From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS)
Date: Mon, 12 Apr 2021 11:27:46 +0100 [thread overview]
Message-ID: <856FB294-FFE3-4AF6-9BD4-3CAAEB6C9120@ipfire.org> (raw)
In-Reply-To: <006062ba-1a41-e025-21aa-f12c7f05448f@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 9684 bytes --]
Hello Adolf,
You can use the Reviewed-by: tag to mark a patch as reviewed by you:
https://wiki.ipfire.org/devel/git/tags
-Michael
> On 9 Apr 2021, at 20:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> Hi Robin,
>
> I am not knowledgeable enough about zabbix to make any comment about the conf file changes other than that I could follow your explanations of why they were being done.
>
> The lfs file changes look perfect to me.
>
> A general comment I would make is that when you want to do a v2 version then if you enter
>
> git patch-format -v2 -o ..... then the patches will be created automatically as [PATCH v2 1/3].
>
> Note it is lower case v
>
> Regards,
>
> Adolf
>
> On 07/04/2021 22:44, Robin Roevens wrote:
>> - Update from 4.2.6 to latest LTS version 5.0.10
>> See release notes: https://www.zabbix.com/rn/rn5.0.10
>>
>> Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
>> ---
>> config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++--
>> lfs/zabbix_agentd | 11 ++-
>> 2 files changed, 121 insertions(+), 14 deletions(-)
>>
>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
>> index 21b8e0122..4d6c4c154 100644
>> --- a/config/zabbix_agentd/zabbix_agentd.conf
>> +++ b/config/zabbix_agentd/zabbix_agentd.conf
>> @@ -63,14 +63,33 @@ LogFileSize=0
>> # Default:
>> # SourceIP=
>> -### Option: EnableRemoteCommands
>> -# Whether remote commands from Zabbix server are allowed.
>> -# 0 - not allowed
>> -# 1 - allowed
>> +### Option: AllowKey
>> +# Allow execution of item keys matching pattern.
>> +# Multiple keys matching rules may be defined in combination with DenyKey.
>> +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>> +# Parameters are processed one by one according their appearance order.
>> +# If no AllowKey or DenyKey rules defined, all keys are allowed.
>> +#
>> +# Mandatory: no
>> +
>> +### Option: DenyKey
>> +# Deny execution of items keys matching pattern.
>> +# Multiple keys matching rules may be defined in combination with AllowKey.
>> +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>> +# Parameters are processed one by one according their appearance order.
>> +# If no AllowKey or DenyKey rules defined, all keys are allowed.
>> +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
>> #
>> # Mandatory: no
>> # Default:
>> -# EnableRemoteCommands=0
>> +# DenyKey=system.run[*]
>> +
>> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
>> +# Internal alias for AllowKey/DenyKey parameters depending on value:
>> +# 0 - DenyKey=system.run[*]
>> +# 1 - AllowKey=system.run[*]
>> +#
>> +# Mandatory: no
>> ### Option: LogRemoteCommands
>> # Enable logging of executed shell commands as warnings.
>> @@ -177,6 +196,28 @@ ServerActive=127.0.0.1
>> # Default:
>> # HostMetadataItem=
>> +### Option: HostInterface
>> +# Optional parameter that defines host interface.
>> +# Host interface is used at host auto-registration process.
>> +# An agent will issue an error and not start if the value is over limit of 255 characters.
>> +# If not defined, value will be acquired from HostInterfaceItem.
>> +#
>> +# Mandatory: no
>> +# Range: 0-255 characters
>> +# Default:
>> +# HostInterface=
>> +
>> +### Option: HostInterfaceItem
>> +# Optional parameter that defines an item used for getting host interface.
>> +# Host interface is used at host auto-registration process.
>> +# During an auto-registration request an agent will log a warning message if
>> +# the value returned by specified item is over limit of 255 characters.
>> +# This option is only used when HostInterface is not defined.
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# HostInterfaceItem=
>> +
>> ### Option: RefreshActiveChecks
>> # How often list of active checks is refreshed, in seconds.
>> #
>> @@ -265,7 +306,6 @@ ServerActive=127.0.0.1
>> Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>> -
>> ####### USER-DEFINED MONITORED PARAMETERS #######
>> ### Option: UnsafeUserParameters
>> @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>> #
>> # Mandatory: no
>> # Default:
>> -# LoadModulePath=/usr/lib/modules
>> +# LoadModulePath=${libdir}/modules
>> LoadModulePath=/usr/lib/zabbix
>> @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
>> # TLSCRLFile=
>> ### Option: TLSServerCertIssuer
>> -# Allowed server certificate issuer.
>> +# Allowed server certificate issuer.
>> #
>> # Mandatory: no
>> # Default:
>> # TLSServerCertIssuer=
>> ### Option: TLSServerCertSubject
>> -# Allowed server certificate subject.
