From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Date: Fri, 09 Apr 2021 21:25:09 +0200 Message-ID: <006062ba-1a41-e025-21aa-f12c7f05448f@ipfire.org> In-Reply-To: <20210407204455.450-2-robin.roevens@disroot.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6503873710306479464==" List-Id: --===============6503873710306479464== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Robin, I am not knowledgeable enough about zabbix to make any comment about the conf= file changes other than that I could follow your explanations of why they we= re being done. The lfs file changes look perfect to me. A general comment I would make is that when you want to do a v2 version then = if you enter git patch-format -v2 -o ..... then the patches will be created automatically = as [PATCH v2 1/3]. Note it is lower case v Regards, Adolf On 07/04/2021 22:44, Robin Roevens wrote: > - Update from 4.2.6 to latest LTS version 5.0.10 > See release notes: https://www.zabbix.com/rn/rn5.0.10 > > Signed-off-by: Robin Roevens > --- > config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++-- > lfs/zabbix_agentd | 11 ++- > 2 files changed, 121 insertions(+), 14 deletions(-) > > diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd= /zabbix_agentd.conf > index 21b8e0122..4d6c4c154 100644 > --- a/config/zabbix_agentd/zabbix_agentd.conf > +++ b/config/zabbix_agentd/zabbix_agentd.conf > @@ -63,14 +63,33 @@ LogFileSize=3D0 > # Default: > # SourceIP=3D > =20 > -### Option: EnableRemoteCommands > -# Whether remote commands from Zabbix server are allowed. > -# 0 - not allowed > -# 1 - allowed > +### Option: AllowKey > +# Allow execution of item keys matching pattern. > +# Multiple keys matching rules may be defined in combination with DenyKey. > +# Key pattern is wildcard expression, which support "*" character to match= any number of any characters in certain position. It might be used in both k= ey name and key arguments. > +# Parameters are processed one by one according their appearance order. > +# If no AllowKey or DenyKey rules defined, all keys are allowed. > +# > +# Mandatory: no > + > +### Option: DenyKey > +# Deny execution of items keys matching pattern. > +# Multiple keys matching rules may be defined in combination with AllowKey. > +# Key pattern is wildcard expression, which support "*" character to match= any number of any characters in certain position. It might be used in both k= ey name and key arguments. > +# Parameters are processed one by one according their appearance order. > +# If no AllowKey or DenyKey rules defined, all keys are allowed. > +# Unless another system.run[*] rule is specified DenyKey=3Dsystem.ru= n[*] is added by default. > # > # Mandatory: no > # Default: > -# EnableRemoteCommands=3D0 > +# DenyKey=3Dsystem.run[*] > + > +### Option: EnableRemoteCommands - Deprecated, use AllowKey=3Dsystem.run[*= ] or DenyKey=3Dsystem.run[*] instead > +# Internal alias for AllowKey/DenyKey parameters depending on value: > +# 0 - DenyKey=3Dsystem.run[*] > +# 1 - AllowKey=3Dsystem.run[*] > +# > +# Mandatory: no > =20 > ### Option: LogRemoteCommands > # Enable logging of executed shell commands as warnings. > @@ -177,6 +196,28 @@ ServerActive=3D127.0.0.1 > # Default: > # HostMetadataItem=3D > =20 > +### Option: HostInterface > +# Optional parameter that defines host interface. > +# Host interface is used at host auto-registration process. > +# An agent will issue an error and not start if the value is over limit of= 255 characters. > +# If not defined, value will be acquired from HostInterfaceItem. > +# > +# Mandatory: no > +# Range: 0-255 characters > +# Default: > +# HostInterface=3D > + > +### Option: HostInterfaceItem > +# Optional parameter that defines an item used for getting host interface. > +# Host interface is used at host auto-registration process. > +# During an auto-registration request an agent will log a warning message = if > +# the value returned by specified item is over limit of 255 characters. > +# This option is only used when HostInterface is not defined. > +# > +# Mandatory: no > +# Default: > +# HostInterfaceItem=3D > + > ### Option: RefreshActiveChecks > # How often list of active checks is refreshed, in seconds. > # > @@ -265,7 +306,6 @@ ServerActive=3D127.0.0.1 > =20 > Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf > =20 > - > ####### USER-DEFINED MONITORED PARAMETERS ####### > =20 > ### Option: UnsafeUserParameters > @@ -299,7 +339,7 @@ Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf > # > # Mandatory: no > # Default: > -# LoadModulePath=3D/usr/lib/modules > +# LoadModulePath=3D${libdir}/modules > =20 > LoadModulePath=3D/usr/lib/zabbix > =20 > @@ -357,14 +397,14 @@ LoadModulePath=3D/usr/lib/zabbix > # TLSCRLFile=3D > =20 > ### Option: TLSServerCertIssuer > -# Allowed server certificate issuer. > +# Allowed server certificate issuer. > # > # Mandatory: no > # Default: > # TLSServerCertIssuer=3D > =20 > ### Option: TLSServerCertSubject > -# Allowed server certificate subject. > +# Allowed server certificate subject. > # > # Mandatory: no > # Default: > @@ -397,3 +437,69 @@ LoadModulePath=3D/usr/lib/zabbix > # Mandatory: no > # Default: > # TLSPSKFile=3D > + > +####### For advanced users - TLS ciphersuite selection criteria ####### > + > +### Option: TLSCipherCert13 > +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. > +# Override the default ciphersuite selection criteria for certificate-base= d encryption. > +# > +# Mandatory: no > +# Default: > +# TLSCipherCert13=3D > + > +### Option: TLSCipherCert > +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. > +# Override the default ciphersuite selection criteria for certificate-base= d encryption. > +# Example for GnuTLS: > +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA2= 56:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 > +# Example for OpenSSL: > +# EECDH+aRSA+AES128:RSA+aRSA+AES128 > +# > +# Mandatory: no > +# Default: > +# TLSCipherCert=3D > + > +### Option: TLSCipherPSK13 > +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. > +# Override the default ciphersuite selection criteria for PSK-based encryp= tion. > +# Example: > +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 > +# > +# Mandatory: no > +# Default: > +# TLSCipherPSK13=3D > + > +### Option: TLSCipherPSK > +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. > +# Override the default ciphersuite selection criteria for PSK-based encryp= tion. > +# Example for GnuTLS: > +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA2= 56:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL > +# Example for OpenSSL: > +# kECDHEPSK+AES128:kPSK+AES128 > +# > +# Mandatory: no > +# Default: > +# TLSCipherPSK=3D > + > +### Option: TLSCipherAll13 > +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. > +# Override the default ciphersuite selection criteria for certificate- and= PSK-based encryption. > +# Example: > +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA= 256 > +# > +# Mandatory: no > +# Default: > +# TLSCipherAll13=3D > + > +### Option: TLSCipherAll > +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. > +# Override the default ciphersuite selection criteria for certificate- and= PSK-based encryption. > +# Example for GnuTLS: > +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128= -CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 > +# Example for OpenSSL: > +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 > +# > +# Mandatory: no > +# Default: > +# TLSCipherAll=3D > diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd > index c69643a54..2d57b0dbe 100644 > --- a/lfs/zabbix_agentd > +++ b/lfs/zabbix_agentd > @@ -1,7 +1,7 @@ > #########################################################################= ###### > # = # > # IPFire.org - A linux based firewall = # > -# Copyright (C) 2007-2019 IPFire Team = # > +# Copyright (C) 2007-2021 IPFire Team = # > # = # > # This program is free software: you can redistribute it and/or modify = # > # it under the terms of the GNU General Public License as published by = # > @@ -24,7 +24,7 @@ > =20 > include Config > =20 > -VER =3D 4.2.6 > +VER =3D 5.0.10 > =20 > THISAPP =3D zabbix-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) > DIR_APP =3D $(DIR_SRC)/$(THISAPP) > TARGET =3D $(DIR_INFO)/$(THISAPP) > PROG =3D zabbix_agentd > -PAK_VER =3D 4 > +PAK_VER =3D 5 > DEPS =3D > =20 > #########################################################################= ###### > @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) > =20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) > =20 > -$(DL_FILE)_MD5 =3D 6cd55cd743d416d9ffbf2e6fdee680ee > +$(DL_FILE)_MD5 =3D 17403cce60266019f25ff53c72f0e212 > =20 > install : $(TARGET) > =20 > @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > --prefix=3D/usr \ > --enable-agent \ > --sysconfdir=3D/etc/zabbix_agentd \ > - --with-openssl > + --with-openssl \ > + --with-libcurl > =20 > cd $(DIR_APP) && make > cd $(DIR_APP) && make install --===============6503873710306479464==--