/ssl/private

??? ????? SSL:

 openssl req -x509 -????? -???? 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/private/apache-selfsigned.key -out /etc/httpd/ssl/apache-selfsigned.crt

??? ?? ??????? ?????. ????? ?????? ????? ??? ?? ????? ?? ??? ??????. ??? ???? ????? ?? ?? ??????? ??? ???? ????? ????? ???? ???. ??? ???? ????? ?? ?-IP ??????? ????? ????? ??? ?? ??? ?? ?? ??????. ????? ????? example.com ????? ??.

 ?? ????? (??? 2 ??????) [XX]:
        ?? ?????? ?? ????? (?? ???) []:
        ?? ????? (????, ???) [??? ????? ????]:
        ?? ?????? (????, ????) [Default Company Ltd]:
        ?? ?????? ???????? (????, ????) []:
        ?? ????? (????, ??? ??? ?? ?? ????? ?? ???? ???) []:example.com
        ????? ???"? []:

???? ????? Apache SSL:

 /etc/httpd/conf.d/ssl.conf
       
        DocumentRoot "/usr/share/zabbix"
        ServerName example.com:443
        SSLCertificateFile /etc/httpd/ssl/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/httpd/ssl/private/apache-selfsigned.key

???? ???? ?? ????? Apache ??? ????? ?? ????????:

 systemctl ???? ???? ?? httpd.service

?????? ??? ????????

????? ��Ĳ� ??????? ????? ?? ????? ????

???? ???? ???????? ?????? Apache ????? ????? ????? ???? ???? ???? ?????? ��Ĳ� SSL. ?? ???? ?????? example.com ?? ??? ?????? ?? ????.

 /etc/httpd/conf/httpd.conf
       
        #???? ?????
       
        <VirtualHost *:*>
            ServerName example.com
            ????? ????? / https://example.com
        </VirtualHost>

???? ???? ?? ????? Apache ??? ????? ?? ????????:

 systemctl ???? ???? ?? httpd.service

????? HTTP Strict Transport Security (HSTS) ???? ????????

??? ???? ?? ????? ?? ��Ĳ� ???? ?????? ????? ????? ?? ????????, ????? ????? ????? ??????? ???? ????????.

??????, ??? ?????? ?? ??????? HSTS ???? ???? ?-Zabix ??? ?-Apache ????????:

 /etc/httpd/conf/httpd.conf

???? ?? ?????? ???? ?????? ????? ?????????? ???:

 <VirtualHost *:443>
           ???? ?????? Strict-Transport-Security "max-age=31536000"
        </VirtualHost>

???? ???? ?? ????? Apache ??? ????? ?? ????????:

 systemctl ???? ???? ?? httpd.service

Enabling Content Security Policy (CSP) on the web server

To protect ��Ĳ� frontend against Cross Site Scripting (XSS), data injection, and similar attacks, we recommend enabling Content Security Policy on the web server. To do so, configure the web server to return the .

The following CSP header configuration is only for the default ��Ĳ� frontend installation and for cases when all content originates from the site's domain (excluding subdomains). A different CSP header configuration may be required if you are, for example, configuring the URL widget to display content from the site's subdomains or external domains, switching from OpenStreetMap to another map engine, or adding external CSS or widgets.

To enable CSP for your ��Ĳ� frontend in Apache configuration, follow these steps:

1. Locate your virtual host's configuration file:

/etc/httpd/conf/httpd.conf on RHEL-based systems
/etc/apache2/sites-available/000-default.conf on Debian/Ubuntu

2. Add the following directive to your virtual host's configuration file:

<VirtualHost *:*>
           Header set Content-Security-Policy: "default-src 'self' *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: *.openstreetmap.org; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self';"
       </VirtualHost>

3. Restart the Apache service to apply the changes:

# On RHEL-based systems:
       systemctl restart httpd.service
       
       # On Debian/Ubuntu
       systemctl restart apache2.service

????? ????? ????? ?? ??? ????????

????? ?????? ?? ?? ??????? ?? ??? ???????? ???? ??- ????? ????? ??? ????????. ??? ???????? ???? ????? ????? ?????? ????:

???? ?????? ?? ?????? ?? ??? ????? ??? ????? ????'? (?????? ? ?????) ???? ?????:

 ????? ??? ?????
        ServerTokens Prod

???? ?????? ?? ????? PHP (????? X-Powered-By HTTP) ?? ??? ????? ?- ???? ?????? php.ini (?????? ?????? ?????? ????):

 expose_php = ????

????? ????? ???? ?? ??? ???????? ??? ????? ??????? ????? ?????? ?????.

???? ????? ??? ????? ????? ?? ??? ????? ?-mod_security (????? libapache2-mod-security2) ?? Apache. mod_security ????? ????? ?? ????? ???? ????? ????? ?? ?? ????? ????? ????????. ???? ????? ?? ?????? ??? ??? ?? ??? ????? "SecServerSignature" ??? ??? ???? ???? ?????? mod_security.

??? ???? ?????? ?? ??? ???????? ??? ??? ????? ???? ???? ????? ??? ?????/????? ?????? ?????.

????? ??? ????? ?? ??? ??????? ???????? ?????? ????

????? ?????? ?? ??? ?????? ???????? ?????? ???? ??? ?????? ????? ?????. ??? ???????? ????? ???? ????? ?????? ?????? ????:

?? ??????/????? ?? ??? ?????? ???????? ?????? ???? ???? ???? ???????? ????? ??????. ???? ?????? ??????? "ErrorDocument" ??? ?????? ?? ? ?? ????? ????? ?????/???? ???? ??? ???????? ?? Apache (???? ??????).

??? ???? ?????? ?? ??? ???????? ??? ??? ????? ???? ???? ????? ??? ????/??? ??? ????? ???????? ?????? ????.

???? ?? ?????? ?? ??? ????????

????? ????? ?? ?? ?????? ?? ??? ???????? ??? ?????? ????? ????. ?????? ????, webroot ?? ??? ???????? ???? ????? ?? ??? index.html (Apache2 ???????? ???? ??????):

?? ????? ?? ?? ?????? ?? ?? ????? ???? ?????? ????? ?????? ??? ????????.

???? ?? ????? ????? HTTP ?? X-Frame-Options

?????? ????, ��Ĳ� ????? ?? ????? HTTP X-Frame-Options ????? ?????? ?'SAMEORIGIN', ????? ???? ????? ???? ???? ????? ?????? ??? ??? ????.

????? ???? ?? ��Ĳ� ??????? ???? ??????? URL ???????? (?????, ????? ???? ??????? ??? ????????) ????? ???? ?????? ????? ??? ?? ?? ??????? ?? ???? ??? ?????.

?????? ??? ?????? ?? ?????? ?? ?-frontend ?? ��Ĳ� ??????? ???? ???? ?????? XSS ?-clickjacking. ???? ??????? ?????? ????? iframe sandboxing ?-X-Frame-Options ????? ????? HTTP ??????? ??? ?????. ??? ???? ???? ?? ???????? ????????? ???? ????? ?????? ????? ?????. ????? ???? ??? ?? X-Frame-Options ???? ??????? ???? ?????.

????? ????? ?? ????? ?? ??????? ??????

??? ?????? ?? ???????? ?? ?????? ??? ?? ??????, ?? ?? ???? ?????? ?? ????? ????? ui/data/top_passwords.txt ?? ??? ????? ????? ??? ????????. ???? ?? ???? ????? ?? ???????? ??????? ????? ?????????? ?????, ??????? ?????? ??????? ?????? ??????? ???? ?? ????? ????? ???????? ??? ???? ????? ?-????? ???????.

??????, ?-NGINX ???? ?????? ?? ????? ????? ?? ??? ????? ?'?????' ????????:

 ????? = /data/top_passwords.txt {???????
            ?????? ???;
            ???? 404;
        }??????

?-Apache - ??????? ???? .htacess:

 <????? "top_passwords.txt">
          ????? ????, ???
          ?????? ???
        </Files>

????? UTF-8

UTF-8 ??? ?????? ????? ????? ?? ??? ��Ĳ�. ???? ??? ???? ??? ?? ????? ?????. ??????? ?????? ????? ?????? ??? ??? ?????? ????? ????? ?? ??????? ???? ????????? ??????.

?????? ?? ????? Windows

??? ????? ???????? ?? Windows, ????? ?????? ?????? ????? ???? ????? ?? ??? ??????, ??? ????? ??????? ??????? ????? ??? ?????? ??????? ???? ???? ?? ????? ??????.

��Ĳ� Security Advisories ???? ??????? CVE

??? Advisories Security and CVE ?? ��Ĳ�.

�����Ĳ�

Documentation

????? ????? ??????? ?????? �����Ĳ� ???????

????? ?????

???? ????

????? ???????? ???????

????? ?????? ????? �����Ĳ�

??? ???? ????? ????? ????? SSL ?-Windows

???????????

????? SSL ???? ???? �����Ĳ�

?????? ??? ????????

????? �����Ĳ� ??????? ????? ?? ????? ????

????? HTTP Strict Transport Security (HSTS) ???? ????????

Enabling Content Security Policy (CSP) on the web server

????? ????? ????? ?? ??? ????????

????? ??? ????? ?? ??? ??????? ???????? ?????? ????

???? ?? ?????? ?? ??? ????????

???? ?? ????? ????? HTTP ?? X-Frame-Options

????? ????? ?? ????? ?? ??????? ??????

????? UTF-8

?????? ?? ????? Windows

�����Ĳ� Security Advisories ???? ??????? CVE

��Ĳ�

????? ????? ??????? ?????? ��Ĳ� ???????

????? ?????? ????? ��Ĳ�

????? SSL ???? ???? ��Ĳ�

????? ��Ĳ� ??????? ????? ?? ????? ????

��Ĳ� Security Advisories ???? ??????? CVE