From mboxrd@z Thu Jan 1 00:00:00 1970 From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH] zabbix_agentd: Add IPFire services.get item Date: Tue, 10 Sep 2024 23:12:31 +0200 Message-ID: <20240910212924.1685603-2-robin.roevens@disroot.org> In-Reply-To: <20240910212924.1685603-1-robin.roevens@disroot.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6205927658730344748==" List-Id: --===============6205927658730344748== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - Adds Zabbix Agent userparameter `ipfire.services.get` for the agent to get = details about configured IPFire services (builtin and addon-services) - Includes `ipfire_services.pl` script in sudoers for Zabbix Agent as it need= s root permission to call addonctrl for addon service states. - Adapts lfs install script to install new script - Adds new script to rootfiles --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/ipfire_services.pl | 212 ++++++++++++++++++ config/zabbix_agentd/sudoers | 1 + .../zabbix_agentd/userparameter_ipfire.conf | 4 +- lfs/zabbix_agentd | 2 + 5 files changed, 219 insertions(+), 1 deletion(-) create mode 100755 config/zabbix_agentd/ipfire_services.pl diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packa= ges/zabbix_agentd index 8e10cb4c8..ffa66f307 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -23,3 +23,4 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_ipfir= e.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf var/ipfire/zabbix_agentd/scripts var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh +var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/i= pfire_services.pl new file mode 100755 index 000000000..c3233f6c9 --- /dev/null +++ b/config/zabbix_agentd/ipfire_services.pl @@ -0,0 +1,212 @@ +#!/usr/bin/perl +############################################################################= ### +# ipfire_services.pl - Retrieves available IPFire services information and=20 +# return this as a JSON array suitable for easy process= ing=20 +# by Zabbix server +# +# Author: robin.roevens (at) disroot.org +# Version: 3.0 +# +# Copyright (C) 2007-2024 IPFire Team =20 +#=20 +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +#=20 +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the=20 +# GNU General Public License for more details. +#=20 +# You should have received a copy of the GNU General Public License=20 +# along with this program. If not, see . +#=20 +############################################################################= ### + +use strict; + +# enable only the following on debugging purpose +# use warnings; + +# Load General functions +require "/var/ipfire/general-functions.pl"; + +# Load Pakfire functions +require "/opt/pakfire/lib/functions.pl"; + +my $first =3D 1; + +print "["; + +# Built-in services +my %services =3D ( + # DHCP Server + 'DHCP Server' =3D> { + "process" =3D> "dhcpd", + }, + + # Web Server + 'Web Server' =3D> { + "process" =3D> "httpd", + }, + + # Cron Server + 'CRON Server' =3D> { + "process" =3D> "fcron", + }, + + # DNS Proxy + 'DNS Proxy Server' =3D> { + "process" =3D> "unbound", + }, + + # Syslog + 'Logging Server' =3D> { + "process" =3D> "syslogd", + }, + + # Kernel Logger + 'Kernel Logging Server' =3D> { + "process" =3D> "klogd", + }, + + # Time Server + 'NTP Server' =3D> { + "process" =3D> "ntpd", + }, + + # SSH Server + 'Secure Shell Server' =3D> { + "process" =3D> "sshd", + }, + + # IPsec + 'VPN' =3D> { + "process" =3D> "charon", + }, + + # Web Proxy + 'Web Proxy' =3D> { + "process" =3D> "squid", + }, + + # IPS + 'Intrusion Prevention System' =3D> { + "process" =3D> "suricata", + "pidfile" =3D> "/var/run/suricata.pid", + }, + + # OpenVPN Roadwarrior + 'OpenVPN Roadwarrior Server' =3D> { + "process" =3D> "openvpn", + "pidfile" =3D> "/var/run/openvpn.pid", + } +); + +foreach my $service (sort keys %services){ + my %config =3D %{ $services{$service} }; + + my $pidfile =3D $config{"pidfile"}; + my $process =3D $config{"process"}; + + # Collect all pids + my @pids =3D (); + + # Read the PID file or go search... + if (defined $pidfile) { + @pids =3D &General::read_pids("${pidfile}"); + } else { + @pids =3D &General::find_pids("${process}"); + } + + # Not Running + my $status =3D "\"state\":\"0\""; + + # Running? + if (scalar @pids) { + # Get memory consumption + my $mem =3D &General::get_memory_consumption(@pids); + + $status =3D "\"state\":1,\"pids\":[" . join(',', @pids) . "]= ,\"memory\":$mem"; + } + + print "," if not $first; + $first =3D 0; + + print "{"; + print "\"service\":\"$service\",\"servicename\":\"$process\",$status"; + print "}"; +} + +# Generate list of installed addon pak's +my %paklist =3D &Pakfire::dblist("installed"); + +foreach my $pak (keys %paklist) { + my %metadata =3D &Pakfire::getmetadata($pak, "installed"); + =20 + # If addon contains services + if ("$metadata{'Services'}") { + foreach my $service (split(/ /, "$metadata{'Services'}")) { + print ","; + print "{"; + + print "\"service\":\"Addon: $metadata{'Name'}\","; + print "\"servicename\":\"$service\","; + + my $onboot =3D isautorun($pak, $service); + print "\"onboot\":$onboot,"; + + print &addonservicestats($pak, $service); + + print "}"; + } + } +}=09 + +print "]"; + +sub isautorun() { + my ($pak, $service) =3D @_; + my @testcmd =3D &General::system_output("/usr/local/bin/addonctrl", "$pak",= "boot-status", "$service"); + my $testcmd =3D @testcmd[0]; + my $status =3D 9; + + # Check if autorun for the given service is enabled. + if ( $testcmd =3D~ /enabled\ on\ boot/ ) { + $status =3D 1; + } elsif ( $testcmd =3D~ /disabled\ on\ boot/ ) { + $status =3D 0; + } + + # Return the status. + return $status; +} + +sub addonservicestats() { + my ($pak, $service) =3D @_; + my $testcmd =3D ''; + my $exename; + my @memory =3D (0); + + my @testcmd =3D &General::system_output("/usr/local/bin/addonctrl", "$pak= ", "status", "$service"); + my $testcmd =3D @testcmd[0]; + + my $status =3D "\"state\":0"; + if ( $testcmd =3D~ /is\ running/ && $testcmd !~ /is\ not\ running/){ + $testcmd =3D~ s/.* //gi; + $testcmd =3D~ s/[a-z_]//gi; + $testcmd =3D~ s/\[[0-1]\;[0-9]+//gi; + $testcmd =3D~ s/[\(\)\.]//gi; + $testcmd =3D~ s/ //gi; + $testcmd =3D~ s/=1B//gi; + + my @pids =3D split(/\s/,$testcmd); + + # Fetch the memory consumption + my $memory =3D &General::get_memory_consumption(@pids); + + $status =3D "\"state\":1,\"pids\":[" . join(',', @pids) . "]= ,\"memory\":$memory"; + } + return $status; +} diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 138c75635..78e175980 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -10,3 +10,4 @@ Defaults:zabbix !requiretty zabbix ALL=3D(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /= usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log zabbix ALL=3D(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certif= icate_detail.sh +zabbix ALL=3D(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_servic= es.pl diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_a= gentd/userparameter_ipfire.conf index d2d0c8307..cc0bd9f8e 100644 --- a/config/zabbix_agentd/userparameter_ipfire.conf +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -9,4 +9,6 @@ UserParameter=3Dipfire.net.fw.hits.raw,sudo /usr/local/bin/ge= tipstat -xf | grep "/ # Number of currently Active DHCP leases UserParameter=3Dipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp= /dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l # Number of Captive Portal clients -UserParameter=3Dipfire.captive.clients,awk -F ',' 'length($2) =3D=3D 17 {sum= +=3D 1} END {if (length(sum) =3D=3D 0) print 0; else print sum}' /var/ipfire= /captive/clients \ No newline at end of file +UserParameter=3Dipfire.captive.clients,awk -F ',' 'length($2) =3D=3D 17 {sum= +=3D 1} END {if (length(sum) =3D=3D 0) print 0; else print sum}' /var/ipfire= /captive/clients +# Services list and state +UserParameter=3Dipfire.services.get,sudo /var/ipfire/zabbix_agentd/scripts/i= pfire_services.pl \ No newline at end of file diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 06956ad41..3e806c1da 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -117,6 +117,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -mkdir -pv /var/ipfire/zabbix_agentd/scripts install -v -m 755 $(DIR_SRC)/config/zabbix_agentd/ipfire_certificate_detail= .sh \ /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh + install -v -m 755 $(DIR_SRC)/config/zabbix_agentd/ipfire_services.pl \ + /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl =20 # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix --=20 2.46.0 --===============6205927658730344748==--