From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Date: Mon, 12 Apr 2021 11:27:46 +0100 Message-ID: <856FB294-FFE3-4AF6-9BD4-3CAAEB6C9120@ipfire.org> In-Reply-To: <006062ba-1a41-e025-21aa-f12c7f05448f@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5520996775162402970==" List-Id: --===============5520996775162402970== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Adolf, You can use the Reviewed-by: tag to mark a patch as reviewed by you: https://wiki.ipfire.org/devel/git/tags -Michael > On 9 Apr 2021, at 20:25, Adolf Belka wrote: >=20 > Hi Robin, >=20 > I am not knowledgeable enough about zabbix to make any comment about the co= nf file changes other than that I could follow your explanations of why they = were being done. >=20 > The lfs file changes look perfect to me. >=20 > A general comment I would make is that when you want to do a v2 version the= n if you enter >=20 > git patch-format -v2 -o ..... then the patches will be created automaticall= y as [PATCH v2 1/3]. >=20 > Note it is lower case v >=20 > Regards, >=20 > Adolf >=20 > On 07/04/2021 22:44, Robin Roevens wrote: >> - Update from 4.2.6 to latest LTS version 5.0.10 >> See release notes: https://www.zabbix.com/rn/rn5.0.10 >>=20 >> Signed-off-by: Robin Roevens >> --- >> config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++-- >> lfs/zabbix_agentd | 11 ++- >> 2 files changed, 121 insertions(+), 14 deletions(-) >>=20 >> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agent= d/zabbix_agentd.conf >> index 21b8e0122..4d6c4c154 100644 >> --- a/config/zabbix_agentd/zabbix_agentd.conf >> +++ b/config/zabbix_agentd/zabbix_agentd.conf >> @@ -63,14 +63,33 @@ LogFileSize=3D0 >> # Default: >> # SourceIP=3D >> -### Option: EnableRemoteCommands >> -# Whether remote commands from Zabbix server are allowed. >> -# 0 - not allowed >> -# 1 - allowed >> +### Option: AllowKey >> +# Allow execution of item keys matching pattern. >> +# Multiple keys matching rules may be defined in combination with DenyKey. >> +# Key pattern is wildcard expression, which support "*" character to matc= h any number of any characters in certain position. It might be used in both = key name and key arguments. >> +# Parameters are processed one by one according their appearance order. >> +# If no AllowKey or DenyKey rules defined, all keys are allowed. >> +# >> +# Mandatory: no >> + >> +### Option: DenyKey >> +# Deny execution of items keys matching pattern. >> +# Multiple keys matching rules may be defined in combination with AllowKe= y. >> +# Key pattern is wildcard expression, which support "*" character to matc= h any number of any characters in certain position. It might be used in both = key name and key arguments. >> +# Parameters are processed one by one according their appearance order. >> +# If no AllowKey or DenyKey rules defined, all keys are allowed. >> +# Unless another system.run[*] rule is specified DenyKey=3Dsystem.r= un[*] is added by default. >> # >> # Mandatory: no >> # Default: >> -# EnableRemoteCommands=3D0 >> +# DenyKey=3Dsystem.run[*] >> + >> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=3Dsystem.run[= *] or DenyKey=3Dsystem.run[*] instead >> +# Internal alias for AllowKey/DenyKey parameters depending on value: >> +# 0 - DenyKey=3Dsystem.run[*] >> +# 1 - AllowKey=3Dsystem.run[*] >> +# >> +# Mandatory: no >> ### Option: LogRemoteCommands >> # Enable logging of executed shell commands as warnings. >> @@ -177,6 +196,28 @@ ServerActive=3D127.0.0.1 >> # Default: >> # HostMetadataItem=3D >> +### Option: HostInterface >> +# Optional parameter that defines host interface. >> +# Host interface is used at host auto-registration process. >> +# An agent will issue an error and not start if the value is over limit o= f 255 characters. >> +# If not defined, value will be acquired from HostInterfaceItem. >> +# >> +# Mandatory: no >> +# Range: 0-255 characters >> +# Default: >> +# HostInterface=3D >> + >> +### Option: HostInterfaceItem >> +# Optional parameter that defines an item used for getting host interface. >> +# Host interface is used at host auto-registration process. >> +# During an auto-registration request an agent will log a warning message= if >> +# the value returned by specified item is over limit of 255 characters. >> +# This option is only used when HostInterface is not defined. >> +# >> +# Mandatory: no >> +# Default: >> +# HostInterfaceItem=3D >> + >> ### Option: RefreshActiveChecks >> # How often list of active checks is refreshed, in seconds. >> # >> @@ -265,7 +306,6 @@ ServerActive=3D127.0.0.1 >> Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf >> - >> ####### USER-DEFINED MONITORED PARAMETERS ####### >> ### Option: UnsafeUserParameters >> @@ -299,7 +339,7 @@ Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf >> # >> # Mandatory: no >> # Default: >> -# LoadModulePath=3D/usr/lib/modules >> +# LoadModulePath=3D${libdir}/modules >> LoadModulePath=3D/usr/lib/zabbix >> @@ -357,14 +397,14 @@ LoadModulePath=3D/usr/lib/zabbix >> # TLSCRLFile=3D >> ### Option: TLSServerCertIssuer >> -# Allowed server certificate issuer. >> +# Allowed server certificate issuer. >> # >> # Mandatory: no >> # Default: >> # TLSServerCertIssuer=3D >> ### Option: TLSServerCertSubject >> -# Allowed server certificate subject. >> +# Allowed server certificate subject. >> # >> # Mandatory: no >> # Default: >> @@ -397,3 +437,69 @@ LoadModulePath=3D/usr/lib/zabbix >> # Mandatory: no >> # Default: >> # TLSPSKFile=3D >> + >> +####### For advanced users - TLS ciphersuite selection criteria ####### >> + >> +### Option: TLSCipherCert13 >> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >> +# Override the default ciphersuite selection criteria for certificate-bas= ed encryption. >> +# >> +# Mandatory: no >> +# Default: >> +# TLSCipherCert13=3D >> + >> +### Option: TLSCipherCert >> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >> +# Override the default ciphersuite selection criteria for certificate-bas= ed encryption. >> +# Example for GnuTLS: >> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA= 256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 >> +# Example for OpenSSL: >> +# EECDH+aRSA+AES128:RSA+aRSA+AES128 >> +# >> +# Mandatory: no >> +# Default: >> +# TLSCipherCert=3D >> + >> +### Option: TLSCipherPSK13 >> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >> +# Override the default ciphersuite selection criteria for PSK-based encry= ption. >> +# Example: >> +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 >> +# >> +# Mandatory: no >> +# Default: >> +# TLSCipherPSK13=3D >> + >> +### Option: TLSCipherPSK >> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >> +# Override the default ciphersuite selection criteria for PSK-based encry= ption. >> +# Example for GnuTLS: >> +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA= 256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL >> +# Example for OpenSSL: >> +# kECDHEPSK+AES128:kPSK+AES128 >> +# >> +# Mandatory: no >> +# Default: >> +# TLSCipherPSK=3D >> + >> +### Option: TLSCipherAll13 >> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >> +# Override the default ciphersuite selection criteria for certificate- an= d PSK-based encryption. >> +# Example: >> +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SH= A256 >> +# >> +# Mandatory: no >> +# Default: >> +# TLSCipherAll13=3D >> + >> +### Option: TLSCipherAll >> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >> +# Override the default ciphersuite selection criteria for certificate- an= d PSK-based encryption. >> +# Example for GnuTLS: >> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-12= 8-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 >> +# Example for OpenSSL: >> +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 >> +# >> +# Mandatory: no >> +# Default: >> +# TLSCipherAll=3D >> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd >> index c69643a54..2d57b0dbe 100644 >> --- a/lfs/zabbix_agentd >> +++ b/lfs/zabbix_agentd >> @@ -1,7 +1,7 @@ >> #########################################################################= ###### >> # = # >> # IPFire.org - A linux based firewall = # >> -# Copyright (C) 2007-2019 IPFire Team = # >> +# Copyright (C) 2007-2021 IPFire Team = # >> # = # >> # This program is free software: you can redistribute it and/or modify = # >> # it under the terms of the GNU General Public License as published by = # >> @@ -24,7 +24,7 @@ >> include Config >> -VER =3D 4.2.6 >> +VER =3D 5.0.10 >> THISAPP =3D zabbix-$(VER) >> DL_FILE =3D $(THISAPP).tar.gz >> @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) >> DIR_APP =3D $(DIR_SRC)/$(THISAPP) >> TARGET =3D $(DIR_INFO)/$(THISAPP) >> PROG =3D zabbix_agentd >> -PAK_VER =3D 4 >> +PAK_VER =3D 5 >> DEPS =3D >> #######################################################################= ######## >> @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) >> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >> -$(DL_FILE)_MD5 =3D 6cd55cd743d416d9ffbf2e6fdee680ee >> +$(DL_FILE)_MD5 =3D 17403cce60266019f25ff53c72f0e212 >> install : $(TARGET) >> @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> --prefix=3D/usr \ >> --enable-agent \ >> --sysconfdir=3D/etc/zabbix_agentd \ >> - --with-openssl >> + --with-openssl \ >> + --with-libcurl >> cd $(DIR_APP) && make >> cd $(DIR_APP) && make install --===============5520996775162402970==--