Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS)

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS)
Date: Mon, 12 Apr 2021 11:26:55 +0100	[thread overview]
Message-ID: <5BAC6726-18EC-4026-9E47-BC3C2008FC96@ipfire.org> (raw)
In-Reply-To: <20210407204455.450-2-robin.roevens@disroot.org>

[-- Attachment #1: Type: text/plain, Size: 8967 bytes --]

Hello,

This looks all fine.

-Michael

> On 7 Apr 2021, at 21:44, Robin Roevens <robin.roevens(a)disroot.org> wrote:
> 
> - Update from 4.2.6 to latest LTS version 5.0.10
>  See release notes: https://www.zabbix.com/rn/rn5.0.10
> 
> Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
> ---
> config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++--
> lfs/zabbix_agentd                       |  11 ++-
> 2 files changed, 121 insertions(+), 14 deletions(-)
> 
> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
> index 21b8e0122..4d6c4c154 100644
> --- a/config/zabbix_agentd/zabbix_agentd.conf
> +++ b/config/zabbix_agentd/zabbix_agentd.conf
> @@ -63,14 +63,33 @@ LogFileSize=0
> # Default:
> # SourceIP=
> 
> -### Option: EnableRemoteCommands
> -#	Whether remote commands from Zabbix server are allowed.
> -#	0 - not allowed
> -#	1 - allowed
> +### Option: AllowKey
> +#	Allow execution of item keys matching pattern.
> +#	Multiple keys matching rules may be defined in combination with DenyKey.
> +#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
> +#	Parameters are processed one by one according their appearance order.
> +#	If no AllowKey or DenyKey rules defined, all keys are allowed.
> +#
> +# Mandatory: no
> +
> +### Option: DenyKey
> +#	Deny execution of items keys matching pattern.
> +#	Multiple keys matching rules may be defined in combination with AllowKey.
> +#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
> +#	Parameters are processed one by one according their appearance order.
> +#	If no AllowKey or DenyKey rules defined, all keys are allowed.
> +#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
> #
> # Mandatory: no
> # Default:
> -# EnableRemoteCommands=0
> +# DenyKey=system.run[*]
> +
> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
> +#	Internal alias for AllowKey/DenyKey parameters depending on value:
> +#	0 - DenyKey=system.run[*]
> +#	1 - AllowKey=system.run[*]
> +#
> +# Mandatory: no
> 
> ### Option: LogRemoteCommands
> #	Enable logging of executed shell commands as warnings.
> @@ -177,6 +196,28 @@ ServerActive=127.0.0.1
> # Default:
> # HostMetadataItem=
> 
> +### Option: HostInterface
> +#	Optional parameter that defines host interface.
> +#	Host interface is used at host auto-registration process.
> +#	An agent will issue an error and not start if the value is over limit of 255 characters.
> +#	If not defined, value will be acquired from HostInterfaceItem.
> +#
> +# Mandatory: no
> +# Range: 0-255 characters
> +# Default:
> +# HostInterface=
> +
> +### Option: HostInterfaceItem
> +#	Optional parameter that defines an item used for getting host interface.
> +#	Host interface is used at host auto-registration process.
> +#	During an auto-registration request an agent will log a warning message if
> +#	the value returned by specified item is over limit of 255 characters.
> +#	This option is only used when HostInterface is not defined.
> +#
> +# Mandatory: no
> +# Default:
> +# HostInterfaceItem=
> +
> ### Option: RefreshActiveChecks
> #	How often list of active checks is refreshed, in seconds.
> #
> @@ -265,7 +306,6 @@ ServerActive=127.0.0.1
> 
> Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
> 
> -
> ####### USER-DEFINED MONITORED PARAMETERS #######
> 
> ### Option: UnsafeUserParameters
> @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
> #
> # Mandatory: no
> # Default:
> -# LoadModulePath=/usr/lib/modules
> +# LoadModulePath=${libdir}/modules
> 
> LoadModulePath=/usr/lib/zabbix
> 
> @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
> # TLSCRLFile=
> 
> ### Option: TLSServerCertIssuer
> -#	Allowed server certificate issuer.
> +#		Allowed server certificate issuer.
> #
> # Mandatory: no
> # Default:
> # TLSServerCertIssuer=
> 
> ### Option: TLSServerCertSubject
> -#	Allowed server certificate subject.
> +#		Allowed server certificate subject.
> #
> # Mandatory: no
> # Default:
> @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix
> # Mandatory: no
> # Default:
> # TLSPSKFile=
> +
> +####### For advanced users - TLS ciphersuite selection criteria #######
> +
> +### Option: TLSCipherCert13
> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
> +#	Override the default ciphersuite selection criteria for certificate-based encryption.
> +#
> +# Mandatory: no
> +# Default:
> +# TLSCipherCert13=
> +
> +### Option: TLSCipherCert
> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
> +#	Override the default ciphersuite selection criteria for certificate-based encryption.
> +#	Example for GnuTLS:
> +#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
> +#	Example for OpenSSL:
> +#		EECDH+aRSA+AES128:RSA+aRSA+AES128
> +#
> +# Mandatory: no
> +# Default:
> +# TLSCipherCert=
> +
> +### Option: TLSCipherPSK13
> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
> +#	Override the default ciphersuite selection criteria for PSK-based encryption.
> +#	Example:
> +#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
> +#
> +# Mandatory: no
> +# Default:
> +# TLSCipherPSK13=
> +
> +### Option: TLSCipherPSK
> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
> +#	Override the default ciphersuite selection criteria for PSK-based encryption.
> +#	Example for GnuTLS:
> +#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
> +#	Example for OpenSSL:
> +#		kECDHEPSK+AES128:kPSK+AES128
> +#
> +# Mandatory: no
> +# Default:
> +# TLSCipherPSK=
> +
> +### Option: TLSCipherAll13
> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
> +#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
> +#	Example:
> +#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
> +#
> +# Mandatory: no
> +# Default:
> +# TLSCipherAll13=
> +
> +### Option: TLSCipherAll
> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
> +#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
> +#	Example for GnuTLS:
> +#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
> +#	Example for OpenSSL:
> +#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
> +#
> +# Mandatory: no
> +# Default:
> +# TLSCipherAll=
> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
> index c69643a54..2d57b0dbe 100644
> --- a/lfs/zabbix_agentd
> +++ b/lfs/zabbix_agentd
> @@ -1,7 +1,7 @@
> ###############################################################################
> #                                                                             #
> # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2019  IPFire Team  <info(a)ipfire.org>                     #
> +# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 4.2.6
> +VER        = 5.0.10
> 
> THISAPP    = zabbix-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = zabbix_agentd
> -PAK_VER    = 4
> +PAK_VER    = 5
> DEPS       =
> 
> ###############################################################################
> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
> +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212
> 
> install : $(TARGET)
> 
> @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> 		--prefix=/usr \
> 		--enable-agent \
> 		--sysconfdir=/etc/zabbix_agentd \
> -		--with-openssl
> +		--with-openssl \
> +		--with-libcurl
> 
> 	cd $(DIR_APP) && make
> 	cd $(DIR_APP) && make install
> -- 
> 2.30.2
> 
> 
> -- 
> Dit bericht is gescanned op virussen en andere gevaarlijke
> inhoud door MailScanner en lijkt schoon te zijn.
>

next prev parent reply	other threads:[~2021-04-12 10:26 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-07 20:44 [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Robin Roevens
2021-04-07 20:44 ` [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Robin Roevens
2021-04-09 19:25   ` Adolf Belka
2021-04-10 21:05     ` Robin Roevens
2021-04-12 10:27     ` Michael Tremer
2021-04-12 11:23       ` Adolf Belka
2021-04-12 13:48         ` Michael Tremer
2021-04-12 10:26   ` Michael Tremer [this message]
2021-04-07 20:44 ` [PATCH 2/4] [V2] zabbix_agentd: Fix agent modules directory Robin Roevens
2021-04-09 19:36   ` Adolf Belka
2021-04-10 21:13     ` Robin Roevens
2021-04-12 10:26       ` Michael Tremer
2021-04-12 10:50         ` Robin Roevens
2021-04-12 10:52           ` Michael Tremer
2021-04-12 11:38             ` Robin Roevens
2021-04-12 13:45               ` Michael Tremer
2021-04-07 20:44 ` [PATCH 3/4] [V2] zabbix_agentd: Better configfile handling during update Robin Roevens
2021-04-07 20:44 ` [PATCH 4/4] [V2] zabbix_agentd: Add IPFire specific userparameters Robin Roevens
2021-04-12 10:36   ` Michael Tremer
2021-04-12 22:16     ` Robin Roevens
2021-04-15 11:21       ` Michael Tremer
2021-04-15 13:12         ` Robin Roevens
2021-04-15 20:34           ` Robin Roevens
2021-04-19 13:42             ` Michael Tremer
2021-04-19 13:37           ` Michael Tremer
2021-04-19 20:50             ` Robin Roevens
2021-04-12 10:32 ` [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Michael Tremer
2021-04-12 21:19   ` Robin Roevens

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5BAC6726-18EC-4026-9E47-BC3C2008FC96@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox