From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Subject: [PATCH v4 1/6] zabbix_agentd: Update to v5.0.21 (LTS)
Date: Thu, 03 Mar 2022 22:02:49 +0100 [thread overview]
Message-ID: <20220303210254.3116-2-robin.roevens@disroot.org> (raw)
In-Reply-To: <20220303210254.3116-1-robin.roevens@disroot.org>
[-- Attachment #1: Type: text/plain, Size: 8897 bytes --]
- Update from 4.2.6 to latest LTS version 5.0.21
See release notes: https://www.zabbix.com/rn/rn5.0.21
Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
---
config/zabbix_agentd/zabbix_agentd.conf | 135 ++++++++++++++++++++++--
lfs/zabbix_agentd | 11 +-
2 files changed, 132 insertions(+), 14 deletions(-)
diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
index 21b8e0122..aa8b899dc 100644
--- a/config/zabbix_agentd/zabbix_agentd.conf
+++ b/config/zabbix_agentd/zabbix_agentd.conf
@@ -63,14 +63,33 @@ LogFileSize=0
# Default:
# SourceIP=
-### Option: EnableRemoteCommands
-# Whether remote commands from Zabbix server are allowed.
-# 0 - not allowed
-# 1 - allowed
+### Option: AllowKey
+# Allow execution of item keys matching pattern.
+# Multiple keys matching rules may be defined in combination with DenyKey.
+# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+# Parameters are processed one by one according their appearance order.
+# If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+# Deny execution of items keys matching pattern.
+# Multiple keys matching rules may be defined in combination with AllowKey.
+# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
+# Parameters are processed one by one according their appearance order.
+# If no AllowKey or DenyKey rules defined, all keys are allowed.
+# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
#
# Mandatory: no
# Default:
-# EnableRemoteCommands=0
+# DenyKey=system.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
+# Internal alias for AllowKey/DenyKey parameters depending on value:
+# 0 - DenyKey=system.run[*]
+# 1 - AllowKey=system.run[*]
+#
+# Mandatory: no
### Option: LogRemoteCommands
# Enable logging of executed shell commands as warnings.
@@ -177,6 +196,28 @@ ServerActive=127.0.0.1
# Default:
# HostMetadataItem=
+### Option: HostInterface
+# Optional parameter that defines host interface.
+# Host interface is used at host auto-registration process.
+# An agent will issue an error and not start if the value is over limit of 255 characters.
+# If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=
+
+### Option: HostInterfaceItem
+# Optional parameter that defines an item used for getting host interface.
+# Host interface is used at host auto-registration process.
+# During an auto-registration request an agent will log a warning message if
+# the value returned by specified item is over limit of 255 characters.
+# This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=
+
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
@@ -265,7 +306,6 @@ ServerActive=127.0.0.1
Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
-
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UnsafeUserParameters
@@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
#
# Mandatory: no
# Default:
-# LoadModulePath=/usr/lib/modules
+# LoadModulePath=${libdir}/modules
LoadModulePath=/usr/lib/zabbix
@@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
# TLSCRLFile=
### Option: TLSServerCertIssuer
-# Allowed server certificate issuer.
+# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
-# Allowed server certificate subject.
+# Allowed server certificate subject.
#
# Mandatory: no
# Default:
@@ -397,3 +437,80 @@ LoadModulePath=/usr/lib/zabbix
# Mandatory: no
# Default:
# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example:
+# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+# Example for OpenSSL:
+# kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example:
+# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+# The maximum number of pending connections in the queue. This parameter is passed to
+# listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index dbf6f2d77..5ee1b94e5 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -26,7 +26,7 @@ include Config
SUMMARY = Zabbix Agent
-VER = 4.2.6
+VER = 5.0.21
THISAPP = zabbix-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = zabbix_agentd
-PAK_VER = 4
+PAK_VER = 5
DEPS =
SERVICES = zabbix_agentd
@@ -47,7 +47,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
+$(DL_FILE)_MD5 = fd0d3511aad0410427649bd134364889
install : $(TARGET)
@@ -84,7 +84,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--prefix=/usr \
--enable-agent \
--sysconfdir=/etc/zabbix_agentd \
- --with-openssl
+ --with-openssl \
+ --with-libcurl
cd $(DIR_APP) && make
cd $(DIR_APP) && make install
--
2.34.1
--
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
next prev parent reply other threads:[~2022-03-03 21:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-03 21:02 [PATCH v4 0/6] " Robin Roevens
2022-03-03 21:02 ` Robin Roevens [this message]
2022-03-03 21:02 ` [PATCH v4 2/6] zabbix_agentd: Fix agent modules dir and few minor bugs Robin Roevens
2022-03-03 21:02 ` [PATCH v4 3/6] zabbix_agentd: Configfile reorganization Robin Roevens
2022-03-03 21:02 ` [PATCH v4 4/6] zabbix_agentd: Sudoers file reorganization Robin Roevens
2022-03-03 21:02 ` [PATCH v4 5/6] zabbix_agentd: By default only listen on GREEN ip Robin Roevens
2022-03-03 21:02 ` [PATCH v4 6/6] zabbix_agentd: Add IPFire specific userparameters Robin Roevens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220303210254.3116-2-robin.roevens@disroot.org \
--to=robin.roevens@disroot.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox