From: Robin Roevens <robin.roevens@disroot.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS)
Date: Sat, 10 Apr 2021 23:05:18 +0200 [thread overview]
Message-ID: <6a7b4266175d757efc8f87584a8550fbaed12dbb.camel@disroot.org> (raw)
In-Reply-To: <006062ba-1a41-e025-21aa-f12c7f05448f@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 12011 bytes --]
Hi Adolf
Thanks for your review.
I didn't know about the -v2 parameter. Will use that in the future.
The conf file changes in this patch actually only reflect the changes
in the upstream source default zabbix_agentd.conf-file which I merged
with the customizations previously introduced by Alex.
Robin
Adolf Belka schreef op vr 09-04-2021 om 21:25 [+0200]:
> Hi Robin,
>
> I am not knowledgeable enough about zabbix to make any comment about
> the conf file changes other than that I could follow your
> explanations of why they were being done.
>
> The lfs file changes look perfect to me.
>
> A general comment I would make is that when you want to do a v2
> version then if you enter
>
> git patch-format -v2 -o ..... then the patches will be created
> automatically as [PATCH v2 1/3].
>
> Note it is lower case v
>
> Regards,
>
> Adolf
>
> On 07/04/2021 22:44, Robin Roevens wrote:
> > - Update from 4.2.6 to latest LTS version 5.0.10
> > See release notes: https://www.zabbix.com/rn/rn5.0.10
> >
> > Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
> > ---
> > config/zabbix_agentd/zabbix_agentd.conf | 124
> > ++++++++++++++++++++++--
> > lfs/zabbix_agentd | 11 ++-
> > 2 files changed, 121 insertions(+), 14 deletions(-)
> >
> > diff --git a/config/zabbix_agentd/zabbix_agentd.conf
> > b/config/zabbix_agentd/zabbix_agentd.conf
> > index 21b8e0122..4d6c4c154 100644
> > --- a/config/zabbix_agentd/zabbix_agentd.conf
> > +++ b/config/zabbix_agentd/zabbix_agentd.conf
> > @@ -63,14 +63,33 @@ LogFileSize=0
> > # Default:
> > # SourceIP=
> >
> > -### Option: EnableRemoteCommands
> > -# Whether remote commands from Zabbix server are allowed.
> > -# 0 - not allowed
> > -# 1 - allowed
> > +### Option: AllowKey
> > +# Allow execution of item keys matching pattern.
> > +# Multiple keys matching rules may be defined in combination
> > with DenyKey.
> > +# Key pattern is wildcard expression, which support "*"
> > character to match any number of any characters in certain
> > position. It might be used in both key name and key arguments.
> > +# Parameters are processed one by one according their
> > appearance order.
> > +# If no AllowKey or DenyKey rules defined, all keys are
> > allowed.
> > +#
> > +# Mandatory: no
> > +
> > +### Option: DenyKey
> > +# Deny execution of items keys matching pattern.
> > +# Multiple keys matching rules may be defined in combination
> > with AllowKey.
> > +# Key pattern is wildcard expression, which support "*"
> > character to match any number of any characters in certain
> > position. It might be used in both key name and key arguments.
> > +# Parameters are processed one by one according their
> > appearance order.
> > +# If no AllowKey or DenyKey rules defined, all keys are
> > allowed.
> > +# Unless another system.run[*] rule is specified
> > DenyKey=system.run[*] is added by default.
> > #
> > # Mandatory: no
> > # Default:
> > -# EnableRemoteCommands=0
> > +# DenyKey=system.run[*]
> > +
> > +### Option: EnableRemoteCommands - Deprecated, use
> > AllowKey=system.run[*] or DenyKey=system.run[*] instead
> > +# Internal alias for AllowKey/DenyKey parameters depending on
> > value:
> > +# 0 - DenyKey=system.run[*]
> > +# 1 - AllowKey=system.run[*]
> > +#
> > +# Mandatory: no
> >
> > ### Option: LogRemoteCommands
> > # Enable logging of executed shell commands as warnings.
> > @@ -177,6 +196,28 @@ ServerActive=127.0.0.1
> > # Default:
> > # HostMetadataItem=
> >
> > +### Option: HostInterface
> > +# Optional parameter that defines host interface.
> > +# Host interface is used at host auto-registration process.
> > +# An agent will issue an error and not start if the value is
> > over limit of 255 characters.
> > +# If not defined, value will be acquired from
> > HostInterfaceItem.
> > +#
> > +# Mandatory: no
> > +# Range: 0-255 characters
> > +# Default:
> > +# HostInterface=
> > +
> > +### Option: HostInterfaceItem
> > +# Optional parameter that defines an item used for getting
> > host interface.
> > +# Host interface is used at host auto-registration process.
> > +# During an auto-registration request an agent will log a
> > warning message if
> > +# the value returned by specified item is over limit of 255
> > characters.
> > +# This option is only used when HostInterface is not defined.
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# HostInterfaceItem=
> > +
> > ### Option: RefreshActiveChecks
> > # How often list of active checks is refreshed, in seconds.
> > #
> > @@ -265,7 +306,6 @@ ServerActive=127.0.0.1
> >
> > Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
> >
> > -
> > ####### USER-DEFINED MONITORED PARAMETERS #######
> >
> > ### Option: UnsafeUserParameters
> > @@ -299,7 +339,7 @@
> > Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
> > #
> > # Mandatory: no
> > # Default:
> > -# LoadModulePath=/usr/lib/modules
> > +# LoadModulePath=${libdir}/modules
> >
> > LoadModulePath=/usr/lib/zabbix
> >
> > @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
> > # TLSCRLFile=
> >
> > ### Option: TLSServerCertIssuer
> > -# Allowed server certificate issuer.
> > +# Allowed server certificate issuer.
> > #
> > # Mandatory: no
> > # Default:
> > # TLSServerCertIssuer=
> >
> > ### Option: TLSServerCertSubject
> > -# Allowed server certificate subject.
> > +# Allowed server certificate subject.
> > #
> > # Mandatory: no
> > # Default:
> > @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix
> > # Mandatory: no
> > # Default:
> > # TLSPSKFile=
> > +
> > +####### For advanced users - TLS ciphersuite selection criteria
> > #######
> > +
> > +### Option: TLSCipherCert13
> > +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
> > +# Override the default ciphersuite selection criteria for
> > certificate-based encryption.
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# TLSCipherCert13=
> > +
> > +### Option: TLSCipherCert
> > +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
> > +# Override the default ciphersuite selection criteria for
> > certificate-based encryption.
> > +# Example for GnuTLS:
> > +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-
> > GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-
> > ALL:+CTYPE-X.509
> > +# Example for OpenSSL:
> > +# EECDH+aRSA+AES128:RSA+aRSA+AES128
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# TLSCipherCert=
> > +
> > +### Option: TLSCipherPSK13
> > +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
> > +# Override the default ciphersuite selection criteria for
> > PSK-based encryption.
> > +# Example:
> > +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# TLSCipherPSK13=
> > +
> > +### Option: TLSCipherPSK
> > +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
> > +# Override the default ciphersuite selection criteria for
> > PSK-based encryption.
> > +# Example for GnuTLS:
> > +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-
> > GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-
> > ALL
> > +# Example for OpenSSL:
> > +# kECDHEPSK+AES128:kPSK+AES128
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# TLSCipherPSK=
> > +
> > +### Option: TLSCipherAll13
> > +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
> > +# Override the default ciphersuite selection criteria for
> > certificate- and PSK-based encryption.
> > +# Example:
> > +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
> > :TLS_AES_128_GCM_SHA256
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# TLSCipherAll13=
> > +
> > +### Option: TLSCipherAll
> > +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
> > +# Override the default ciphersuite selection criteria for
> > certificate- and PSK-based encryption.
> > +# Example for GnuTLS:
> > +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-
> > PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-
> > ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
> > +# Example for OpenSSL:
> > +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:
> > kPSK+AES128
> > +#
> > +# Mandatory: no
> > +# Default:
> > +# TLSCipherAll=
> > diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
> > index c69643a54..2d57b0dbe 100644
> > --- a/lfs/zabbix_agentd
> > +++ b/lfs/zabbix_agentd
> > @@ -1,7 +1,7 @@
> >
> > ###################################################################
> > ############
> >
> > #
> > #
> > # IPFire.org - A linux based
> > firewall #
> > -# Copyright (C) 2007-2019 IPFire Team
> > <info(a)ipfire.org> #
> > +# Copyright (C) 2007-2021 IPFire Team
> > <info(a)ipfire.org> #
> >
> > #
> > #
> > # This program is free software: you can redistribute it and/or
> > modify #
> > # it under the terms of the GNU General Public License as
> > published by #
> > @@ -24,7 +24,7 @@
> >
> > include Config
> >
> > -VER = 4.2.6
> > +VER = 5.0.10
> >
> > THISAPP = zabbix-$(VER)
> > DL_FILE = $(THISAPP).tar.gz
> > @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
> > DIR_APP = $(DIR_SRC)/$(THISAPP)
> > TARGET = $(DIR_INFO)/$(THISAPP)
> > PROG = zabbix_agentd
> > -PAK_VER = 4
> > +PAK_VER = 5
> > DEPS =
> >
> >
> > ###################################################################
> > ############
> > @@ -43,7 +43,7 @@ objects = $(DL_FILE)
> >
> > $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> >
> > -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
> > +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212
> >
> > install : $(TARGET)
> >
> > @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > --prefix=/usr \
> > --enable-agent \
> > --sysconfdir=/etc/zabbix_agentd \
> > - --with-openssl
> > + --with-openssl \
> > + --with-libcurl
> >
> > cd $(DIR_APP) && make
> > cd $(DIR_APP) && make install
>
--
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
next prev parent reply other threads:[~2021-04-10 21:05 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 20:44 [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Robin Roevens
2021-04-07 20:44 ` [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Robin Roevens
2021-04-09 19:25 ` Adolf Belka
2021-04-10 21:05 ` Robin Roevens [this message]
2021-04-12 10:27 ` Michael Tremer
2021-04-12 11:23 ` Adolf Belka
2021-04-12 13:48 ` Michael Tremer
2021-04-12 10:26 ` Michael Tremer
2021-04-07 20:44 ` [PATCH 2/4] [V2] zabbix_agentd: Fix agent modules directory Robin Roevens
2021-04-09 19:36 ` Adolf Belka
2021-04-10 21:13 ` Robin Roevens
2021-04-12 10:26 ` Michael Tremer
2021-04-12 10:50 ` Robin Roevens
2021-04-12 10:52 ` Michael Tremer
2021-04-12 11:38 ` Robin Roevens
2021-04-12 13:45 ` Michael Tremer
2021-04-07 20:44 ` [PATCH 3/4] [V2] zabbix_agentd: Better configfile handling during update Robin Roevens
2021-04-07 20:44 ` [PATCH 4/4] [V2] zabbix_agentd: Add IPFire specific userparameters Robin Roevens
2021-04-12 10:36 ` Michael Tremer
2021-04-12 22:16 ` Robin Roevens
2021-04-15 11:21 ` Michael Tremer
2021-04-15 13:12 ` Robin Roevens
2021-04-15 20:34 ` Robin Roevens
2021-04-19 13:42 ` Michael Tremer
2021-04-19 13:37 ` Michael Tremer
2021-04-19 20:50 ` Robin Roevens
2021-04-12 10:32 ` [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Michael Tremer
2021-04-12 21:19 ` Robin Roevens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6a7b4266175d757efc8f87584a8550fbaed12dbb.camel@disroot.org \
--to=robin.roevens@disroot.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox