This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 284efdbfb1e9ba9aeba17eb327cdd3f97ba0d1e5 (commit) via 72696db892c8dcc8533f7b1813316592111cb46a (commit) via 6395bed8a4d621e2ed5b4e1417934c34ddc9a9a3 (commit) via f704d76e089604e94045b7ea83f2315dbddf52ca (commit) via 50fdf0ee9c4a212a7c446dc47ca94af0193c2612 (commit) via 1898c66a4826b46056e598d04911e537b1e41f86 (commit) via 092330b128e39a548f37a9bd38b809fc3be62adb (commit) via e2d54d57d49439e8e4227bf09e38301b3e4a63b4 (commit) via 1d00837e7ec11cc8fd88f9bb0cbbfc152012b793 (commit) via 9497d862baa8c3ea632147527fe5af6efa28a387 (commit) via 8ac8abb2695f0a780d078ed4f21412fc0113e29d (commit) from 801143615a8c8e68adad8cd6e9ffa4a07b7ae0b0 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 284efdbfb1e9ba9aeba17eb327cdd3f97ba0d1e5 Author: Peter Müller peter.mueller@ipfire.org Date: Wed Jul 6 10:03:16 2022 +0000
Core Update 170: Ship files affected by "aliases" changes
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 72696db892c8dcc8533f7b1813316592111cb46a Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 29 18:27:24 2022 +0000
aliases: Don't call arpping to announce new IP addresses
I am not sure what the rationale is here, but we should probably not do this. Other hosts on the network will be able to update their ARP caches properly.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit 6395bed8a4d621e2ed5b4e1417934c34ddc9a9a3 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Jun 29 18:27:23 2022 +0000
aliases: Add support to assign aliases to multiple RED interfaces
This is a little patch which will extend the aliases page to offer an interface selection if there are more than one RED interfaces.
This is a little hack to make configuration easier for users who have manually set up more than one RED interface (e.g. for load balancing or fail-over) and want to use the UI to configure firewall rules.
As a little benefit on the side, I had to rewrite setaliases.c to use ip(8) instead of ifconfig(8).
Signed-off-by: Michael Tremer michael.tremer@ipfire.org Acked-by: Peter Müller peter.mueller@ipfire.org
commit f704d76e089604e94045b7ea83f2315dbddf52ca Author: Peter Müller peter.mueller@ipfire.org Date: Wed Jul 6 10:00:57 2022 +0000
dnsdist: Bump package version
https://lists.ipfire.org/pipermail/development/2022-July/013794.html
Signed-off-by: Peter Müller peter.mueller@ipfire.org
commit 50fdf0ee9c4a212a7c446dc47ca94af0193c2612 Author: Robin Roevens robin.roevens@disroot.org Date: Thu Jun 30 12:15:55 2022 +0200
zabbix_agentd: Add IPFire specific userparameters
Provide IPFire specific items for the Zabbix server to monitor: - ipfire.net.gateway.pingtime: Internet Line Quality - ipfire.net.gateway.ping: Internet connection - ipfire.net.fw.hits.raw: JSON formatted list of Firewall hits/chain - ipfire.dhcpd.clients: Number of active DHCP leases - ipfire.captive.clients: Number of Captive Portal clients
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 1898c66a4826b46056e598d04911e537b1e41f86 Author: Robin Roevens robin.roevens@disroot.org Date: Thu Jun 30 12:15:54 2022 +0200
zabbix_agentd: By default only listen on GREEN ip
- Change zabbix_agentd.conf during install to only listen on the GREEN ip by default.
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 092330b128e39a548f37a9bd38b809fc3be62adb Author: Robin Roevens robin.roevens@disroot.org Date: Thu Jun 30 12:15:53 2022 +0200
zabbix_agentd: Sudoers file reorganization
- Remove sudoers file 'zabbix' in favour of new IPFire managed 'zabbix_agentd' and user managed 'zabbix_agentd_user' which is included in the backup - Provide migration of old sudoers file 'zabbix' or 'zabbix.user' to new zabbix_agentd_user sudoers file if it was modified by user.
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit e2d54d57d49439e8e4227bf09e38301b3e4a63b4 Author: Robin Roevens robin.roevens@disroot.org Date: Thu Jun 30 12:15:52 2022 +0200
zabbix_agentd: Configfile reorganization
- Restrict default main config to only the bare minimum options and add upstream provided config as example file. - Remove /etc/zabbix_agentd from backup and instead add only zabbix_agentd.conf and subdirs 'scripts' and 'zabbix_agentd.d' to the backup. - Move ipfire managed userparameter_pakfire.conf from user managed dir /etc/zabbix_agentd/zabbix_agent.d to ipfire managed dir /var/ipfire/zabbix_agentd/userparameters - Add Include line to existing zabbix_agentd.conf to include the new ipfire managed config dir /var/ipfire/zabbix_agentd/... - Add and include mandatory IPFire specific agent configuration which should never be changed by the user.
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 1d00837e7ec11cc8fd88f9bb0cbbfc152012b793 Author: Robin Roevens robin.roevens@disroot.org Date: Thu Jun 30 12:15:51 2022 +0200
zabbix_agentd: Fix agent modules dir and few minor bugs
- Add agent modules-dir to backup - Remove original, not used agent modules dir from rootfile - Create modules-dir during install if it not already exists - bugfix: Add existence check before creating log-dir, avoiding error messages if it already exists from a previous install - bugfix: add extract_backup_includes to update.sh script to make sure backup includes exist when backup is taken.
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 9497d862baa8c3ea632147527fe5af6efa28a387 Author: Robin Roevens robin.roevens@disroot.org Date: Thu Jun 30 12:15:50 2022 +0200
zabbix_agentd: Update to v6.0.6 (LTS)
- Update from 4.2.6 to latest LTS version 6.0.6 See release notes: https://www.zabbix.com/rn/rn6.0.6
Signed-off-by: Robin Roevens robin.roevens@disroot.org
commit 8ac8abb2695f0a780d078ed4f21412fc0113e29d Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 30 13:21:15 2022 +0000
stripper: Strip any PIE executables
Fixes: #12894 Signed-off-by: Michael Tremer michael.tremer@ipfire.org Reviewed-by: Peter Müller peter.mueller@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/backup/includes/zabbix_agentd | 7 +- config/cfgroot/network-functions.pl | 20 + config/rootfiles/core/170/filelists/files | 3 + config/rootfiles/packages/zabbix_agentd | 12 +- config/zabbix_agentd/sudoers | 16 +- config/zabbix_agentd/{sudoers => sudoers_user} | 7 +- config/zabbix_agentd/userparameter_ipfire.conf | 12 + config/zabbix_agentd/zabbix_agentd.conf | 406 +-------------------- .../zabbix_agentd_ipfire_mandatory.conf | 11 + html/cgi-bin/aliases.cgi | 63 +++- langs/en/cgi-bin/en.pl | 1 + lfs/dnsdist | 4 +- lfs/zabbix_agentd | 31 +- src/misc-progs/setaliases.c | 39 +- src/paks/zabbix_agentd/install.sh | 48 ++- src/paks/zabbix_agentd/update.sh | 23 +- src/stripper | 4 + 17 files changed, 256 insertions(+), 451 deletions(-) copy config/zabbix_agentd/{sudoers => sudoers_user} (80%) create mode 100644 config/zabbix_agentd/userparameter_ipfire.conf create mode 100644 config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf
Difference in files: diff --git a/config/backup/includes/zabbix_agentd b/config/backup/includes/zabbix_agentd index cba18d772..834766992 100644 --- a/config/backup/includes/zabbix_agentd +++ b/config/backup/includes/zabbix_agentd @@ -1,2 +1,5 @@ -/etc/sudoers.d/zabbix -/etc/zabbix_agentd/* +/etc/sudoers.d/zabbix_agentd_user +/etc/zabbix_agentd/zabbix_agentd.conf +/etc/zabbix_agentd/scripts/ +/etc/zabbix_agentd/zabbix_agentd.d/ +/usr/lib/zabbix/ \ No newline at end of file diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index d50322823..4ac6d8670 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -332,6 +332,26 @@ sub setup_upstream_proxy() { } }
+sub get_red_interfaces() { + my $default = &General::get_red_interface(); + + my @intfs = ( + $default, + ); + + opendir(INTERFACES, "/sys/class/net"); + + while (my $intf = readdir(INTERFACES)) { + if ($intf =~ m/^red[0-9]+$/) { + push(@intfs, $intf); + } + } + + closedir(INTERFACES); + + return &General::uniq(@intfs); +} + sub list_wireless_interfaces() { my %interfaces = ();
diff --git a/config/rootfiles/core/170/filelists/files b/config/rootfiles/core/170/filelists/files index e71417ae0..a27d8561b 100644 --- a/config/rootfiles/core/170/filelists/files +++ b/config/rootfiles/core/170/filelists/files @@ -1 +1,4 @@ opt/pakfire/lib/functions.pl +srv/web/ipfire/cgi-bin/aliases.cgi +usr/local/bin/setaliases +var/ipfire/network-functions.pl diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 4420bda05..6f2c831d7 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -1,18 +1,24 @@ etc/logrotate.d/zabbix_agentd etc/rc.d/init.d/zabbix_agentd -etc/sudoers.d/zabbix +etc/sudoers.d/zabbix_agentd +etc/sudoers.d/zabbix_agentd_user etc/zabbix_agentd etc/zabbix_agentd/scripts etc/zabbix_agentd/zabbix_agentd.conf +etc/zabbix_agentd/zabbix_agentd.conf.example etc/zabbix_agentd/zabbix_agentd.d -etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf usr/bin/zabbix_get usr/bin/zabbix_sender -usr/lib/modules +#usr/lib/modules usr/lib/zabbix usr/sbin/zabbix_agentd #usr/share/man/man1/zabbix_get.1 #usr/share/man/man1/zabbix_sender.1 #usr/share/man/man8/zabbix_agentd.8 var/ipfire/backup/addons/includes/zabbix_agentd +var/ipfire/zabbix_agentd +var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf +var/ipfire/zabbix_agentd/userparameters +var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf #var/log/zabbix diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 1b362a4fd..2d71ae78f 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -1,17 +1,11 @@ # Include file for sudoers file # -# This is needed for some userparameters to be able to execute commands that only run as root (using sudo) -# e.g. /usr/bin/openssl or /usr/sbin/smartctl +# This is needed for some IPFire specific userparameters to be able to execute commands that only run as root (using sudo) # -# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH! +# DO NOT CHANGE THIS FILE. This file is managed by IPFire, will be overwritten on next addon upgrade and is not +# included in the backup. # -# Some hints: -# - It is strongly recommended to edit this file only using the visudo -f <filename> command. If you mess up this file, -# you might end up locking yourself out of your system! -# - Append the full path incl. parameters to each command, using "," as separator. -# - Only add commands you really need. Zabbix should not have more rights than it has to. -# -# Append / edit the following list of commands to fit your needs: +# To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat diff --git a/config/zabbix_agentd/sudoers_user b/config/zabbix_agentd/sudoers_user new file mode 100644 index 000000000..61cbc417b --- /dev/null +++ b/config/zabbix_agentd/sudoers_user @@ -0,0 +1,16 @@ +# Include file for sudoers file +# +# This is needed for some userparameters to be able to execute commands that only run as root (using sudo) +# e.g. /usr/bin/openssl or /usr/sbin/smartctl +# +# USE AT YOU'RE OWN RISK. USING THIS WRONG CAN RESULT IN A SECURITY BREACH! +# +# Some hints: +# - It is strongly recommended to edit this file only using the visudo -f <filename> command. If you mess up this file, +# you might end up locking yourself out of your system! +# - Append the full path incl. parameters to each command, using "," as separator. +# - Only add commands you really need. Zabbix should not have more rights than it has to. +# +# Uncomment the following line and edit the example of commands to fit your needs: + +#zabbix ALL=(ALL) NOPASSWD: <custom command 1>, <custom command 2>, ... diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf new file mode 100644 index 000000000..10c09c25d --- /dev/null +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -0,0 +1,12 @@ +# Parameters for monitoring IPFire specific metrics +# +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" +UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +# Internet Gateway availability, can be used to check Internet connection +UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? ]; echo $? +# Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain +UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/* DROP_.* */$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{"chain": "%s", "bytes": "%s"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' +# Number of currently Active DHCP leases +UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l +# Number of Captive Portal clients +UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients \ No newline at end of file diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf index 21b8e0122..4480e43f2 100644 --- a/config/zabbix_agentd/zabbix_agentd.conf +++ b/config/zabbix_agentd/zabbix_agentd.conf @@ -1,399 +1,27 @@ # This is a configuration file for Zabbix agent daemon (Unix) # To get more information about Zabbix, visit http://www.zabbix.com - -############ GENERAL PARAMETERS ################# - -### Option: PidFile -# Name of PID file. -# -# Mandatory: no -# Default: -# PidFile=/tmp/zabbix_agentd.pid - -PidFile=/var/run/zabbix/zabbix_agentd.pid - -### Option: LogType -# Specifies where log messages are written to: -# system - syslog -# file - file specified with LogFile parameter -# console - standard output -# -# Mandatory: no -# Default: -# LogType=file - -### Option: LogFile -# Log file name for LogType 'file' parameter. -# -# Mandatory: yes, if LogType is set to file, otherwise no -# Default: -# LogFile= - -LogFile=/var/log/zabbix/zabbix_agentd.log - -### Option: LogFileSize -# Maximum size of log file in MB. -# 0 - disable automatic log rotation. # -# Mandatory: no -# Range: 0-1024 -# Default: -# LogFileSize=1 - -LogFileSize=0 +# For possible configuration options, +# see /etc/zabbix_agentd/zabbix_agentd.conf.example
-### Option: DebugLevel -# Specifies debug level: -# 0 - basic information about starting and stopping of Zabbix processes -# 1 - critical information -# 2 - error information -# 3 - warnings -# 4 - for debugging (produces lots of information) -# 5 - extended debugging (produces even more information) -# -# Mandatory: no -# Range: 0-5 -# Default: -# DebugLevel=3 - -### Option: SourceIP -# Source IP address for outgoing connections. -# -# Mandatory: no -# Default: -# SourceIP= - -### Option: EnableRemoteCommands -# Whether remote commands from Zabbix server are allowed. -# 0 - not allowed -# 1 - allowed -# -# Mandatory: no -# Default: -# EnableRemoteCommands=0 - -### Option: LogRemoteCommands -# Enable logging of executed shell commands as warnings. -# 0 - disabled -# 1 - enabled -# -# Mandatory: no -# Default: -# LogRemoteCommands=0 - -##### Passive checks related - -### Option: Server -# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies. -# Incoming connections will be accepted only from the hosts listed here. -# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally -# and '::/0' will allow any IPv4 or IPv6 address. -# '0.0.0.0/0' can be used to allow any IPv4 address. -# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com -# -# Mandatory: yes, if StartAgents is not explicitly set to 0 -# Default: -# Server= +# To make sure all Zabbix configuration is correctly included in IPFire backups: +# - Put custom userparameters in /etc/zabbix_agentd/zabbix_agentd.d/*.conf +# - Put custom scripts in /etc/zabbix_agentd/scripts +# - Put custom modules in /usr/lib/zabbix
+# Set your Zabbix Server IP or hostname here (Passive and/or Active): Server=127.0.0.1 - -### Option: ListenPort -# Agent will listen on this port for connections from the server. -# -# Mandatory: no -# Range: 1024-32767 -# Default: -# ListenPort=10050 - -### Option: ListenIP -# List of comma delimited IP addresses that the agent should listen on. -# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks. -# -# Mandatory: no -# Default: -# ListenIP=0.0.0.0 - -### Option: StartAgents -# Number of pre-forked instances of zabbix_agentd that process passive checks. -# If set to 0, disables passive checks and the agent will not listen on any TCP port. -# -# Mandatory: no -# Range: 0-100 -# Default: -# StartAgents=3 - -##### Active checks related - -### Option: ServerActive -# List of comma delimited IP:port (or DNS name:port) pairs of Zabbix servers and Zabbix proxies for active checks. -# If port is not specified, default port is used. -# IPv6 addresses must be enclosed in square brackets if port for that host is specified. -# If port is not specified, square brackets for IPv6 addresses are optional. -# If this parameter is not specified, active checks are disabled. -# Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1] -# -# Mandatory: no -# Default: -# ServerActive= - ServerActive=127.0.0.1
-### Option: Hostname -# Unique, case sensitive hostname. -# Required for active checks and must match hostname as configured on the server. -# Value is acquired from HostnameItem if undefined. -# -# Mandatory: no -# Default: -# Hostname= - -### Option: HostnameItem -# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. -# Does not support UserParameters or aliases. -# -# Mandatory: no -# Default: -# HostnameItem=system.hostname - -### Option: HostMetadata -# Optional parameter that defines host metadata. -# Host metadata is used at host auto-registration process. -# An agent will issue an error and not start if the value is over limit of 255 characters. -# If not defined, value will be acquired from HostMetadataItem. -# -# Mandatory: no -# Range: 0-255 characters -# Default: -# HostMetadata= - -### Option: HostMetadataItem -# Optional parameter that defines an item used for getting host metadata. -# Host metadata is used at host auto-registration process. -# During an auto-registration request an agent will log a warning message if -# the value returned by specified item is over limit of 255 characters. -# This option is only used when HostMetadata is not defined. -# -# Mandatory: no -# Default: -# HostMetadataItem= - -### Option: RefreshActiveChecks -# How often list of active checks is refreshed, in seconds. -# -# Mandatory: no -# Range: 60-3600 -# Default: -# RefreshActiveChecks=120 +# List of comma delimited IP addresses that the agent should listen on. +ListenIP=GREEN_ADDRESS
-### Option: BufferSend -# Do not keep data longer than N seconds in buffer. -# -# Mandatory: no -# Range: 1-3600 -# Default: -# BufferSend=5 - -### Option: BufferSize -# Maximum number of values in a memory buffer. The agent will send -# all collected data to Zabbix Server or Proxy if the buffer is full. -# -# Mandatory: no -# Range: 2-65535 -# Default: -# BufferSize=100 - -### Option: MaxLinesPerSecond -# Maximum number of new lines the agent will send per second to Zabbix Server -# or Proxy processing 'log' and 'logrt' active checks. -# The provided value will be overridden by the parameter 'maxlines', -# provided in 'log' or 'logrt' item keys. -# -# Mandatory: no -# Range: 1-1000 -# Default: -# MaxLinesPerSecond=20 +# This line activates IPFire specific userparameters. +# See IPFire wiki for details. +# To deactivate them: Comment this line out. +# (DO NOT REMOVE OR ALTER IT as then it will be re-added on next upgrade) +Include=/var/ipfire/zabbix_agentd/userparameters/*.conf
-############ ADVANCED PARAMETERS ################# - -### Option: Alias -# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one. -# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed. -# Different Alias keys may reference the same item key. -# For example, to retrieve the ID of user 'zabbix': -# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1] -# Now shorthand key zabbix.userid may be used to retrieve data. -# Aliases can be used in HostMetadataItem but not in HostnameItem parameters. -# -# Mandatory: no -# Range: -# Default: - -### Option: Timeout -# Spend no more than Timeout seconds on processing -# -# Mandatory: no -# Range: 1-30 -# Default: -# Timeout=3 - -### Option: AllowRoot -# Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent -# will try to switch to the user specified by the User configuration option instead. -# Has no effect if started under a regular user. -# 0 - do not allow -# 1 - allow -# -# Mandatory: no -# Default: -# AllowRoot=0 - -### Option: User -# Drop privileges to a specific, existing user on the system. -# Only has effect if run as 'root' and AllowRoot is disabled. -# -# Mandatory: no -# Default: -# User=zabbix - -### Option: Include -# You may include individual files or all files in a directory in the configuration file. -# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time. -# -# Mandatory: no -# Default: -# Include= - -Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf - - -####### USER-DEFINED MONITORED PARAMETERS ####### - -### Option: UnsafeUserParameters -# Allow all characters to be passed in arguments to user-defined parameters. -# The following characters are not allowed: -# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @ -# Additionally, newline characters are not allowed. -# 0 - do not allow -# 1 - allow -# -# Mandatory: no -# Range: 0-1 -# Default: -# UnsafeUserParameters=0 - -### Option: UserParameter -# User-defined parameter to monitor. There can be several user-defined parameters. -# Format: UserParameter=<key>,<shell command> -# See 'zabbix_agentd' directory for examples. -# -# Mandatory: no -# Default: -# UserParameter= - -####### LOADABLE MODULES ####### - -### Option: LoadModulePath -# Full path to location of agent modules. -# Default depends on compilation options. -# To see the default path run command "zabbix_agentd --help". -# -# Mandatory: no -# Default: -# LoadModulePath=/usr/lib/modules - -LoadModulePath=/usr/lib/zabbix - -### Option: LoadModule -# Module to load at agent startup. Modules are used to extend functionality of the agent. -# Formats: -# LoadModule=<module.so> -# LoadModule=<path/module.so> -# LoadModule=</abs_path/module.so> -# Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. -# If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. -# It is allowed to include multiple LoadModule parameters. -# -# Mandatory: no -# Default: -# LoadModule= - -####### TLS-RELATED PARAMETERS ####### - -### Option: TLSConnect -# How the agent should connect to server or proxy. Used for active checks. -# Only one value can be specified: -# unencrypted - connect without encryption -# psk - connect using TLS and a pre-shared key -# cert - connect using TLS and a certificate -# -# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) -# Default: -# TLSConnect=unencrypted - -### Option: TLSAccept -# What incoming connections to accept. -# Multiple values can be specified, separated by comma: -# unencrypted - accept connections without encryption -# psk - accept connections secured with TLS and a pre-shared key -# cert - accept connections secured with TLS and a certificate -# -# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection) -# Default: -# TLSAccept=unencrypted - -### Option: TLSCAFile -# Full pathname of a file containing the top-level CA(s) certificates for -# peer certificate verification. -# -# Mandatory: no -# Default: -# TLSCAFile= - -### Option: TLSCRLFile -# Full pathname of a file containing revoked certificates. -# -# Mandatory: no -# Default: -# TLSCRLFile= - -### Option: TLSServerCertIssuer -# Allowed server certificate issuer. -# -# Mandatory: no -# Default: -# TLSServerCertIssuer= - -### Option: TLSServerCertSubject -# Allowed server certificate subject. -# -# Mandatory: no -# Default: -# TLSServerCertSubject= - -### Option: TLSCertFile -# Full pathname of a file containing the agent certificate or certificate chain. -# -# Mandatory: no -# Default: -# TLSCertFile= - -### Option: TLSKeyFile -# Full pathname of a file containing the agent private key. -# -# Mandatory: no -# Default: -# TLSKeyFile= - -### Option: TLSPSKIdentity -# Unique, case sensitive string used to identify the pre-shared key. -# -# Mandatory: no -# Default: -# TLSPSKIdentity= - -### Option: TLSPSKFile -# Full pathname of a file containing the pre-shared key. -# -# Mandatory: no -# Default: -# TLSPSKFile= +# Mandatory Zabbix Agent configuration to start and run on IPFire correctly +# DO NOT REMOVE OR MODIFY THIS LINE: +Include=/var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf \ No newline at end of file diff --git a/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf b/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf new file mode 100644 index 000000000..c6be948be --- /dev/null +++ b/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf @@ -0,0 +1,11 @@ +PidFile=/var/run/zabbix/zabbix_agentd.pid + +# Log rotation is managed by logrotate +LogFile=/var/log/zabbix/zabbix_agentd.log +LogFileSize=0 + +# These paths are included in the IPFire backups. Do not put user modules +# or configuration files in other locations if you want them included in the +# backups. +LoadModulePath=/usr/lib/zabbix +Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf \ No newline at end of file diff --git a/html/cgi-bin/aliases.cgi b/html/cgi-bin/aliases.cgi index 7b80b3c84..def03ff9b 100644 --- a/html/cgi-bin/aliases.cgi +++ b/html/cgi-bin/aliases.cgi @@ -34,6 +34,7 @@ require '/var/ipfire/general-functions.pl'; # replace /var/ipcop with /var/ipcop require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "${General::swroot}/ids-functions.pl"; +require "${General::swroot}/network-functions.pl";
my $configfwdfw = "${General::swroot}/firewall/config"; my $configinput = "${General::swroot}/firewall/input"; @@ -52,6 +53,11 @@ undef (@dummy); my $setting = "${General::swroot}/ethernet/settings"; our $datafile = "${General::swroot}/ethernet/aliases";
+# Fetch the name of the main RED interface +my $RED_INTERFACE = &General::get_red_interface(); + +# Fetch all RED interfaces +my @RED_INTERFACES = &Network::get_red_interfaces();
our %settings=(); #Settings1 @@ -61,7 +67,8 @@ our %settings=(); $settings{'IP'} = ''; $settings{'ENABLED'} = 'off'; # Every check box must be set to off $settings{'NAME'} = ''; -my @nosaved=('IP','ENABLED','NAME'); # List here ALL setting2 fields. Mandatory +$settings{'INTERFACE'} = ''; +my @nosaved=('IP','ENABLED','NAME','INTERFACE'); # List here ALL setting2 fields. Mandatory
$settings{'ACTION'} = ''; # add/edit/remove $settings{'KEY1'} = ''; # point record for ACTION @@ -215,10 +222,10 @@ if ($settings{'ACTION'} eq $Lang::tr{'add'}) { } unless ($errormessage) { if ($settings{'KEY1'} eq '') { #add or edit ? - unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n"); + unshift (@current, "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n"); &General::log($Lang::tr{'ip alias added'}); } else { - @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'}\n"; + @current[$settings{'KEY1'}] = "$settings{'IP'},$settings{'ENABLED'},$settings{'NAME'},$settings{'INTERFACE'}\n"; $settings{'KEY1'} = ''; # End edit mode &General::log($Lang::tr{'ip alias changed'}); } @@ -250,6 +257,7 @@ if ($settings{'ACTION'} eq $Lang::tr{'edit'}) { $settings{'IP'}=$temp[0]; # Prepare the screen for editing $settings{'ENABLED'}=$temp[1]; $settings{'NAME'}=$temp[2]; + $settings{'INTERFACE'}=$temp[3]; }
if ($settings{'ACTION'} eq $Lang::tr{'remove'}) { @@ -295,6 +303,7 @@ if ($settings{'ACTION'} eq '' ) { # First launch from GUI &Header::openpage($Lang::tr{'external aliases configuration'}, 1, ''); &Header::openbigbox('100%', 'left', '', $errormessage); my %checked =(); # Checkbox manipulations +my %selected = ();
if ($errormessage) { &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); @@ -320,6 +329,11 @@ END # $checked{'ENABLED'}{'on'} = ($settings{'ENABLED'} eq 'on') ? "checked='checked'" : '' ;
+$selected{'INTERFACE'} = (); +foreach my $intf (@RED_INTERFACES) { + $selected{'INTERFACE'}{$intf} = ($settings{'INTERFACE'} eq $intf) ? "selected" : ""; +} + my $buttontext = $Lang::tr{'add'}; if ($settings{'KEY1'} ne '') { $buttontext = $Lang::tr{'update'}; @@ -329,7 +343,7 @@ if ($settings{'KEY1'} ne '') { }
#Edited line number (KEY1) passed until cleared by 'save' or 'remove' or 'new sort order' -print <<END +print <<END; <form method='post' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='KEY1' value='$settings{'KEY1'}' /> <input type='hidden' name='OLDNAME' value='$settings{'NAME'}' /> @@ -340,6 +354,33 @@ print <<END <td><input type='text' name='NAME' value='$settings{'NAME'}' size='32' /></td> <td class='base' style='text-align:right; color:${Header::colourred};'>$Lang::tr{'alias ip'}: </td> <td><input type='text' name='IP' value='$settings{'IP'}' size='16' /></td> +END + +if (scalar @RED_INTERFACES >= 2) { + print <<END; + <td class='base' style='color:${Header::colourred};'>$Lang::tr{'interface'}:</td> + <td> + <select name="INTERFACE"> + <option value="">$Lang::tr{'aliases default interface'}</option> +END + + # Print an option for each RED interface + foreach my $intf (@RED_INTERFACES) { + # Skip the default one + next if ($RED_INTERFACE eq $intf); + + print <<END; + <option value="$intf" $selected{'INTERFACE'}{$intf}>$intf</option> +END + } + + print <<END; + </select> + </td> +END +} + +print <<END; <td class='base' style='text-align:right;'>$Lang::tr{'enabled'} </td> <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> </tr> @@ -353,7 +394,7 @@ print <<END </table> </form> END -; + &Header::closebox();
# Add visual indicators to column headings to show sort order - EO @@ -419,9 +460,15 @@ foreach my $line (@current) { } print "<tr style='$col'>";
+ my $address = $temp[0]; + + if ($temp[3] ne "") { + $address .= " @ $temp[3]"; + } + print <<END <td style='text-align:center; $col'>$temp[2]</td> -<td style='text-align:center; $col'>$temp[0]</td> +<td style='text-align:center; $col'>$address</td>
<td style='text-align:center; $col'> <form method='post' action='$ENV{'SCRIPT_NAME'}'> @@ -542,7 +589,7 @@ sub SortDataFile # The KEY,key record permits doublons. If removed, then F1 becomes the key without doublon permitted.
- my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2]); + my @record = ('KEY',$key++,'IP',$temp[0],'ENABLED',$temp[1],'NAME',$temp[2],'INTERFACE',$temp[3]); my $record = {}; # create a reference to empty hash %{$record} = @record; # populate that hash with @record $entries{$record->{KEY}} = $record; # add this to a hash of hashes @@ -552,7 +599,7 @@ sub SortDataFile
# Each field value is printed , with the newline ! Don't forget separator and order of them. foreach my $entry (sort fixedleasesort keys %entries) { - print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME}\n"; + print FILE "$entries{$entry}->{IP},$entries{$entry}->{ENABLED},$entries{$entry}->{NAME},$entries{$entry}->{INTERFACE}\n"; }
close(FILE); diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 2c79f1cbc..99698948d 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -422,6 +422,7 @@ 'alcatelusb upload' => 'Upload Speedtouch USB firmware', 'alias ip' => 'Alias IP', 'aliases' => 'Aliases', +'aliases default interface' => '- Default Interface -', 'aliases not active' => 'Aliases will not be active unless your RED interface is STATIC', 'all' => 'All', 'all interfaces' => 'All Interfaces', diff --git a/lfs/dnsdist b/lfs/dnsdist index 9b668f40a..790505751 100644 --- a/lfs/dnsdist +++ b/lfs/dnsdist @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2021 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dnsdist -PAK_VER = 12 +PAK_VER = 13
SUP_ARCH = x86_64 aarch64
diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 63566c1a7..73c5dc0b6 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2022 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -26,7 +26,7 @@ include Config
SUMMARY = Zabbix Agent
-VER = 4.2.6 +VER = 6.0.6
THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,8 +34,9 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 4 -DEPS = +PAK_VER = 5 + +DEPS = fping
SERVICES = zabbix_agentd
@@ -47,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 644bb9fd3afaa26c572f97018039d564a7ce156d0bf8d2449a1d3d04fdfaca05087d71e6a5ddcf3ed13a5719256865780f180dd3488bab470816dac7af70ff09 +$(DL_FILE)_BLAKE2 = f9d07ca8938ae4e5e47048c32872644caeda0ecdef17513c63c63d1ce2aaa4ac0c92e6c70932bc598ff908419dae05bab32924f5973a5528b5668f7c7c2c5a17
install : $(TARGET)
@@ -84,7 +85,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --prefix=/usr \ --enable-agent \ --sysconfdir=/etc/zabbix_agentd \ - --with-openssl + --with-openssl \ + --with-libcurl
cd $(DIR_APP) && make cd $(DIR_APP) && make install @@ -93,10 +95,21 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -rmdir /etc/zabbix_agentd/zabbix_agentd.conf.d -mkdir -pv /etc/zabbix_agentd/zabbix_agentd.d -mkdir -pv /etc/zabbix_agentd/scripts + # Move upstream supplied config out of the way for reference + # and install our own version of the config. + -mv /etc/zabbix_agentd/zabbix_agentd.conf \ + /etc/zabbix_agentd/zabbix_agentd.conf.example install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \ /etc/zabbix_agentd/zabbix_agentd.conf + + # Install IPFire-specific Zabbix Agent config + -mkdir -pv /var/ipfire/zabbix_agentd/userparameters + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf \ + /var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ - /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf + /var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ipfire.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
# Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix @@ -114,7 +127,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Install sudoers include file install -v -m 640 $(DIR_SRC)/config/zabbix_agentd/sudoers \ - /etc/sudoers.d/zabbix + /etc/sudoers.d/zabbix_agentd + install -v -m 640 $(DIR_SRC)/config/zabbix_agentd/sudoers_user \ + /etc/sudoers.d/zabbix_agentd_user
# Install include file for backup install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \ diff --git a/src/misc-progs/setaliases.c b/src/misc-progs/setaliases.c index 4ba6816af..a541a4fd2 100644 --- a/src/misc-progs/setaliases.c +++ b/src/misc-progs/setaliases.c @@ -28,6 +28,8 @@ struct keyvalue *kv = NULL; FILE *file = NULL;
+#define SCOPE 128 + void exithandler(void) { if (kv) freekeyvalues(kv); @@ -45,6 +47,7 @@ int main(void) char *enabled; char *sptr; char *comment; + char* intf = NULL; int alias; int count;
@@ -118,13 +121,12 @@ int main(void) exit(1); }
- /* down the aliases in turn until ifconfig complains */ - alias=0; - do - { - memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, "/sbin/ifconfig %s:%d down 2>/dev/null", red_dev, alias++); - } while (safe_system(command)==0); + // Flush all previous aliases + alias = 0; + do { + snprintf(command, STRING_SIZE - 1, + "ip addr flush dev red%d scope %d 2>/dev/null", alias++, SCOPE); + } while (safe_system(command) == 0);
/* Now set up the new aliases from the config file */ if (!(file = fopen(CONFIG_ROOT "/ethernet/aliases", "r"))) @@ -144,15 +146,18 @@ int main(void) aliasip = NULL; enabled = NULL; comment = NULL; + intf = NULL; sptr = strtok(s, ","); while (sptr) { if (count == 0) aliasip = sptr; - if (count == 1) + else if (count == 1) enabled = sptr; - else + else if (count == 2) comment = sptr; + else if (count == 3) + intf = sptr; count++; sptr = strtok(NULL, ","); } @@ -175,16 +180,14 @@ int main(void) exit(1); }
- memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, - "/sbin/ifconfig %s:%d %s netmask %s up", - red_dev, alias, aliasip, red_netmask); - safe_system(command); - memset(command, 0, STRING_SIZE); - snprintf(command, STRING_SIZE-1, - "/usr/sbin/arping -q -c 1 -w 1 -i %s -S %s %s", - red_dev, aliasip, default_gateway); + // Default to RED_DEV if intf isn't set + if (!intf) + intf = red_dev; + + snprintf(command, STRING_SIZE - 1, "ip addr add %s/%s dev %s scope %d", + aliasip, red_netmask, intf, SCOPE); safe_system(command); + alias++; } return 0; diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index e1450a1d8..80632d1ec 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -39,8 +39,52 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc0.d/K02zabbix_agentd ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd
# Create additonal directories and set permissions -mkdir -pv /var/log/zabbix -chown zabbix.zabbix /var/log/zabbix +[ -d /var/log/zabbix ] || ( mkdir -pv /var/log/zabbix && chown zabbix.zabbix /var/log/zabbix ) +[ -d /usr/lib/zabbix ] || ( mkdir -pv /usr/lib/zabbix && chown zabbix.zabbix /usr/lib/zabbix )
restore_backup ${NAME} + +# Check if old IPFire specifc userparameters exist and move out of the way +if [ -f /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf ]; then + mv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf.save +fi + +# Check if new IPFire specific config is included in restored config +# and add if required. +grep -q "Include=/var/ipfire/zabbix_agentd/userparameters/*.conf" /etc/zabbix_agentd/zabbix_agentd.conf +if [ $? -eq 1 ]; then + echo "" >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "# This line activates IPFire specific userparameters. " >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "# See IPFire wiki for details." >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "# To deactivate them: Comment this line out." >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "# (DO NOT REMOVE OR ALTER IT as then it will be re-added on next upgrade)" >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "Include=/var/ipfire/zabbix_agentd/userparameters/*.conf" >> /etc/zabbix_agentd/zabbix_agentd.conf +fi + +grep -q "Include=/var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf" /etc/zabbix_agentd/zabbix_agentd.conf +if [ $? -eq 1 ]; then + # Remove settings that are now in our own config + sed -i -e "|^PidFile=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf + sed -i -e "|^LogFile=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf + sed -i -e "|^LogFileSize=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf + sed -i -e "|^LoadModulePath=.*$|d" /etc/zabbix_agentd/zabbix_agentd.conf + sed -i -e "|^Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf$|d" /etc/zabbix_agentd/zabbix_agentd.conf + # Include our own config in main config + echo "" >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "# Mandatory Zabbix Agent configuration to start and run on IPFire correctly" >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "# DO NOT REMOVE OR MODIFY THIS LINE:" >> /etc/zabbix_agentd/zabbix_agentd.conf + echo "Include=/var/ipfire/zabbix_agentd/zabbix_agentd_ipfire_mandatory.conf" >> /etc/zabbix_agentd/zabbix_agentd.conf +fi + +# By default, only listen on GREEN +( + eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) + if [ -n "${GREEN_ADDRESS}" ]; then + sed -i -e "s|ListenIP=GREEN_ADDRESS|ListenIP=${GREEN_ADDRESS}|g" /etc/zabbix_agentd/zabbix_agentd.conf + else + sed -i -e "|ListenIP=GREEN_ADDRESS|d" /etc/zabbix_agentd/zabbix_agentd.conf + fi +) || : + start_service --background ${NAME} diff --git a/src/paks/zabbix_agentd/update.sh b/src/paks/zabbix_agentd/update.sh index 7fc1c96fb..a41e72ab4 100644 --- a/src/paks/zabbix_agentd/update.sh +++ b/src/paks/zabbix_agentd/update.sh @@ -22,10 +22,25 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh -./uninstall.sh -./install.sh
-# Ensure /etc/sudoers.d/zabbix.user is renamed to /etc/sudoers.d/zabbix -if [ -e /etc/sudoers.d/zabbix.user ]; then +# Check if old sudoers file exists and remove if it was not modified +# or rename to the new zabbix_agentd_user file if it was. +if [ -f /etc/sudoers.d/zabbix.user ]; then mv -v /etc/sudoers.d/zabbix.user /etc/sudoers.d/zabbix fi + +if [ -f /etc/sudoers.d/zabbix ]; then + blake2=$(b2sum /etc/sudoers.d/zabbix | cut -f1 -d" ") + # from commits 5737a22 & 06fc617 + if [ "$blake2" == "b0f73b107fd3842efc7ef3e30f6d948235aa07d533715476c2d3f58c08379193fdde9ff69aa6e0f5eb6cf4a98b2ed2a6f003f23078a57aff239b34cc29e62a98" ] || \ + [ "$blake2" == "0628c416a1f217b0962a8ce6d1e339bdb0f0427d86fc06b2e40b63487ffc1a3543562d16f7f954d7fb92cee9764f0261c1663a39dd50bc73fd9b772575c56cfc" ]; then + rm -vf /etc/sudoers.d/zabbix + else + mv -v /etc/sudoers.d/zabbix /etc/sudoers.d/zabbix_agentd_user + fi +fi + +extract_backup_includes +./uninstall.sh +./install.sh + diff --git a/src/stripper b/src/stripper index fadbc514b..4014f03a4 100755 --- a/src/stripper +++ b/src/stripper @@ -38,6 +38,10 @@ function _strip() { args+=( "--strip-all" ) ;;
+ *Type:*"DYN (Position-Independent Executable file)"*) + args+=( "--strip-all" ) + ;; + # Binaries *Type:*"EXEC (Executable file)"*) args+=( "--strip-all" )
hooks/post-receive -- IPFire 2.x development tree