From mboxrd@z Thu Jan 1 00:00:00 1970 From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH 4/4] [V2] zabbix_agentd: Add IPFire specific userparameters Date: Wed, 07 Apr 2021 22:44:56 +0200 Message-ID: <20210407204455.450-5-robin.roevens@disroot.org> In-Reply-To: <20210407204455.450-1-robin.roevens@disroot.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4095778426735895387==" List-Id: --===============4095778426735895387== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Provide IPFire specific items for the Zabbix server to monitor: - Networking stats: - ipfire.net.gateway.pingtime: Internet Line Quality - ipfire.net.gateway.ping: Internet connection - ipfire.net.fw.hits[*]: Firewall hits - IPFire service states: - ipfire.services: JSON formatted state of all IPFire services using new ipfire_services.pl script. Users can install the IPFire 2 Zabbix template-set provided here: https://share.zabbix.com/network-appliances/ipfire-2 to monitor these metrics. Or create their own template. Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 3 + config/zabbix_agentd/ipfire_services.pl | 221 ++++++++++++++++++ config/zabbix_agentd/sudoers | 2 +- .../template_module_ipfire_network_stats.conf | 4 + .../template_module_ipfire_services.conf | 2 + lfs/zabbix_agentd | 8 +- src/paks/zabbix_agentd/install.sh | 5 + src/paks/zabbix_agentd/uninstall.sh | 2 + 8 files changed, 245 insertions(+), 2 deletions(-) create mode 100755 config/zabbix_agentd/ipfire_services.pl create mode 100644 config/zabbix_agentd/template_module_ipfire_network_stats= .conf create mode 100644 config/zabbix_agentd/template_module_ipfire_services.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packa= ges/zabbix_agentd index 6945c5ef7..aa3f1846b 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -3,9 +3,12 @@ etc/rc.d/init.d/zabbix_agentd etc/sudoers.d/zabbix.ipfirenew #etc/zabbix_agentd #etc/zabbix_agentd/scripts +etc/zabbix_agentd/scripts/ipfire_services.pl.ipfirenew etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew #etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew +etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_network_stats.conf.= ipfirenew +etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_services.conf.ipfir= enew usr/bin/zabbix_get usr/bin/zabbix_sender #usr/lib/modules diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/i= pfire_services.pl new file mode 100755 index 000000000..dbf8aec56 --- /dev/null +++ b/config/zabbix_agentd/ipfire_services.pl @@ -0,0 +1,221 @@ +#!/usr/bin/perl +############################################################################= ### +# ipfire_services.pl - Retrieves available IPFire services information and=20 +# return this as a JSON array suitable for easy process= ing=20 +# by Zabbix server +# +# Author: robin.roevens (at) disroot.org +# Version: 1.0 +# +# Based on: services.cgi by IPFire Team +# Copyright (C) 2007-2021 IPFire Team =20 +#=20 +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +#=20 +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the=20 +# GNU General Public License for more details. +#=20 +# You should have received a copy of the GNU General Public License=20 +# along with this program. If not, see . +#=20 +############################################################################= ### + +use strict; + +# enable only the following on debugging purpose +# use warnings; + +# Maps a nice printable name to the changing part of the pid file, which +# is also the name of the program +my %servicenames =3D( + 'DHCP Server' =3D> 'dhcpd', + 'Web Server' =3D> 'httpd', + 'CRON Server' =3D> 'fcron', + 'DNS Proxy Server' =3D> 'unbound', + 'Logging Server' =3D> 'syslogd', + 'Kernel Logging Server' =3D> 'klogd', + 'NTP Server' =3D> 'ntpd', + 'Secure Shell Server' =3D> 'sshd', + 'VPN' =3D> 'charon', + 'Web Proxy' =3D> 'squid', + 'Intrusion Detection System' =3D> 'suricata', + 'OpenVPN' =3D> 'openvpn' +); + +# Hash to overwrite the process name of a process if it differs from the lau= nch command. +my %overwrite_exename_hash =3D ( + "suricata" =3D> "Suricata-Main" +); + +my $first =3D 1; + +print "["; + +# Built-in services +my $key =3D ''; +foreach $key (sort keys %servicenames){ + print "," if not $first; + $first =3D 0; + + print "{"; + print "\"service\":\"$key\","; + + my $shortname =3D $servicenames{$key}; + print &servicestats($shortname); +=09 + print "}"; +} + +# Generate list of installed addon pak's +my @pak =3D `find /opt/pakfire/db/installed/meta-* 2>/dev/null | cut -d"-" -= f2`; +foreach (@pak){ + chomp($_); + + # Check which of the paks are services + my @svc =3D `find /etc/init.d/$_ 2>/dev/null | cut -d"/" -f4`; + foreach (@svc){ + # blacklist some packages + # + # alsa has trouble with the volume saving and was not really stopped + # mdadm should not stopped with webif because this could crash the system + # + chomp($_); + if ( $_ eq 'squid' ) { + next; + } + if ( ($_ ne "alsa") && ($_ ne "mdadm") ) { + print ","; + print "{"; + + print "\"service\":\"Addon: $_\","; + print "\"servicename\":\"$_\","; + + my $onboot =3D isautorun($_); + print "\"onboot\":$onboot,"; + + print &addonservicestats($_); + + print "}"; + } + } +}=09 + +print "]"; + +sub servicestats{ + my $cmd =3D $_[0]; + my $status =3D "\"servicename\":\"$cmd\",\"state\":\"0\""; + my $pid =3D ''; + my $testcmd =3D ''; + my $exename; + my $memory; + + + $cmd =3D~ /(^[a-z]+)/; +=09 + # Check if the exename needs to be overwritten. + # This happens if the expected process name string + # differs from the real one. This may happened if + # a service uses multiple processes or threads. + if (exists($overwrite_exename_hash{$cmd})) { + # Grab the string which will be reported by + # the process from the corresponding hash. + $exename =3D $overwrite_exename_hash{$1}; + } else { + # Directly expect the launched command as + # process name. + $exename =3D $1; + } +=09 + if (open(FILE, "/var/run/${cmd}.pid")){ + $pid =3D ; chomp $pid; + close FILE; + if (open(FILE, "/proc/${pid}/status")){ + while (){ + if (/^Name:\W+(.*)/) { + $testcmd =3D $1; + } + } + close FILE; + } + if (open(FILE, "/proc/${pid}/status")) { + while () { + my ($key, $val) =3D split(":", $_, 2); + if ($key eq 'VmRSS') { + $val =3D~ /\s*([0-9]*)\s+kB/; + # Convert kB to B + $memory =3D $1*1024; + last; + } + } + close(FILE); + } + if ($testcmd =3D~ /$exename/){ + $status =3D "\"servicename\":\"$cmd\",\"state\":1,\"pid\":$pid,\"memory\"= :$memory"; + } + } + return $status; +} + +sub isautorun{ + my $cmd =3D $_[0]; + my $status =3D "0"; + my $init =3D `find /etc/rc.d/rc3.d/S??${cmd} 2>/dev/null`; + chomp ($init); + if ($init ne ''){ + $status =3D "1"; + } + $init =3D `find /etc/rc.d/rc3.d/off/S??${cmd} 2>/dev/null`; + chomp ($init); + if ($init ne ''){ + $status =3D "0"; + } + + return $status; +} + +sub addonservicestats{ + my $cmd =3D $_[0]; + my $status =3D "0"; + my $pid =3D ''; + my $testcmd =3D ''; + my $exename; + my @memory =3D (0); + + $testcmd =3D `sudo /usr/local/bin/addonctrl $_ status 2>/dev/null`; + + if ( $testcmd =3D~ /is\ running/ && $testcmd !~ /is\ not\ running/){ + $status =3D "\"state\":1"; + + $testcmd =3D~ s/.* //gi; + $testcmd =3D~ s/[a-z_]//gi; + $testcmd =3D~ s/\[[0-1]\;[0-9]+//gi; + $testcmd =3D~ s/[\(\)\.]//gi; + $testcmd =3D~ s/ //gi; + $testcmd =3D~ s/=1B//gi; + + my @pid =3D split(/\s/,$testcmd); + $status .=3D",\"pid\":\"$pid[0]\""; + + my $memory =3D 0; + + foreach (@pid){ + chomp($_); + if (open(FILE, "/proc/$_/statm")){ + my $temp =3D ; + @memory =3D split(/ /,$temp); + } + $memory+=3D$memory[0]; + } + $memory*=3D1024; + $status .