>> +# Allowed server certificate subject.
>> #
>> # Mandatory: no
>> # Default:
>> @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix
>> # Mandatory: no
>> # Default:
>> # TLSPSKFile=
>> +
>> +####### For advanced users - TLS ciphersuite selection criteria #######
>> +
>> +### Option: TLSCipherCert13
>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>> +# Override the default ciphersuite selection criteria for certificate-based encryption.
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherCert13=
>> +
>> +### Option: TLSCipherCert
>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>> +# Override the default ciphersuite selection criteria for certificate-based encryption.
>> +# Example for GnuTLS:
>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>> +# Example for OpenSSL:
>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherCert=
>> +
>> +### Option: TLSCipherPSK13
>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>> +# Override the default ciphersuite selection criteria for PSK-based encryption.
>> +# Example:
>> +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherPSK13=
>> +
>> +### Option: TLSCipherPSK
>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>> +# Override the default ciphersuite selection criteria for PSK-based encryption.
>> +# Example for GnuTLS:
>> +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
>> +# Example for OpenSSL:
>> +# kECDHEPSK+AES128:kPSK+AES128
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherPSK=
>> +
>> +### Option: TLSCipherAll13
>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>> +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>> +# Example:
>> +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherAll13=
>> +
>> +### Option: TLSCipherAll
>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>> +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>> +# Example for GnuTLS:
>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>> +# Example for OpenSSL:
>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
>> +#
>> +# Mandatory: no
>> +# Default:
>> +# TLSCipherAll=
>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
>> index c69643a54..2d57b0dbe 100644
>> --- a/lfs/zabbix_agentd
>> +++ b/lfs/zabbix_agentd
>> @@ -1,7 +1,7 @@
>> ###############################################################################
>> # #
>> # IPFire.org - A linux based firewall #
>> -# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
>> +# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
>> # #
>> # This program is free software: you can redistribute it and/or modify #
>> # it under the terms of the GNU General Public License as published by #
>> @@ -24,7 +24,7 @@
>> include Config
>> -VER = 4.2.6
>> +VER = 5.0.10
>> THISAPP = zabbix-$(VER)
>> DL_FILE = $(THISAPP).tar.gz
>> @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
>> DIR_APP = $(DIR_SRC)/$(THISAPP)
>> TARGET = $(DIR_INFO)/$(THISAPP)
>> PROG = zabbix_agentd
>> -PAK_VER = 4
>> +PAK_VER = 5
>> DEPS =
>> ###############################################################################
>> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
>> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>> -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
>> +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212
>> install : $(TARGET)
>> @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>> --prefix=/usr \
>> --enable-agent \
>> --sysconfdir=/etc/zabbix_agentd \
>> - --with-openssl
>> + --with-openssl \
>> + --with-libcurl
>> cd $(DIR_APP) && make
>> cd $(DIR_APP) && make install
next prev parent reply other threads:[~2021-04-12 10:27 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 20:44 [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Robin Roevens
2021-04-07 20:44 ` [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Robin Roevens
2021-04-09 19:25 ` Adolf Belka
2021-04-10 21:05 ` Robin Roevens
2021-04-12 10:27 ` Michael Tremer [this message]
2021-04-12 11:23 ` Adolf Belka
2021-04-12 13:48 ` Michael Tremer
2021-04-12 10:26 ` Michael Tremer
2021-04-07 20:44 ` [PATCH 2/4] [V2] zabbix_agentd: Fix agent modules directory Robin Roevens
2021-04-09 19:36 ` Adolf Belka
2021-04-10 21:13 ` Robin Roevens
2021-04-12 10:26 ` Michael Tremer
2021-04-12 10:50 ` Robin Roevens
2021-04-12 10:52 ` Michael Tremer
2021-04-12 11:38 ` Robin Roevens
2021-04-12 13:45 ` Michael Tremer
2021-04-07 20:44 ` [PATCH 3/4] [V2] zabbix_agentd: Better configfile handling during update Robin Roevens
2021-04-07 20:44 ` [PATCH 4/4] [V2] zabbix_agentd: Add IPFire specific userparameters Robin Roevens
2021-04-12 10:36 ` Michael Tremer
2021-04-12 22:16 ` Robin Roevens
2021-04-15 11:21 ` Michael Tremer
2021-04-15 13:12 ` Robin Roevens
2021-04-15 20:34 ` Robin Roevens
2021-04-19 13:42 ` Michael Tremer
2021-04-19 13:37 ` Michael Tremer
2021-04-19 20:50 ` Robin Roevens
2021-04-12 10:32 ` [PATCH 0/4] [V2] zabbix_agentd: new maintainer/summary Michael Tremer
2021-04-12 21:19 ` Robin Roevens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=856FB294-FFE3-4AF6-9BD4-3CAAEB6C9120@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox