From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS)
Date: Mon, 12 Apr 2021 13:23:01 +0200 [thread overview]
Message-ID: <1beb8e64-838b-b31b-03e2-dcfc024f2e28@ipfire.org> (raw)
In-Reply-To: <856FB294-FFE3-4AF6-9BD4-3CAAEB6C9120@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 10228 bytes --]
Hi Michael,
On 12/04/2021 12:27, Michael Tremer wrote:
> Hello Adolf,
>
> You can use the Reviewed-by: tag to mark a patch as reviewed by you:
>
> https://wiki.ipfire.org/devel/git/tags
I wasn't sure if I was OK for me to use the reviewed tag or if it was limited to specific people. I will use it in future now when I do a review of a patch.
Regards,
Adolf.
>
> -Michael
>
>> On 9 Apr 2021, at 20:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi Robin,
>>
>> I am not knowledgeable enough about zabbix to make any comment about the conf file changes other than that I could follow your explanations of why they were being done.
>>
>> The lfs file changes look perfect to me.
>>
>> A general comment I would make is that when you want to do a v2 version then if you enter
>>
>> git patch-format -v2 -o ..... then the patches will be created automatically as [PATCH v2 1/3].
>>
>> Note it is lower case v
>>
>> Regards,
>>
>> Adolf
>>
>> On 07/04/2021 22:44, Robin Roevens wrote:
>>> - Update from 4.2.6 to latest LTS version 5.0.10
>>> See release notes: https://www.zabbix.com/rn/rn5.0.10
>>>
>>> Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
>>> ---
>>> config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++--
>>> lfs/zabbix_agentd | 11 ++-
>>> 2 files changed, 121 insertions(+), 14 deletions(-)
>>>
>>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
>>> index 21b8e0122..4d6c4c154 100644
>>> --- a/config/zabbix_agentd/zabbix_agentd.conf
>>> +++ b/config/zabbix_agentd/zabbix_agentd.conf
>>> @@ -63,14 +63,33 @@ LogFileSize=0
>>> # Default:
>>> # SourceIP=
>>> -### Option: EnableRemoteCommands
>>> -# Whether remote commands from Zabbix server are allowed.
>>> -# 0 - not allowed
>>> -# 1 - allowed
>>> +### Option: AllowKey
>>> +# Allow execution of item keys matching pattern.
>>> +# Multiple keys matching rules may be defined in combination with DenyKey.
>>> +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>>> +# Parameters are processed one by one according their appearance order.
>>> +# If no AllowKey or DenyKey rules defined, all keys are allowed.
>>> +#
>>> +# Mandatory: no
>>> +
>>> +### Option: DenyKey
>>> +# Deny execution of items keys matching pattern.
>>> +# Multiple keys matching rules may be defined in combination with AllowKey.
>>> +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>>> +# Parameters are processed one by one according their appearance order.
>>> +# If no AllowKey or DenyKey rules defined, all keys are allowed.
>>> +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
>>> #
>>> # Mandatory: no
>>> # Default:
>>> -# EnableRemoteCommands=0
>>> +# DenyKey=system.run[*]
>>> +
>>> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
>>> +# Internal alias for AllowKey/DenyKey parameters depending on value:
>>> +# 0 - DenyKey=system.run[*]
>>> +# 1 - AllowKey=system.run[*]
>>> +#
>>> +# Mandatory: no
>>> ### Option: LogRemoteCommands
>>> # Enable logging of executed shell commands as warnings.
>>> @@ -177,6 +196,28 @@ ServerActive=127.0.0.1
>>> # Default:
>>> # HostMetadataItem=
>>> +### Option: HostInterface
>>> +# Optional parameter that defines host interface.
>>> +# Host interface is used at host auto-registration process.
>>> +# An agent will issue an error and not start if the value is over limit of 255 characters.
>>> +# If not defined, value will be acquired from HostInterfaceItem.
>>> +#
>>> +# Mandatory: no
>>> +# Range: 0-255 characters
>>> +# Default:
>>> +# HostInterface=
>>> +
>>> +### Option: HostInterfaceItem
>>> +# Optional parameter that defines an item used for getting host interface.
>>> +# Host interface is used at host auto-registration process.
>>> +# During an auto-registration request an agent will log a warning message if
>>> +# the value returned by specified item is over limit of 255 characters.
>>> +# This option is only used when HostInterface is not defined.
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# HostInterfaceItem=
>>> +
>>> ### Option: RefreshActiveChecks
>>> # How often list of active checks is refreshed, in seconds.
>>> #
>>> @@ -265,7 +306,6 @@ ServerActive=127.0.0.1
>>> Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>>> -
>>> ####### USER-DEFINED MONITORED PARAMETERS #######
>>> ### Option: UnsafeUserParameters
>>> @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>>> #
>>> # Mandatory: no
>>> # Default:
>>> -# LoadModulePath=/usr/lib/modules
>>> +# LoadModulePath=${libdir}/modules
>>> LoadModulePath=/usr/lib/zabbix
>>> @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
>>> # TLSCRLFile=
>>> ### Option: TLSServerCertIssuer
>>> -# Allowed server certificate issuer.
