Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS)

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 11100 bytes --]

Hello,

No, if you have reviewed it you can add the tag. Just anywhere in an email and Patchwork will parse and add credit.

The reason why we are doing the tags is:

* To give credit (because it very often is not only one person who has worked on something, but Git only allows one author field)

* We know what has been reviewed

* And if something is broken, there is a list of people who have been working on this who can be shot… joking… who can be consulted about why something was solved in a certain way, etc.

You can also use Tested-by which is very helpful, too.

Best,
-Michael

> On 12 Apr 2021, at 12:23, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 12/04/2021 12:27, Michael Tremer wrote:
>> Hello Adolf,
>> You can use the Reviewed-by: tag to mark a patch as reviewed by you:
>>   https://wiki.ipfire.org/devel/git/tags
> I wasn't sure if I was OK for me to use the reviewed tag or if it was limited to specific people. I will use it in future now when I do a review of a patch.
> 
> Regards,
> Adolf.
>> -Michael
>>> On 9 Apr 2021, at 20:25, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>> 
>>> Hi Robin,
>>> 
>>> I am not knowledgeable enough about zabbix to make any comment about the conf file changes other than that I could follow your explanations of why they were being done.
>>> 
>>> The lfs file changes look perfect to me.
>>> 
>>> A general comment I would make is that when you want to do a v2 version then if you enter
>>> 
>>> git patch-format -v2 -o ..... then the patches will be created automatically as [PATCH v2 1/3].
>>> 
>>> Note it is lower case v
>>> 
>>> Regards,
>>> 
>>> Adolf
>>> 
>>> On 07/04/2021 22:44, Robin Roevens wrote:
>>>> - Update from 4.2.6 to latest LTS version 5.0.10
>>>>   See release notes: https://www.zabbix.com/rn/rn5.0.10
>>>> 
>>>> Signed-off-by: Robin Roevens <robin.roevens(a)disroot.org>
>>>> ---
>>>>  config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++--
>>>>  lfs/zabbix_agentd                       |  11 ++-
>>>>  2 files changed, 121 insertions(+), 14 deletions(-)
>>>> 
>>>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
>>>> index 21b8e0122..4d6c4c154 100644
>>>> --- a/config/zabbix_agentd/zabbix_agentd.conf
>>>> +++ b/config/zabbix_agentd/zabbix_agentd.conf
>>>> @@ -63,14 +63,33 @@ LogFileSize=0
>>>>  # Default:
>>>>  # SourceIP=
>>>>  -### Option: EnableRemoteCommands
>>>> -#	Whether remote commands from Zabbix server are allowed.
>>>> -#	0 - not allowed
>>>> -#	1 - allowed
>>>> +### Option: AllowKey
>>>> +#	Allow execution of item keys matching pattern.
>>>> +#	Multiple keys matching rules may be defined in combination with DenyKey.
>>>> +#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>>>> +#	Parameters are processed one by one according their appearance order.
>>>> +#	If no AllowKey or DenyKey rules defined, all keys are allowed.
>>>> +#
>>>> +# Mandatory: no
>>>> +
>>>> +### Option: DenyKey
>>>> +#	Deny execution of items keys matching pattern.
>>>> +#	Multiple keys matching rules may be defined in combination with AllowKey.
>>>> +#	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
>>>> +#	Parameters are processed one by one according their appearance order.
>>>> +#	If no AllowKey or DenyKey rules defined, all keys are allowed.
>>>> +#       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
>>>>  #
>>>>  # Mandatory: no
>>>>  # Default:
>>>> -# EnableRemoteCommands=0
>>>> +# DenyKey=system.run[*]
>>>> +
>>>> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead
>>>> +#	Internal alias for AllowKey/DenyKey parameters depending on value:
>>>> +#	0 - DenyKey=system.run[*]
>>>> +#	1 - AllowKey=system.run[*]
>>>> +#
>>>> +# Mandatory: no
>>>>    ### Option: LogRemoteCommands
>>>>  #	Enable logging of executed shell commands as warnings.
>>>> @@ -177,6 +196,28 @@ ServerActive=127.0.0.1
>>>>  # Default:
>>>>  # HostMetadataItem=
>>>>  +### Option: HostInterface
>>>> +#	Optional parameter that defines host interface.
>>>> +#	Host interface is used at host auto-registration process.
>>>> +#	An agent will issue an error and not start if the value is over limit of 255 characters.
>>>> +#	If not defined, value will be acquired from HostInterfaceItem.
>>>> +#
>>>> +# Mandatory: no
>>>> +# Range: 0-255 characters
>>>> +# Default:
>>>> +# HostInterface=
>>>> +
>>>> +### Option: HostInterfaceItem
>>>> +#	Optional parameter that defines an item used for getting host interface.
>>>> +#	Host interface is used at host auto-registration process.
>>>> +#	During an auto-registration request an agent will log a warning message if
>>>> +#	the value returned by specified item is over limit of 255 characters.
>>>> +#	This option is only used when HostInterface is not defined.
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# HostInterfaceItem=
>>>> +
>>>>  ### Option: RefreshActiveChecks
>>>>  #	How often list of active checks is refreshed, in seconds.
>>>>  #
>>>> @@ -265,7 +306,6 @@ ServerActive=127.0.0.1
>>>>    Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>>>>  -
>>>>  ####### USER-DEFINED MONITORED PARAMETERS #######
>>>>    ### Option: UnsafeUserParameters
>>>> @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf
>>>>  #
>>>>  # Mandatory: no
>>>>  # Default:
>>>> -# LoadModulePath=/usr/lib/modules
>>>> +# LoadModulePath=${libdir}/modules
>>>>    LoadModulePath=/usr/lib/zabbix
>>>>  @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix
>>>>  # TLSCRLFile=
>>>>    ### Option: TLSServerCertIssuer
>>>> -#	Allowed server certificate issuer.
>>>> +#		Allowed server certificate issuer.
>>>>  #
>>>>  # Mandatory: no
>>>>  # Default:
>>>>  # TLSServerCertIssuer=
>>>>    ### Option: TLSServerCertSubject
>>>> -#	Allowed server certificate subject.
>>>> +#		Allowed server certificate subject.
>>>>  #
>>>>  # Mandatory: no
>>>>  # Default:
>>>> @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix
>>>>  # Mandatory: no
>>>>  # Default:
>>>>  # TLSPSKFile=
>>>> +
>>>> +####### For advanced users - TLS ciphersuite selection criteria #######
>>>> +
>>>> +### Option: TLSCipherCert13
>>>> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>>>> +#	Override the default ciphersuite selection criteria for certificate-based encryption.
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# TLSCipherCert13=
>>>> +
>>>> +### Option: TLSCipherCert
>>>> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>>>> +#	Override the default ciphersuite selection criteria for certificate-based encryption.
>>>> +#	Example for GnuTLS:
>>>> +#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>>>> +#	Example for OpenSSL:
>>>> +#		EECDH+aRSA+AES128:RSA+aRSA+AES128
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# TLSCipherCert=
>>>> +
>>>> +### Option: TLSCipherPSK13
>>>> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>>>> +#	Override the default ciphersuite selection criteria for PSK-based encryption.
>>>> +#	Example:
>>>> +#		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# TLSCipherPSK13=
>>>> +
>>>> +### Option: TLSCipherPSK
>>>> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>>>> +#	Override the default ciphersuite selection criteria for PSK-based encryption.
>>>> +#	Example for GnuTLS:
>>>> +#		NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
>>>> +#	Example for OpenSSL:
>>>> +#		kECDHEPSK+AES128:kPSK+AES128
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# TLSCipherPSK=
>>>> +
>>>> +### Option: TLSCipherAll13
>>>> +#	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
>>>> +#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>>>> +#	Example:
>>>> +#		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# TLSCipherAll13=
>>>> +
>>>> +### Option: TLSCipherAll
>>>> +#	GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
>>>> +#	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
>>>> +#	Example for GnuTLS:
>>>> +#		NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
>>>> +#	Example for OpenSSL:
>>>> +#		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
>>>> +#
>>>> +# Mandatory: no
>>>> +# Default:
>>>> +# TLSCipherAll=
>>>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
>>>> index c69643a54..2d57b0dbe 100644
>>>> --- a/lfs/zabbix_agentd
>>>> +++ b/lfs/zabbix_agentd
>>>> @@ -1,7 +1,7 @@
>>>>  ###############################################################################
>>>>  #                                                                             #
>>>>  # IPFire.org - A linux based firewall                                         #
>>>> -# Copyright (C) 2007-2019  IPFire Team  <info(a)ipfire.org>                     #
>>>> +# Copyright (C) 2007-2021  IPFire Team  <info(a)ipfire.org>                     #
>>>>  #                                                                             #
>>>>  # This program is free software: you can redistribute it and/or modify        #
>>>>  # it under the terms of the GNU General Public License as published by        #
>>>> @@ -24,7 +24,7 @@
>>>>    include Config
>>>>  -VER        = 4.2.6
>>>> +VER        = 5.0.10
>>>>    THISAPP    = zabbix-$(VER)
>>>>  DL_FILE    = $(THISAPP).tar.gz
>>>> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
>>>>  DIR_APP    = $(DIR_SRC)/$(THISAPP)
>>>>  TARGET     = $(DIR_INFO)/$(THISAPP)
>>>>  PROG       = zabbix_agentd
>>>> -PAK_VER    = 4
>>>> +PAK_VER    = 5
>>>>  DEPS       =
>>>>    ###############################################################################
>>>> @@ -43,7 +43,7 @@ objects = $(DL_FILE)
>>>>    $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>>>>  -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee
>>>> +$(DL_FILE)_MD5 = 17403cce60266019f25ff53c72f0e212
>>>>    install : $(TARGET)
>>>>  @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>>>>  		--prefix=/usr \
>>>>  		--enable-agent \
>>>>  		--sysconfdir=/etc/zabbix_agentd \
>>>> -		--with-openssl
>>>> +		--with-openssl \
>>>> +		--with-libcurl
>>>>    	cd $(DIR_APP) && make
>>>>  	cd $(DIR_APP) && make install