=3D",\"memory\":$memory"; + }else{ + $status =3D "\"state\":0"; + } + return $status; +} diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 1b362a4fd..340bb8e66 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -14,4 +14,4 @@ # Append / edit the following list of commands to fit your needs: # Defaults:zabbix !requiretty -zabbix ALL=3D(ALL) NOPASSWD: /opt/pakfire/pakfire status +zabbix ALL=3D(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/local/bin/add= onctrl, /sbin/iptables, /usr/sbin/fping diff --git a/config/zabbix_agentd/template_module_ipfire_network_stats.conf b= /config/zabbix_agentd/template_module_ipfire_network_stats.conf new file mode 100644 index 000000000..f1658ed07 --- /dev/null +++ b/config/zabbix_agentd/template_module_ipfire_network_stats.conf @@ -0,0 +1,4 @@ +### Parameters for monitoring IPFire network statistics=20 +UserParameter=3Dipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gatewa= y 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +UserParameter=3Dipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway= ; [ ! $? ]; echo $? +UserParameter=3Dipfire.net.fw.hits[*],sudo /sbin/iptables -vnxL $1 | grep "\= /\* $2 \*\/" | awk '{ print $$2 }'; diff --git a/config/zabbix_agentd/template_module_ipfire_services.conf b/conf= ig/zabbix_agentd/template_module_ipfire_services.conf new file mode 100644 index 000000000..5f95218e3 --- /dev/null +++ b/config/zabbix_agentd/template_module_ipfire_services.conf @@ -0,0 +1,2 @@ +### Parameter for monitoring IPFire services +UserParameter=3Dipfire.services,/etc/zabbix_agentd/scripts/ipfire_services.pl diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 73e08d20a..c0d28d51f 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -33,7 +33,7 @@ DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D zabbix_agentd PAK_VER =3D 5 -DEPS =3D +DEPS =3D "fping" =20 ############################################################################= ### # Top-level Rules @@ -97,6 +97,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_app_pakfire.conf= \ /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_module_ipfire_ne= twork_stats.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_network_stats.co= nf.ipfirenew + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_module_ipfire_se= rvices.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_services.conf.ip= firenew + install -v -m 755 $(DIR_SRC)/config/zabbix_agentd/ipfire_services.pl \ + /etc/zabbix_agentd/scripts/ipfire_services.pl.ipfirenew =20 # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/insta= ll.sh index 4248a7ec1..ced915c81 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -66,8 +66,13 @@ restore_backup ${NAME} # Put zabbix configfiles in place setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf +setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_n= etwork_stats.conf +setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_s= ervices.conf setup_configfile /etc/sudoers.d/zabbix =20 +# Overwrite script if it exists as user should not modify it but it is inclu= ded in backup +mv /etc/zabbix_agentd/scripts/ipfire_services.pl.ipfirenew /etc/zabbix_agent= d/scripts/ipfire_services.pl + if $review_required; then echo "WARNING: New versions of some configfile(s) where provided as .ipfire= new-files." echo " They may need manual review in order to take advantage of ne= w features" diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uni= nstall.sh index 7a13880c5..ccbc8f7cf 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -26,6 +26,8 @@ stop_service ${NAME} =20 # Remove .ipfirenew files in advance so they won't be included in backup rm -rfv /etc/zabbix_agentd/*.ipfirenew /etc/zabbix_agentd/*/*.ipfirenew +# Remove script-file as it should not have been modified by user +rm -fv /etc/zabbix_agentd/scripts/ipfire_services.pl =20 make_backup ${NAME} remove_files --=20 2.30.2 --=20 Dit bericht is gescanned op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. --===============4095778426735895387==--