From patchwork Tue Mar 30 15:28:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 4001 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfT0YVSz3ws3 for ; Tue, 30 Mar 2021 15:29:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfS52lTz1TL; Tue, 30 Mar 2021 15:29:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F8tfS4dqQz2xmX; Tue, 30 Mar 2021 15:29:36 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfR41G9z2xGC for ; Tue, 30 Mar 2021 15:29:35 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfQ5QV2zhP for ; Tue, 30 Mar 2021 15:29:34 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 54DFE50CEE for ; Tue, 30 Mar 2021 17:29:34 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with UTF8SMTP id erPHtszUNa5f for ; Tue, 30 Mar 2021 17:29:32 +0200 (CEST) Received: from amaterasu.sicho.home ([192.168.0.1] helo=chojin.sicho.home) by filekeeper.sicho.home with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1lRGIr-00046g-KX; Tue, 30 Mar 2021 17:29:13 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1617118169; bh=MPp2UXx+AUTt35shK7/zuRTr5+ACzl/Og6cHIT14HWs=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=bIyeSWb/bWPAOlDuYkGBGVvnt5tYkgdaXoBhgYF++9a2i3s6E2KLflFiZDRGTnDGX EC5Q3pxI4sWp4J3kk+bxM2yMzOxeo4yKupiKTMWZIAYZt2aLDKT0z4Ezam2PMNbXG2 Y/E+YxvF8J8Xx6/4JGZXrIggj1pNnChzRTA/t2lo2hxeyDgES0UrynAF3lIqmaVdWB 94YctowIR1jAL4PHYS2WvTn5a4B0xusM2J5tHe/JKcmFKCeUsvPLmGseKNRmcxd8cB UWxT8u7Fi7DP2UgWem6+hRgmJWRluDI6T8u55b0jtA3aE2APJWU9f+QTHyTEDzwk6R TVYkY3MmhEujQ== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH 1/4] zabbix_agentd: Update to v5.0.9 (LTS) Date: Tue, 30 Mar 2021 17:28:27 +0200 Message-Id: <20210330152830.2859-2-robin.roevens@disroot.org> In-Reply-To: <20210330152830.2859-1-robin.roevens@disroot.org> References: <20210330152830.2859-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-filekeeper-MailScanner-ID: 1lRGIr-00046g-KX X-filekeeper-MailScanner: Found to be clean X-filekeeper-MailScanner-From: robin.roevens@disroot.org X-filekeeper-MailScanner-Watermark: 1617722959.79072@qK9WT66EDdU6DttFmtYceA ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b="bIyeSWb/"; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1617118174; a=rsa-sha256; cv=none; b=qj9tSWO8HgYKfzfhUn2FzlUm+BUKZ70DKTIFfXy7JACtR5/gAxrX9KUXdZZaw0qkt28sBi uvHfQH3SEaox3OIHJWR6nqZGDAKW22C9IYvC4Ntz7T07u5wWTVYMykvNNi7n8TKSRNjrqS hHW9QiYcdZu15QixNzTzJ1Acl4AKKXXXNrF9n3HFHjbYt+HhvXf2k6jUzyGGSHIebNbGTN W0l/xZDl5kmPX5FB0YtEnX2Wq9xz7/kE71YrqMm/zmWbl6Qud00zaZDc8ddkLlOrelnPmO zeHu3WkhXE8+CdSID4f+cHUhNT+6+PFJnh0cA0D/S5I9BpaVcYOu33usZMQLHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1617118174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xhVYRXW202rEKFB5i3vx+HccHT9zZalP6YFowb5XVb0=; b=i9h4IclfzjBtF6/Ph1F/14vm8/wrGUr8q8dkYUd8q651T8PdOEJiEPCma9ZAYyiegvJbsA MPZb6odUappBPVlvDBiKFIPPF53jaKGoppfGZ0bGP+8SAqvYfcmzvNPOz3MxR+x8cvU90H T7IsUNycPae2TL4J+LYyiBLHjG3Ktb4X5xMlLNj4+c+YKBdaKlWSaSsgMuXQ/mwTtLNjwq HuNuAZbWTSIfUZQAAQPSTUIgOecmxQBV7RMBdIU9onhOHkcAPSaCtZitgAWa9Oi+eoNg// WjunJFWmmHCVuH/3A0bmj/2T1P5nvqVqdwB7wMVwU+bvmJoJpnMV2P85mYKBew== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b="bIyeSWb/"; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-2.51 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; REPLY(-4.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; R_MISSING_CHARSET(2.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; DKIM_TRACE(0.00)[disroot.org:+]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; BAYES_HAM(-3.00)[99.99%] X-Rspamd-Queue-Id: 4F8tfQ5QV2zhP X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 4.2.6 to latest LTS version 5.0.9 See release notes: https://www.zabbix.com/rn/rn5.0.9 Signed-off-by: Robin Roevens --- config/zabbix_agentd/zabbix_agentd.conf | 124 ++++++++++++++++++++++-- lfs/zabbix_agentd | 11 ++- 2 files changed, 121 insertions(+), 14 deletions(-) diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf index 21b8e0122..4d6c4c154 100644 --- a/config/zabbix_agentd/zabbix_agentd.conf +++ b/config/zabbix_agentd/zabbix_agentd.conf @@ -63,14 +63,33 @@ LogFileSize=0 # Default: # SourceIP= -### Option: EnableRemoteCommands -# Whether remote commands from Zabbix server are allowed. -# 0 - not allowed -# 1 - allowed +### Option: AllowKey +# Allow execution of item keys matching pattern. +# Multiple keys matching rules may be defined in combination with DenyKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# +# Mandatory: no + +### Option: DenyKey +# Deny execution of items keys matching pattern. +# Multiple keys matching rules may be defined in combination with AllowKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. # # Mandatory: no # Default: -# EnableRemoteCommands=0 +# DenyKey=system.run[*] + +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead +# Internal alias for AllowKey/DenyKey parameters depending on value: +# 0 - DenyKey=system.run[*] +# 1 - AllowKey=system.run[*] +# +# Mandatory: no ### Option: LogRemoteCommands # Enable logging of executed shell commands as warnings. @@ -177,6 +196,28 @@ ServerActive=127.0.0.1 # Default: # HostMetadataItem= +### Option: HostInterface +# Optional parameter that defines host interface. +# Host interface is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 255 characters. +# If not defined, value will be acquired from HostInterfaceItem. +# +# Mandatory: no +# Range: 0-255 characters +# Default: +# HostInterface= + +### Option: HostInterfaceItem +# Optional parameter that defines an item used for getting host interface. +# Host interface is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostInterface is not defined. +# +# Mandatory: no +# Default: +# HostInterfaceItem= + ### Option: RefreshActiveChecks # How often list of active checks is refreshed, in seconds. # @@ -265,7 +306,6 @@ ServerActive=127.0.0.1 Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf - ####### USER-DEFINED MONITORED PARAMETERS ####### ### Option: UnsafeUserParameters @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf # # Mandatory: no # Default: -# LoadModulePath=/usr/lib/modules +# LoadModulePath=${libdir}/modules LoadModulePath=/usr/lib/zabbix @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix # TLSCRLFile= ### Option: TLSServerCertIssuer -# Allowed server certificate issuer. +# Allowed server certificate issuer. # # Mandatory: no # Default: # TLSServerCertIssuer= ### Option: TLSServerCertSubject -# Allowed server certificate subject. +# Allowed server certificate subject. # # Mandatory: no # Default: @@ -397,3 +437,69 @@ LoadModulePath=/usr/lib/zabbix # Mandatory: no # Default: # TLSPSKFile= + +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= + +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= + +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= + +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index c69643a54..3f2af6a40 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2021 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.2.6 +VER = 5.0.9 THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 4 +PAK_VER = 5 DEPS = ############################################################################### @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee +$(DL_FILE)_MD5 = 68194e361f34cb72975a2063d8ec1df8 install : $(TARGET) @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --prefix=/usr \ --enable-agent \ --sysconfdir=/etc/zabbix_agentd \ - --with-openssl + --with-openssl \ + --with-libcurl cd $(DIR_APP) && make cd $(DIR_APP) && make install From patchwork Tue Mar 30 15:28:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 4002 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfr25qSz3ws3 for ; Tue, 30 Mar 2021 15:29:56 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfq69qJz1V2; Tue, 30 Mar 2021 15:29:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F8tfq5mvHz2xVT; Tue, 30 Mar 2021 15:29:55 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfp60hDz2xBf for ; Tue, 30 Mar 2021 15:29:54 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfp1GX5zhP for ; Tue, 30 Mar 2021 15:29:54 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id D79E250D0D for ; Tue, 30 Mar 2021 17:29:53 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y1Q0Os5y_J7P for ; Tue, 30 Mar 2021 17:29:52 +0200 (CEST) Received: from amaterasu.sicho.home ([192.168.0.1] helo=chojin.sicho.home) by filekeeper.sicho.home with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1lRGIz-00046g-15; Tue, 30 Mar 2021 17:29:21 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1617118192; bh=hHJENc70C0ZHWBG0SKn9sZlG2o96aD+gBzE16qZT55M=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=g7hFBKXCE38hS6sVITeeCSx07YiFxYMyWkpLHORvVpSd12d3m3ackEgH4tuHI2QCz avbfsGoEqhKXhFKDIIgOV+tWWNnxM5TQc2ZhYh4m7IVK81askGlACQ3nAzFcMJlwjR 5mXIEARNOKdH7aaXko3I7e2QaHynyBvWPOZuLiZD++19bMgcfQsYD8nDQt88MuuXus zTr7ibO2Cz18v1/2huvckvffgEV0H0j4oE/knAK0xIIlOYvMpSGZvWBuflCyEUmOad eu5bJfINPKVy00vkME4pqPPVE490UgdJYfEZehfqFAfPVNQBRgg3o3UuStVVceabK6 h1/ZCgxdR6NBA== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH 2/4] zabbix_agentd: Fix agent modules directory Date: Tue, 30 Mar 2021 17:28:28 +0200 Message-Id: <20210330152830.2859-3-robin.roevens@disroot.org> In-Reply-To: <20210330152830.2859-1-robin.roevens@disroot.org> References: <20210330152830.2859-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-filekeeper-MailScanner-ID: 1lRGIz-00046g-15 X-filekeeper-MailScanner: Found to be clean X-filekeeper-MailScanner-From: robin.roevens@disroot.org X-filekeeper-MailScanner-Watermark: 1617722969.17565@72WuRDTWab+387HKhO63Xg ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=g7hFBKXC; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1617118194; a=rsa-sha256; cv=none; b=EEs1mB1p2ilFdR7gEkGJnolHGLW2uuUgDxx5AaJMGGsOXWfP4TcrqeAWdxUdch0pKh5m3S CDDtPN7JRwnuEXwjN4eFgWTqt951zPWKb9hVvIj0HMAPrNRhyZ6lAHa+bLwOf0sCW9DPEf F3z2Oh1+hIKTa3wOIiR80k6NVJ28tgwm5SJgkt2cpUKgz9fWRhxpBjKyd1ZQPomGF24tKG g5D16YrA14MGhH3ZeFY4IxPJ2Q5o/+ZTEDQUDylzKu/ZxEd3cmgbU4GsgYqaek6AiyLQNj ftmCHojBf+GGJ1Cehs/84uXoyRfYk3N0Ig6QMIQNlFUpOOS3VNmF6GjrsA/HKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1617118194; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Zy9o5gMM8JlvyWPmhn+E2m7z/s/UqDK1k3idvRTsP3k=; b=mhCXtEgafpw/lPtOUIDTrKdspx/8lGLoWvcNw+CI7mEb8bmxFPQFOkNYnb15icfdEQns9a XdyLJCPtnJnzvJMqTtFM35AXz0e5YubKKWDh9wmujQOKWvCa/WMzxhZzI3BndWn4HF8tLe JR4wAmH90OG+xwTsJ2NpOZmpo/LsYkeCj1uXAtA3EOaJcR46DKGTY/WK6AX7VPj/XkmzTP e0vZ1w3I654UAtGRI2EAmRe74WWwcCv3FCnb7WF7ErDfvVySPh3rPT7rPqnHq/kv1rW6oz AjcV7Usumx5TPL9TW3WUH0mtYP56L50vdeKLb4P3g1r5UPN+GQowd+RhoKe7HQ== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=g7hFBKXC; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-2.51 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; REPLY(-4.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; R_MISSING_CHARSET(2.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; DKIM_TRACE(0.00)[disroot.org:+]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; BAYES_HAM(-3.00)[99.99%] X-Rspamd-Queue-Id: 4F8tfp1GX5zhP X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Add agent modules-dir to backup - Remove original, not used agent modules dir from rootfile - Delete agent modules dir only when empty on uninstall thus keeping possible user deployed custom module files but removing it if unused. Signed-off-by: Robin Roevens --- config/backup/includes/zabbix_agentd | 3 ++- config/rootfiles/packages/zabbix_agentd | 4 ++-- src/paks/zabbix_agentd/install.sh | 2 ++ src/paks/zabbix_agentd/uninstall.sh | 5 +++++ src/paks/zabbix_agentd/update.sh | 1 + 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/config/backup/includes/zabbix_agentd b/config/backup/includes/zabbix_agentd index cba18d772..d3305cb96 100644 --- a/config/backup/includes/zabbix_agentd +++ b/config/backup/includes/zabbix_agentd @@ -1,2 +1,3 @@ /etc/sudoers.d/zabbix -/etc/zabbix_agentd/* +/etc/zabbix_agentd/ +/usr/lib/zabbix/ diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 4420bda05..a938f2605 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -8,8 +8,8 @@ etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf usr/bin/zabbix_get usr/bin/zabbix_sender -usr/lib/modules -usr/lib/zabbix +#usr/lib/modules +#usr/lib/zabbix usr/sbin/zabbix_agentd #usr/share/man/man1/zabbix_get.1 #usr/share/man/man1/zabbix_sender.1 diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index e1450a1d8..b98230ea1 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -41,6 +41,8 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd # Create additonal directories and set permissions mkdir -pv /var/log/zabbix chown zabbix.zabbix /var/log/zabbix +mkdir -pv /usr/lib/zabbix +chown zabbix.zabbix /usr/lib/zabbix restore_backup ${NAME} start_service --background ${NAME} diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh index edff3b818..b771d1f63 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -26,5 +26,10 @@ stop_service ${NAME} make_backup ${NAME} remove_files +# Remove agent modules dir if empty +if [ -z "$(ls -A /usr/lib/zabbix/)" ]; then + rmdir /usr/lib/zabbix +fi + # Remove init-scripts and symlinks rm -rfv /etc/rc.d/rc*.d/*zabbix_agentd diff --git a/src/paks/zabbix_agentd/update.sh b/src/paks/zabbix_agentd/update.sh index 7fc1c96fb..68bba4f80 100644 --- a/src/paks/zabbix_agentd/update.sh +++ b/src/paks/zabbix_agentd/update.sh @@ -22,6 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +extract_backup_includes ./uninstall.sh ./install.sh From patchwork Tue Mar 30 15:28:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 4004 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfw3VGFz3ws3 for ; Tue, 30 Mar 2021 15:30:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfw0P8Qz1T8; Tue, 