From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH 1/4] [V2] zabbix_agentd: Update to v5.0.10 (LTS) Date: Mon, 12 Apr 2021 14:48:39 +0100 Message-ID: In-Reply-To: <1beb8e64-838b-b31b-03e2-dcfc024f2e28@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7992710298001544641==" List-Id: --===============7992710298001544641== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, No, if you have reviewed it you can add the tag. Just anywhere in an email an= d Patchwork will parse and add credit. The reason why we are doing the tags is: * To give credit (because it very often is not only one person who has worked= on something, but Git only allows one author field) * We know what has been reviewed * And if something is broken, there is a list of people who have been working= on this who can be shot=E2=80=A6 joking=E2=80=A6 who can be consulted about = why something was solved in a certain way, etc. You can also use Tested-by which is very helpful, too. Best, -Michael > On 12 Apr 2021, at 12:23, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 12/04/2021 12:27, Michael Tremer wrote: >> Hello Adolf, >> You can use the Reviewed-by: tag to mark a patch as reviewed by you: >> https://wiki.ipfire.org/devel/git/tags > I wasn't sure if I was OK for me to use the reviewed tag or if it was limit= ed to specific people. I will use it in future now when I do a review of a pa= tch. >=20 > Regards, > Adolf. >> -Michael >>> On 9 Apr 2021, at 20:25, Adolf Belka wrote: >>>=20 >>> Hi Robin, >>>=20 >>> I am not knowledgeable enough about zabbix to make any comment about the = conf file changes other than that I could follow your explanations of why the= y were being done. >>>=20 >>> The lfs file changes look perfect to me. >>>=20 >>> A general comment I would make is that when you want to do a v2 version t= hen if you enter >>>=20 >>> git patch-format -v2 -o ..... then the patches will be created automatica= lly as [PATCH v2 1/3]. >>>=20 >>> Note it is lower case v >>>=20 >>> Regards, >>>=20 >>> Adolf >>>=20 >>> On 07/04/2021 22:44, Robin Roevens wrote: >>>> - Update from 4.2.6 to latest LTS version 5.0.10 >>>> See release notes: https://www.zabbix.com/rn/rn5.0.10 >>>>=20 >>>> Signed-off-by: Robin Roevens >>>> --- >>>> config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++-- >>>> lfs/zabbix_agentd | 11 ++- >>>> 2 files changed, 121 insertions(+), 14 deletions(-) >>>>=20 >>>> diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_age= ntd/zabbix_agentd.conf >>>> index 21b8e0122..4d6c4c154 100644 >>>> --- a/config/zabbix_agentd/zabbix_agentd.conf >>>> +++ b/config/zabbix_agentd/zabbix_agentd.conf >>>> @@ -63,14 +63,33 @@ LogFileSize=3D0 >>>> # Default: >>>> # SourceIP=3D >>>> -### Option: EnableRemoteCommands >>>> -# Whether remote commands from Zabbix server are allowed. >>>> -# 0 - not allowed >>>> -# 1 - allowed >>>> +### Option: AllowKey >>>> +# Allow execution of item keys matching pattern. >>>> +# Multiple keys matching rules may be defined in combination with DenyK= ey. >>>> +# Key pattern is wildcard expression, which support "*" character to ma= tch any number of any characters in certain position. It might be used in bot= h key name and key arguments. >>>> +# Parameters are processed one by one according their appearance order. >>>> +# If no AllowKey or DenyKey rules defined, all keys are allowed. >>>> +# >>>> +# Mandatory: no >>>> + >>>> +### Option: DenyKey >>>> +# Deny execution of items keys matching pattern. >>>> +# Multiple keys matching rules may be defined in combination with Allow= Key. >>>> +# Key pattern is wildcard expression, which support "*" character to ma= tch any number of any characters in certain position. It might be used in bot= h key name and key arguments. >>>> +# Parameters are processed one by one according their appearance order. >>>> +# If no AllowKey or DenyKey rules defined, all keys are allowed. >>>> +# Unless another system.run[*] rule is specified DenyKey=3Dsystem= .run[*] is added by default. >>>> # >>>> # Mandatory: no >>>> # Default: >>>> -# EnableRemoteCommands=3D0 >>>> +# DenyKey=3Dsystem.run[*] >>>> + >>>> +### Option: EnableRemoteCommands - Deprecated, use AllowKey=3Dsystem.ru= n[*] or DenyKey=3Dsystem.run[*] instead >>>> +# Internal alias for AllowKey/DenyKey parameters depending on value: >>>> +# 0 - DenyKey=3Dsystem.run[*] >>>> +# 1 - AllowKey=3Dsystem.run[*] >>>> +# >>>> +# Mandatory: no >>>> ### Option: LogRemoteCommands >>>> # Enable logging of executed shell commands as warnings. >>>> @@ -177,6 +196,28 @@ ServerActive=3D127.0.0.1 >>>> # Default: >>>> # HostMetadataItem=3D >>>> +### Option: HostInterface >>>> +# Optional parameter that defines host interface. >>>> +# Host interface is used at host auto-registration process. >>>> +# An agent will issue an error and not start if the value is over limit= of 255 characters. >>>> +# If not defined, value will be acquired from HostInterfaceItem. >>>> +# >>>> +# Mandatory: no >>>> +# Range: 0-255 characters >>>> +# Default: >>>> +# HostInterface=3D >>>> + >>>> +### Option: HostInterfaceItem >>>> +# Optional parameter that defines an item used for getting host interfa= ce. >>>> +# Host interface is used at host auto-registration process. >>>> +# During an auto-registration request an agent will log a warning messa= ge if >>>> +# the value returned by specified item is over limit of 255 characters. >>>> +# This option is only used when HostInterface is not defined. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# HostInterfaceItem=3D >>>> + >>>> ### Option: RefreshActiveChecks >>>> # How often list of active checks is refreshed, in seconds. >>>> # >>>> @@ -265,7 +306,6 @@ ServerActive=3D127.0.0.1 >>>> Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf >>>> - >>>> ####### USER-DEFINED MONITORED PARAMETERS ####### >>>> ### Option: UnsafeUserParameters >>>> @@ -299,7 +339,7 @@ Include=3D/etc/zabbix_agentd/zabbix_agentd.d/*.conf >>>> # >>>> # Mandatory: no >>>> # Default: >>>> -# LoadModulePath=3D/usr/lib/modules >>>> +# LoadModulePath=3D${libdir}/modules >>>> LoadModulePath=3D/usr/lib/zabbix >>>> @@ -357,14 +397,14 @@ LoadModulePath=3D/usr/lib/zabbix >>>> # TLSCRLFile=3D >>>> ### Option: TLSServerCertIssuer >>>> -# Allowed server certificate issuer. >>>> +# Allowed server certificate issuer. >>>> # >>>> # Mandatory: no >>>> # Default: >>>> # TLSServerCertIssuer=3D >>>> ### Option: TLSServerCertSubject >>>> -# Allowed server certificate subject. >>>> +# Allowed server certificate subject. >>>> # >>>> # Mandatory: no >>>> # Default: >>>> @@ -397,3 +437,69 @@ LoadModulePath=3D/usr/lib/zabbix >>>> # Mandatory: no >>>> # Default: >>>> # TLSPSKFile=3D >>>> + >>>> +####### For advanced users - TLS ciphersuite selection criteria ####### >>>> + >>>> +### Option: TLSCipherCert13 >>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >>>> +# Override the default ciphersuite selection criteria for certificate-b= ased encryption. >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherCert13=3D >>>> + >>>> +### Option: TLSCipherCert >>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >>>> +# Override the default ciphersuite selection criteria for certificate-b= ased encryption. >>>> +# Example for GnuTLS: >>>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+S= HA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 >>>> +# Example for OpenSSL: >>>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherCert=3D >>>> + >>>> +### Option: TLSCipherPSK13 >>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >>>> +# Override the default ciphersuite selection criteria for PSK-based enc= ryption. >>>> +# Example: >>>> +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherPSK13=3D >>>> + >>>> +### Option: TLSCipherPSK >>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >>>> +# Override the default ciphersuite selection criteria for PSK-based enc= ryption. >>>> +# Example for GnuTLS: >>>> +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+S= HA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL >>>> +# Example for OpenSSL: >>>> +# kECDHEPSK+AES128:kPSK+AES128 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherPSK=3D >>>> + >>>> +### Option: TLSCipherAll13 >>>> +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. >>>> +# Override the default ciphersuite selection criteria for certificate- = and PSK-based encryption. >>>> +# Example: >>>> +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_= SHA256 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherAll13=3D >>>> + >>>> +### Option: TLSCipherAll >>>> +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. >>>> +# Override the default ciphersuite selection criteria for certificate- = and PSK-based encryption. >>>> +# Example for GnuTLS: >>>> +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-= 128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 >>>> +# Example for OpenSSL: >>>> +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 >>>> +# >>>> +# Mandatory: no >>>> +# Default: >>>> +# TLSCipherAll=3D >>>> diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd >>>> index c69643a54..2d57b0dbe 100644 >>>> --- a/lfs/zabbix_agentd >>>> +++ b/lfs/zabbix_agentd >>>> @@ -1,7 +1,7 @@ >>>> #######################################################################= ######## >>>> # = # >>>> # IPFire.org - A linux based firewall = # >>>> -# Copyright (C) 2007-2019 IPFire Team = # >>>> +# Copyright (C) 2007-2021 IPFire Team = # >>>> # = # >>>> # This program is free software: you can redistribute it and/or modify = # >>>> # it under the terms of the GNU General Public License as published by = # >>>> @@ -24,7 +24,7 @@ >>>> include Config >>>> -VER =3D 4.2.6 >>>> +VER =3D 5.0.10 >>>> THISAPP =3D zabbix-$(VER) >>>> DL_FILE =3D $(THISAPP).tar.gz >>>> @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) >>>> DIR_APP =3D $(DIR_SRC)/$(THISAPP) >>>> TARGET =3D $(DIR_INFO)/$(THISAPP) >>>> PROG =3D zabbix_agentd >>>> -PAK_VER =3D 4 >>>> +PAK_VER =3D 5 >>>> DEPS =3D >>>> #####################################################################= ########## >>>> @@ -43,7 +43,7 @@ objects =3D $(DL_FILE) >>>> $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >>>> -$(DL_FILE)_MD5 =3D 6cd55cd743d416d9ffbf2e6fdee680ee >>>> +$(DL_FILE)_MD5 =3D 17403cce60266019f25ff53c72f0e212 >>>> install : $(TARGET) >>>> @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>>> --prefix=3D/usr \ >>>> --enable-agent \ >>>> --sysconfdir=3D/etc/zabbix_agentd \ >>>> - --with-openssl >>>> + --with-openssl \ >>>> + --with-libcurl >>>> cd $(DIR_APP) && make >>>> cd $(DIR_APP) && make install --===============7992710298001544641==--