>>> +# Allowed server certificate issuer.
>>> #
>>> # Mandatory: no
>>> # Default:
>>> # TLSServerCertIssuer=
>>> ### Option: TLSServerCertSubject
>>> -# Allowed server certificate subject.
>>> +# Allowed server certificate subject.
>>> #
>>> # Mandatory: no
>>> # Default:
>>> @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix
>>> # Mandatory: no
>>> # Default:
>>> # TLSPSKFile=
>>> +
>>> +####### For advanced users - TLS ciphersuite selection criteria #######
>>> +
>>> +### Option: TLSCipherCert13
>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>>> +# Override the default ciphersuite selection criteria for certificate-based encryption.
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# TLSCipherCert13=
>>> +
>>> +### Option: TLSCipherCert
>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>>> +# Override the default ciphersuite selection criteria for certificate-based encryption.
>>> +# Example for GnuTLS:
>>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>>> +# Example for OpenSSL:
>>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# TLSCipherCert=
>>> +
>>> +### Option: TLSCipherPSK13
>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>>> +# Override the default ciphersuite selection criteria for PSK-based encryption.
>>> +# Example:
>>> +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# TLSCipherPSK13=
>>> +
>>> +### Option: TLSCipherPSK
>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>>> +# Override the default ciphersuite selection criteria for PSK-based encryption.
>>> +# Example for GnuTLS:
>>> +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
>>> +# Example for OpenSSL:
>>> +# kECDHEPSK+AES128:kPSK+AES128
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# TLSCipherPSK=
>>> +
>>> +### Option: TLSCipherAll13
>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>>> +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>>> +# Example:
>>> +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# TLSCipherAll13=
>>> +
>>> +### Option: TLSCipherAll
>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>>> +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>>> +# Example for GnuTLS:
>>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>>> +# Example for OpenSSL:
>>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
>>> +#
>>> +# Mandatory: no
>>> +# Default:
>>> +# TLSCipherAll=
>>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
>>> index c69643a54..2d57b0dbe 100644
>>> --- a/lfs/zabbix_agentd
>>> +++ b/lfs/zabbix_agentd
>>> @@ -1,7 +1,7 @@
>>> ###############################################################################
>>> # #
>>> # IPFire.org - A linux based firewall #
>>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
>>> +# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
>>> # #
>>> # This program is free software: you can redistribute it and/or modify #
>>> # it under the terms of the GNU General Public License as published by #
>>> @@ -24,7 +24,7 @@
>>> include Config
>>> -VER = 4.2.6
>>> +VER = 5.0.10
>>> THISAPP = zabbix-$(VER)
>>> DL_FILE = $(THISAPP).tar.gz
>>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
>>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>>> TARGET = $(DIR_INFO)/$(THISAPP)
>>> PROG = zabbix_agentd
>>> -PAK_VER = 4
>>> +PAK_VER = 5
>>> DEPS =
>>> ###############################################################################
>>> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
>>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>> -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
>>> +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212
>>> install : $(TARGET)
>>> @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>> --prefix=/usr \
>>> --enable-agent \
>>> --sysconfdir=/etc/zabbix_agentd \
>>> - --with-openssl
>>> + --with-openssl \
>>> + --with-libcurl
>>> cd $(DIR_APP) && make
>>> cd $(DIR_APP) && make install
>
next prev parent reply other threads:[~2021-04-12 11:23 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 20:44 [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Robin Roevens
2021-04-07 20:44 ` [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Robin Roevens
2021-04-09 19:25 ` Adolf Belka
2021-04-10 21:05 ` Robin Roevens
2021-04-12 10:27 ` Michael Tremer
2021-04-12 11:23 ` Adolf Belka [this message]
2021-04-12 13:48 ` Michael Tremer
2021-04-12 10:26 ` Michael Tremer
2021-04-07 20:44 ` [PATCH 2/4] [V2] zabbix_agentd: Fix agent modules directory Robin Roevens
2021-04-09 19:36 ` Adolf Belka
2021-04-10 21:13 ` Robin Roevens
2021-04-12 10:26 ` Michael Tremer
2021-04-12 10:50 ` Robin Roevens
2021-04-12 10:52 ` Michael Tremer
2021-04-12 11:38 ` Robin Roevens
2021-04-12 13:45 ` Michael Tremer
2021-04-07 20:44 ` [PATCH 3/4] [V2] zabbix_agentd: Better configfile handling during update Robin Roevens
2021-04-07 20:44 ` [PATCH 4/4] [V2] zabbix_agentd: Add IPFire specific userparameters Robin Roevens
2021-04-12 10:36 ` Michael Tremer
2021-04-12 22:16 ` Robin Roevens
2021-04-15 11:21 ` Michael Tremer
2021-04-15 13:12 ` Robin Roevens
2021-04-15 20:34 ` Robin Roevens
2021-04-19 13:42 ` Michael Tremer
2021-04-19 13:37 ` Michael Tremer
2021-04-19 20:50 ` Robin Roevens
2021-04-12 10:32 ` [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Michael Tremer
2021-04-12 21:19 ` Robin Roevens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1beb8e64-838b-b31b-03e2-dcfc024f2e28@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox