From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <development+bounces-718-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgs412k4z34Kt
	for <archive@lists.ipfire.org>; Thu, 17 Jul 2025 18:08:24 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgry69Zwz34Rk
	for <development@lists.ipfire.org>; Thu, 17 Jul 2025 18:08:18 +0000 (UTC)
Received: from layka.disroot.org (layka.disroot.org [178.21.23.139])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrx3pL7z6FM
	for <development@lists.ipfire.org>; Thu, 17 Jul 2025 18:08:17 +0000 (UTC)
Authentication-Results: mail01.ipfire.org;
	dkim=pass header.d=disroot.org header.s=mail header.b=Fb9Pbdbi;
	spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org;
	dmarc=pass (policy=reject) header.from=disroot.org
ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775697; a=rsa-sha256;
	cv=none;
	b=CvMcUFFIphrY709bynmQR+CFugsH8bKeYjP0DNIstWa4PMH++sVEcppryyW44zUlfaIqkq
	kNHhHKC86S3Y6tU3IFPrHSqJo6inb4SZYZr/5q0/C0yjH/1XrXAbDJvPteHs4dzy6hCYly
	Fx0yMpGCSEsMX1Iq+mWmXFcjtVKN05uKrljZe0JZjfPJJF/pGnPrbcJ4Dd0EuaLwqmiL8q
	exqI49YcINBb8VEmPfikjaS7jWMcKFLIsEp3YC9tzvoqH5IYPJrmilG2NmLqyTpOhDYKZ0
	PCtJZuOvbUTNrQDCfeg5IDBkvLe+ozgapfKH8qA3OKZ4I5vUmR3T8a53DCTqVA==
ARC-Authentication-Results: i=1;
	mail01.ipfire.org;
	dkim=pass header.d=disroot.org header.s=mail header.b=Fb9Pbdbi;
	spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org;
	dmarc=pass (policy=reject) header.from=disroot.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org;
	s=202003rsa; t=1752775697;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=SNKCIzr6cb+4NG4Rnp5LHECie9o7/XGZK9PDOIsTNSU=;
	b=Tt32zWVwBNMhlGmUP8JzmcFBig6e221THYW8nHYjGrIYSKZAFtyvnJkwiHkGlp53HgUIQJ
	9Pw47lScWoqNfCxipTW49j4MFeAmwDSvOlX+LS5jhRjYKfHmoYpLzQC5CkZHrV3C8VLBGa
	7frOih8lxZpVZvGlLh5Nywm2vctFOc43CyX0LkJv2lNi1mTt74xXVWbrlKkerxisOnOtuY
	OSSzW1CFvpGQKEv3rBBLkALtkLHGBgbKLf6wU0t+TNR2seOII6xRTYOvLOt8Q/xcwGHwNE
	lrU2ldRGGVjXBsYWmXyhDMhvBoMrnwRQLoONTq5PRVilMNtuY5h7oekzC1QY+g==
Received: from mail01.disroot.lan (localhost [127.0.0.1])
	by disroot.org (Postfix) with ESMTP id 23F462061D
	for <development@lists.ipfire.org>; Thu, 17 Jul 2025 20:08:17 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from layka.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id IgAgrDyRn6_r for <development@lists.ipfire.org>;
 Thu, 17 Jul 2025 20:08:15 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
	t=1752775695; bh=YKro5BQXVO8J1yCjkTkt3QK6a6ESkQxqxw98PPyrZ1M=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=Fb9PbdbipARorP69+SkxYucfHdnit6KGJAngtf2rLdEruHw+8Lyl6emFGaHopWFV1
	 PE5F3PMmL2eG06fk9eugMurAz/pQiSG1MGyCzZ5TPQcHF7K97FZioE1HKNNqUTaQ2f
	 yy5Bm1Y370tkrMqBuegRFe1kWGisYMZAtqt6Vv2G6Elqyc0LfkQ0NJZB1Wrm0vErTG
	 h0P9CYra3Ac1bYDmXOhI6WG9qfScpndoTccPgVI7oUGoBElE7iRenqNCgnxcmomAYT
	 cdwSOmJIDooJ3u17dK7tJvPs2ojNjglB7IfEUMxPIidgEhUSv6qDFywUFq4nccH2Ox
	 B5vTuwPntOSeQ==
Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(no client certificate requested)
	(Authenticated sender)
	by hachiman (MailScanner Milter) with SMTP id 5271739693C;
	Thu, 17 Jul 2025 20:08:12 +0200 (CEST)
From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Cc: Robin Roevens <robin.roevens@disroot.org>
Subject: [PATCH 6/6] zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log
Date: Thu, 17 Jul 2025 19:52:05 +0200
Message-ID: <20250717180805.5754-7-robin.roevens@disroot.org>
In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org>
References: <20250717180805.5754-1-robin.roevens@disroot.org>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-RoevensLambrechts-MailScanner-ID: 5271739693C.AD543
X-RoevensLambrechts-MailScanner: Found to be clean
X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org
X-RoevensLambrechts-MailScanner-Watermark: 1753380493.05576@99HCbqiyjhf4SF0c8UAobQ
X-Spamd-Result: default: False [-5.40 / 11.00];
	BAYES_HAM(-3.00)[99.99%];
	R_DKIM_ALLOW(-1.69)[disroot.org:s=mail];
	MID_CONTAINS_FROM(1.00)[];
	NEURAL_HAM(-0.97)[-0.971];
	DKIM_REPUTATION(-0.97)[-0.96571772715206];
	SPF_REPUTATION_SPAM(0.54)[0.18081922421901];
	DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject];
	R_MISSING_CHARSET(0.50)[];
	R_SPF_ALLOW(-0.20)[+a:c];
	MIME_GOOD(-0.10)[text/plain];
	MX_GOOD(-0.01)[];
	IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)];
	FUZZY_RATELIMITED(0.00)[rspamd.com];
	ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL];
	ARC_NA(0.00)[];
	TO_DN_SOME(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FROM_EQ_ENVFROM(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	RCVD_COUNT_THREE(0.00)[3];
	RCVD_TLS_LAST(0.00)[];
	MISSING_XM_UA(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	DKIM_TRACE(0.00)[disroot.org:+];
	ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1];
	PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org];
	FROM_HAS_DN(0.00)[]
X-Rspamd-Action: no action
X-Rspamd-Server: mail01.haj.ipfire.org
X-Rspamd-Queue-Id: 4bjgrx3pL7z6FM

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/zabbix_agentd/sudoers                 | 2 +-
 config/zabbix_agentd/userparameter_ovpn.conf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 57273a2c8..50a9e69de 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
 #
 Defaults:zabbix !requiretty
 zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump
+zabbix ALL=(ALL) NOPASSWD: /usr/local/bin/openvpnctrl rw log, /usr/local/bin/wireguardctrl dump
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf
index a7a6d8535..d2ce10bb3 100644
--- a/config/zabbix_agentd/userparameter_ovpn.conf
+++ b/config/zabbix_agentd/userparameter_ovpn.conf
@@ -3,7 +3,7 @@
 # Discovery of configured ovpn clients
 UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
 # Get OpenVPN status report
-UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
+UserParameter=ipfire.ovpn.statusreport.get,sudo /usr/local/bin/openvpnctrl rw log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
 # Get OpenVPN client certificate details
 UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem
 UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem
-- 
2.50.1


-- 
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.