This article will be subsequently completed to provide a central overview on all aspects of security measures implemented in Checkmk and aids on further improving security.

Good news first: Since the beginning Checkmk uses an architecture that considers security needs and — whereever possible — applies these to standard settings. However, there are aspects where user intervention is required, for example when keys or certificates have to be generated or imported.

1. Agent output

Since version 2.1.0, Checkmk uses TLS encryption for communication between the server and the agents on Linux and Windows hosts. Communication details are covered in the following articles:

However there are some constellations where TLS encryptions for Linux or Unix clients cannot be setup. In these cases you might use encrypted tunnels, for example with SSH:

2. HTTP(S) communication

On many places within Checkmk communication is realized over HTTP. This applies to internal communication and configurations such as distributed monitoring. Switch to HTTPS where possible:

3. Access control

Checkmk supports connections to several authentication protocols and is able to enforce two-factor authentication for even higher security:

On this page