From mboxrd@z Thu Jan  1 00:00:00 1970
From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Subject: [PATCH v4 1/6] zabbix_agentd: Update to v5.0.21 (LTS)
Date: Thu, 03 Mar 2022 22:02:49 +0100
Message-ID: <20220303210254.3116-2-robin.roevens@disroot.org>
In-Reply-To: <20220303210254.3116-1-robin.roevens@disroot.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7742031146668929317=="
List-Id: <development.lists.ipfire.org>

--===============7742031146668929317==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- Update from 4.2.6 to latest LTS version 5.0.21
  See release notes: https://www.zabbix.com/rn/rn5.0.21

Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
---
 config/zabbix_agentd/zabbix_agentd.conf | 135 ++++++++++++++++++++++--
 lfs/zabbix_agentd                       |  11 +-
 2 files changed, 132 insertions(+), 14 deletions(-)

diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/z=
abbix_agentd.conf
index 21b8e0122..aa8b899dc 100644
--- a/config/zabbix_agentd/zabbix_agentd.conf
+++ b/config/zabbix_agentd/zabbix_agentd.conf
@@ -63,14 +63,33 @@ LogFileSize=3D0
 # Default:
 # SourceIP=3D
=20
-### Option: EnableRemoteCommands
-#	Whether remote commands from Zabbix server are allowed.
-#	0 - not allowed
-#	1 - allowed
+### Option: AllowKey
+#	Allow execution of item keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with DenyKey.
+#	Key pattern is wildcard expression, which support "*" character to match a=
ny number of any characters in certain position. It might be used in both key=
 name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#
+# Mandatory: no
+
+### Option: DenyKey
+#	Deny execution of items keys matching pattern.
+#	Multiple keys matching rules may be defined in combination with AllowKey.
+#	Key pattern is wildcard expression, which support "*" character to match a=
ny number of any characters in certain position. It might be used in both key=
 name and key arguments.
+#	Parameters are processed one by one according their appearance order.
+#	If no AllowKey or DenyKey rules defined, all keys are allowed.
+#       Unless another system.run[*] rule is specified DenyKey=3Dsystem.run[=
*] is added by default.
 #
 # Mandatory: no
 # Default:
-# EnableRemoteCommands=3D0
+# DenyKey=3Dsystem.run[*]
+
+### Option: EnableRemoteCommands - Deprecated, use AllowKey=3Dsystem.run[*] =
or DenyKey=3Dsystem.run[*] instead
+#	Internal alias for AllowKey/DenyKey parameters depending on value:
+#	0 - DenyKey=3Dsystem.run[*]
+#	1 - AllowKey=3Dsystem.run[*]
+#
+# Mandatory: no
=20
 ### Option: LogRemoteCommands
 #	Enable logging of executed shell commands as warnings.
@@ -177,6 +196,28 @@ ServerActive=3D127.0.0.1
 # Default:
 # HostMetadataItem=3D
=20
+### Option: HostInterface
+#	Optional parameter that defines host interface.
+#	Host interface is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 2=
55 characters.
+#	If not defined, value will be acquired from HostInterfaceItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostInterface=3D
+
+### Option: HostInterfaceItem
+#	Optional parameter that defines an item used for getting host interface.
+#	Host interface is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostInterface is not defined.
+#
+# Mandatory: no
+# Default:
+# HostInterfaceItem=3D
+
 ### Option: RefreshActiveChecks
 #	How often list of active checks is refreshed, in seconds.
 #
@@ -265,7 +306,6 @@ ServerActive=3D127.0.0.1
=20
 Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf
=20
-
 ####### USER-DEFINED MONITORED PARAMETERS #######
=20
 ### Option: UnsafeUserParameters
@@ -299,7 +339,7 @@ Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf
 #
 # Mandatory: no
 # Default:
-# LoadModulePath=3D/usr/lib/modules
+# LoadModulePath=3D${libdir}/modules
=20
 LoadModulePath=3D/usr/lib/zabbix
=20
@@ -357,14 +397,14 @@ LoadModulePath=3D/usr/lib/zabbix
 # TLSCRLFile=3D
=20
 ### Option: TLSServerCertIssuer
-#	Allowed server certificate issuer.
+#		Allowed server certificate issuer.
 #
 # Mandatory: no
 # Default:
 # TLSServerCertIssuer=3D
=20
 ### Option: TLSServerCertSubject
-#	Allowed server certificate subject.
+#		Allowed server certificate subject.
 #
 # Mandatory: no
 # Default:
@@ -397,3 +437,80 @@ LoadModulePath=3D/usr/lib/zabbix
 # Mandatory: no
 # Default:
 # TLSPSKFile=3D
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate-based =
encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=3D
+
+### Option: TLSCipherCert
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate-based =
encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256=
:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=3D
+
+### Option: TLSCipherPSK13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for PSK-based encrypti=
on.
+#	Example:
+#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=3D
+
+### Option: TLSCipherPSK
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for PSK-based encrypti=
on.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256=
:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+#	Example for OpenSSL:
+#		kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=3D
+
+### Option: TLSCipherAll13
+#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+#	Override the default ciphersuite selection criteria for certificate- and P=
SK-based encryption.
+#	Example:
+#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=3D
+
+### Option: TLSCipherAll
+#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+#	Override the default ciphersuite selection criteria for certificate- and P=
SK-based encryption.
+#	Example for GnuTLS:
+#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-C=
BC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+#	Example for OpenSSL:
+#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=3D
+
+####### For advanced users - TCP-related fine-tuning parameters #######
+
+## Option: ListenBacklog
+#       The maximum number of pending connections in the queue. This paramet=
er is passed to
+#       listen() function as argument 'backlog' (see "man listen").
+#
+# Mandatory: no
+# Range: 0 - INT_MAX (depends on system, too large values may be silently tr=
uncated to implementation-specified maximum)
+# Default: SOMAXCONN (hard-coded constant, depends on system)
+# ListenBacklog=3D
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index dbf6f2d77..5ee1b94e5 100644
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -1,7 +1,7 @@
 ############################################################################=
###
 #                                                                           =
  #
 # IPFire.org - A linux based firewall                                       =
  #
-# Copyright (C) 2007-2019  IPFire Team  <info(a)ipfire.org>                 =
    #
+# Copyright (C) 2007-2022  IPFire Team  <info(a)ipfire.org>                 =
    #
 #                                                                           =
  #
 # This program is free software: you can redistribute it and/or modify      =
  #
 # it under the terms of the GNU General Public License as published by      =
  #
@@ -26,7 +26,7 @@ include Config
=20
 SUMMARY    =3D Zabbix Agent
=20
-VER        =3D 4.2.6
+VER        =3D 5.0.21
=20
 THISAPP    =3D zabbix-$(VER)
 DL_FILE    =3D $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    =3D $(URL_IPFIRE)
 DIR_APP    =3D $(DIR_SRC)/$(THISAPP)
 TARGET     =3D $(DIR_INFO)/$(THISAPP)
 PROG       =3D zabbix_agentd
-PAK_VER    =3D 4
+PAK_VER    =3D 5
 DEPS       =3D
=20
 SERVICES   =3D zabbix_agentd
@@ -47,7 +47,7 @@ objects =3D $(DL_FILE)
=20
 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE)
=20
-$(DL_FILE)_MD5 =3D 6cd55cd743d416d9ffbf2e6fdee680ee
+$(DL_FILE)_MD5 =3D fd0d3511aad0410427649bd134364889
=20
 install : $(TARGET)
=20
@@ -84,7 +84,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--prefix=3D/usr \
 		--enable-agent \
 		--sysconfdir=3D/etc/zabbix_agentd \
-		--with-openssl
+		--with-openssl \
+		--with-libcurl
=20
 	cd $(DIR_APP) && make
 	cd $(DIR_APP) && make install
--=20
2.34.1


--=20
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.


--===============7742031146668929317==--