Hi Adolf Thanks for your review. I didn't know about the -v2 parameter. Will use that in the future. The conf file changes in this patch actually only reflect the changes in the upstream source default zabbix_agentd.conf-file which I merged with the customizations previously introduced by Alex. Robin Adolf Belka schreef op vr 09-04-2021 om 21:25 [+0200]: > Hi Robin, > > I am not knowledgeable enough about zabbix to make any comment about > the conf file changes other than that I could follow your > explanations of why they were being done. > > The lfs file changes look perfect to me. > > A general comment I would make is that when you want to do a v2 > version then if you enter > > git patch-format -v2 -o ..... then the patches will be created > automatically as [PATCH v2 1/3]. > > Note it is lower case v > > Regards, > > Adolf > > On 07/04/2021 22:44, Robin Roevens wrote: > > - Update from 4.2.6 to latest LTS version 5.0.10 > >    See release notes: https://www.zabbix.com/rn/rn5.0.10 > > > > Signed-off-by: Robin Roevens > > --- > >   config/zabbix_agentd/zabbix_agentd.conf | 124 > > ++++++++++++++++++++++-- > >   lfs/zabbix_agentd                       |  11 ++- > >   2 files changed, 121 insertions(+), 14 deletions(-) > > > > diff --git a/config/zabbix_agentd/zabbix_agentd.conf > > b/config/zabbix_agentd/zabbix_agentd.conf > > index 21b8e0122..4d6c4c154 100644 > > --- a/config/zabbix_agentd/zabbix_agentd.conf > > +++ b/config/zabbix_agentd/zabbix_agentd.conf > > @@ -63,14 +63,33 @@ LogFileSize=0 > >   # Default: > >   # SourceIP= > >   > > -### Option: EnableRemoteCommands > > -#      Whether remote commands from Zabbix server are allowed. > > -#      0 - not allowed > > -#      1 - allowed > > +### Option: AllowKey > > +#      Allow execution of item keys matching pattern. > > +#      Multiple keys matching rules may be defined in combination > > with DenyKey. > > +#      Key pattern is wildcard expression, which support "*" > > character to match any number of any characters in certain > > position. It might be used in both key name and key arguments. > > +#      Parameters are processed one by one according their > > appearance order. > > +#      If no AllowKey or DenyKey rules defined, all keys are > > allowed. > > +# > > +# Mandatory: no > > + > > +### Option: DenyKey > > +#      Deny execution of items keys matching pattern. > > +#      Multiple keys matching rules may be defined in combination > > with AllowKey. > > +#      Key pattern is wildcard expression, which support "*" > > character to match any number of any characters in certain > > position. It might be used in both key name and key arguments. > > +#      Parameters are processed one by one according their > > appearance order. > > +#      If no AllowKey or DenyKey rules defined, all keys are > > allowed. > > +#       Unless another system.run[*] rule is specified > > DenyKey=system.run[*] is added by default. > >   # > >   # Mandatory: no > >   # Default: > > -# EnableRemoteCommands=0 > > +# DenyKey=system.run[*] > > + > > +### Option: EnableRemoteCommands - Deprecated, use > > AllowKey=system.run[*] or DenyKey=system.run[*] instead > > +#      Internal alias for AllowKey/DenyKey parameters depending on > > value: > > +#      0 - DenyKey=system.run[*] > > +#      1 - AllowKey=system.run[*] > > +# > > +# Mandatory: no > >   > >   ### Option: LogRemoteCommands > >   #     Enable logging of executed shell commands as warnings. > > @@ -177,6 +196,28 @@ ServerActive=127.0.0.1 > >   # Default: > >   # HostMetadataItem= > >   > > +### Option: HostInterface > > +#      Optional parameter that defines host interface. > > +#      Host interface is used at host auto-registration process. > > +#      An agent will issue an error and not start if the value is > > over limit of 255 characters. > > +#      If not defined, value will be acquired from > > HostInterfaceItem. > > +# > > +# Mandatory: no > > +# Range: 0-255 characters > > +# Default: > > +# HostInterface= > > + > > +### Option: HostInterfaceItem > > +#      Optional parameter that defines an item used for getting > > host interface. > > +#      Host interface is used at host auto-registration process. > > +#      During an auto-registration request an agent will log a > > warning message if > > +#      the value returned by specified item is over limit of 255 > > characters. > > +#      This option is only used when HostInterface is not defined. > > +# > > +# Mandatory: no > > +# Default: > > +# HostInterfaceItem= > > + > >   ### Option: RefreshActiveChecks > >   #     How often list of active checks is refreshed, in seconds. > >   # > > @@ -265,7 +306,6 @@ ServerActive=127.0.0.1 > >   > >   Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf > >   > > - > >   ####### USER-DEFINED MONITORED PARAMETERS ####### > >   > >   ### Option: UnsafeUserParameters > > @@ -299,7 +339,7 @@ > > Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf > >   # > >   # Mandatory: no > >   # Default: > > -# LoadModulePath=/usr/lib/modules > > +# LoadModulePath=${libdir}/modules > >   > >   LoadModulePath=/usr/lib/zabbix > >   > > @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix > >   # TLSCRLFile= > >   > >   ### Option: TLSServerCertIssuer > > -#      Allowed server certificate issuer. > > +#              Allowed server certificate issuer. > >   # > >   # Mandatory: no > >   # Default: > >   # TLSServerCertIssuer= > >   > >   ### Option: TLSServerCertSubject > > -#      Allowed server certificate subject. > > +#              Allowed server certificate subject. > >   # > >   # Mandatory: no > >   # Default: > > @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix > >   # Mandatory: no > >   # Default: > >   # TLSPSKFile= > > + > > +####### For advanced users - TLS ciphersuite selection criteria > > ####### > > + > > +### Option: TLSCipherCert13 > > +#      Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. > > +#      Override the default ciphersuite selection criteria for > > certificate-based encryption. > > +# > > +# Mandatory: no > > +# Default: > > +# TLSCipherCert13= > > + > > +### Option: TLSCipherCert > > +#      GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. > > +#      Override the default ciphersuite selection criteria for > > certificate-based encryption. > > +#      Example for GnuTLS: > > +#              NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128- > > GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN- > > ALL:+CTYPE-X.509 > > +#      Example for OpenSSL: > > +#              EECDH+aRSA+AES128:RSA+aRSA+AES128 > > +# > > +# Mandatory: no > > +# Default: > > +# TLSCipherCert= > > + > > +### Option: TLSCipherPSK13 > > +#      Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. > > +#      Override the default ciphersuite selection criteria for > > PSK-based encryption. > > +#      Example: > > +#              TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 > > +# > > +# Mandatory: no > > +# Default: > > +# TLSCipherPSK13= > > + > > +### Option: TLSCipherPSK > > +#      GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. > > +#      Override the default ciphersuite selection criteria for > > PSK-based encryption. > > +#      Example for GnuTLS: > > +#              NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128- > > GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN- > > ALL > > +#      Example for OpenSSL: > > +#              kECDHEPSK+AES128:kPSK+AES128 > > +# > > +# Mandatory: no > > +# Default: > > +# TLSCipherPSK= > > + > > +### Option: TLSCipherAll13 > > +#      Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. > > +#      Override the default ciphersuite selection criteria for > > certificate- and PSK-based encryption. > > +#      Example: > > +#              TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 > > :TLS_AES_128_GCM_SHA256 > > +# > > +# Mandatory: no > > +# Default: > > +# TLSCipherAll13= > > + > > +### Option: TLSCipherAll > > +#      GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. > > +#      Override the default ciphersuite selection criteria for > > certificate- and PSK-based encryption. > > +#      Example for GnuTLS: > > +#              NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE- > > PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE- > > ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 > > +#      Example for OpenSSL: > > +#              EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128: > > kPSK+AES128 > > +# > > +# Mandatory: no > > +# Default: > > +# TLSCipherAll= > > diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd > > index c69643a54..2d57b0dbe 100644 > > --- a/lfs/zabbix_agentd > > +++ b/lfs/zabbix_agentd > > @@ -1,7 +1,7 @@ > >   > > ################################################################### > > ############ > >   > > #                                                                   > >            # > >   # IPFire.org - A linux based > > firewall                                         # > > -# Copyright (C) 2007-2019  IPFire Team  > >                      # > > +# Copyright (C) 2007-2021  IPFire Team  > >                      # > >   > > #                                                                   > >            # > >   # This program is free software: you can redistribute it and/or > > modify        # > >   # it under the terms of the GNU General Public License as > > published by        # > > @@ -24,7 +24,7 @@ > >   > >   include Config > >   > > -VER        = 4.2.6 > > +VER        = 5.0.10 > >   > >   THISAPP    = zabbix-$(VER) > >   DL_FILE    = $(THISAPP).tar.gz > > @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE) > >   DIR_APP    = $(DIR_SRC)/$(THISAPP) > >   TARGET     = $(DIR_INFO)/$(THISAPP) > >   PROG       = zabbix_agentd > > -PAK_VER    = 4 > > +PAK_VER    = 5 > >   DEPS       = > >   > >   > > ################################################################### > > ############ > > @@ -43,7 +43,7 @@ objects = $(DL_FILE) > >   > >   $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > >   > > -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee > > +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212 > >   > >   install : $(TARGET) > >   > > @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > >                 --prefix=/usr \ > >                 --enable-agent \ > >                 --sysconfdir=/etc/zabbix_agentd \ > > -               --with-openssl > > +               --with-openssl \ > > +               --with-libcurl > >   > >         cd $(DIR_APP) && make > >         cd $(DIR_APP) && make install > -- Dit bericht is gescanned op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn.