diff mbox series

[v3,4/5] zabbix_agentd: By default only listen on GREEN ip

Message ID	20220209232631.14673-5-robin.roevens@disroot.org
State	Superseded
Headers	From: Robin Roevens <robin.roevens@disroot.org> To: development@lists.ipfire.org Subject: [PATCH v3 4/5] zabbix_agentd: By default only listen on GREEN ip Date: Thu, 10 Feb 2022 00:26:30 +0100 Message-Id: <20220209232631.14673-5-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 Content-Transfer-Encoding: 8bit country: NL(-0.01), ip: 178.21.23.139(-0.80)]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-1.00)[-0.997]; SPF_REPUTATION_HAM(-0.70)[-0.70437943086819]; MV_CASE(0.50)[]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	zabbix_agentd: Update to v5.0.20 (LTS) and more \| [v3,0/5] zabbix_agentd: Update to v5.0.20 (LTS) and more [v3,1/5] zabbix_agentd: Update to v5.0.20 (LTS) [v3,2/5] zabbix_agentd: Fix agent modules dir and few minor bugs [v3,3/5] zabbix_agentd: Better configfile handling during update [v3,4/5] zabbix_agentd: By default only listen on GREEN ip [v3,5/5] zabbix_agentd: Add IPFire specific userparameters

Commit Message

Robin Roevens Feb. 9, 2022, 11:26 p.m. UTC

  - Change zabbix_agentd.conf during install to only listen on the
  GREEN ip by default.

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
---
 config/zabbix_agentd/zabbix_agentd.conf |  2 ++
 src/paks/zabbix_agentd/install.sh       | 10 ++++++++++
 2 files changed, 12 insertions(+)

diff mbox series

Patch

diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf
index aa8b899dc..5eea7d4b5 100644
--- a/config/zabbix_agentd/zabbix_agentd.conf
+++ b/config/zabbix_agentd/zabbix_agentd.conf
@@ -132,6 +132,8 @@  Server=127.0.0.1
 # Default:
 # ListenIP=0.0.0.0
 
+ListenIP=GREEN_ADDRESS
+
 ### Option: StartAgents
 #	Number of pre-forked instances of zabbix_agentd that process passive checks.
 #	If set to 0, disables passive checks and the agent will not listen on any TCP port.
diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh
index 4ef4b5be6..f7218a603 100644
--- a/src/paks/zabbix_agentd/install.sh
+++ b/src/paks/zabbix_agentd/install.sh
@@ -62,6 +62,16 @@  ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd
 
 restore_backup ${NAME}
 
+# By default, only listen on GREEN
+( 
+	eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+	if [ -n "${GREEN_ADDRESS}" ]; then
+		sed -i -e "s|ListenIP=GREEN_ADDRESS|ListenIP=${GREEN_ADDRESS}|g" /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew
+	else
+		sed -i -e "\|ListenIP=GREEN_ADDRESS|d" /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew
+	fi
+) || :
+
 # Put zabbix configfiles in place
 setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf
 setup_configfile /etc/sudoers.d/zabbix