30 Mar 2021 15:30:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F8tfw01H0z2xWW; Tue, 30 Mar 2021 15:30:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F8tft3Nh9z2xVT for ; Tue, 30 Mar 2021 15:29:58 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tft1TrTz1fq for ; Tue, 30 Mar 2021 15:29:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id D029F50D0C for ; Tue, 30 Mar 2021 17:29:57 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXd4Jjbktnjt for ; Tue, 30 Mar 2021 17:29:56 +0200 (CEST) Received: from amaterasu.sicho.home ([192.168.0.1] helo=chojin.sicho.home) by filekeeper.sicho.home with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1lRGJ0-00046g-Ql; Tue, 30 Mar 2021 17:29:23 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1617118194; bh=dAJbyzKa+cxR/MIAEevlSLpHXYJl2hTs26rYJ9sS/fw=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=AS0SsDJSDMhSO6Qa6iljeKIFZAUAR7mIvEUUqimgc7XTOXtvqKQDCYo9sl5tkMtYU 4KPFdV6/zS/M9GwaQFZApcZB8VjiqMaUJLOt5W/KA3Tb41PA5q7yeGFUh870qD9hLZ okBMEMgl5QOSRlTg4V1vprfSdyas0RBut+vAccxOU/87iV/QSBzGxBOFFntHbyUbh1 L8UpMylGID/I98wtKcOlDa2ZFH3ObcdLBrkwWA4OgAAtc371AH94b9axecAGIPOA+1 0LozSVKFrra9RJvW3EagThN1Vqj6ORWoGn5eBvvpt9FVAinek0khqAHV08rDNRe5vV bg3mCVSJMHv2w== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH 3/4] zabbix_agentd: Better configfile handling during update Date: Tue, 30 Mar 2021 17:28:29 +0200 Message-Id: <20210330152830.2859-4-robin.roevens@disroot.org> In-Reply-To: <20210330152830.2859-1-robin.roevens@disroot.org> References: <20210330152830.2859-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-filekeeper-MailScanner-ID: 1lRGJ0-00046g-Ql X-filekeeper-MailScanner: Found to be clean X-filekeeper-MailScanner-From: robin.roevens@disroot.org X-filekeeper-MailScanner-Watermark: 1617722969.3421@MmHJLsTQyraLoq1iRVIAKg ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=AS0SsDJS; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1617118198; a=rsa-sha256; cv=none; b=Fvap+qmJISreOfysOg6mxNMElXS/Q1hgxsRP6Q4od1SDHC37eSI5TbchVnu0BaRRSe+poZ QmAQWM06JoCxi9vIOxB9V9YzCO52C9VWhKbc35zIjDT1OgjqKHTt97jkM+f1CZijy62B6F Am8hj5R4BWdmMyAREQw6cP+VyV6LlsuQAdB9Gnqmtjq4AHqEB1iCleBC7q5mwVVij1jF12 kDHnMIovZ4GVDlcqBKFqV9+KT0aDsKy7AswQBq8jFjJGeTmd8mqEJkaKXx0S/QYopQ0OI9 cwsWjvB3LHAEq1y31Li2PH97NDuaZ2omCsEZwXKwKe+MrP8wl9Xxs2oR61yk4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1617118198; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=RKa4PTuD6fv38hXk7OlxFo74Uze2RGhRWLLWorbtxLQ=; b=Uobqq+zkWVtKJxeKK2XjZdq/BVSvDGDFAiI4P3PW71FESU2+QGdXdNTk6Q87Gr4OlfdrUV 7SJgylMvAcHkPYQfxb40NaymwWP2oumZIV+Gdhl85OI6mlJt9mz8rLtbtvyoVemGTNigzh i1DVQndREHkwPtk/i5SYdfcS0TanmYUNLvm5Cdn6OYZk8mYHnxdvpaxvdKKIjdiNW3T5A5 jpsl1qbFwijM4ZdxCl+QE0ufzRzSDOYUwSxZ4LwrtIkHMCC/D6vRWcbrlDGmWGMoqXmHlx OZBHmLGroP9xTDnnLe7V8Lpgph2MY7TWxvhHsEK7+v34n6AheSWFH1BGRN0V5A== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=AS0SsDJS; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-2.51 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; REPLY(-4.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; R_MISSING_CHARSET(2.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; DKIM_TRACE(0.00)[disroot.org:+]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; BAYES_HAM(-3.00)[99.99%] X-Rspamd-Queue-Id: 4F8tft1TrTz1fq X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Renamed userparameters_pakfire.conf to template_app_pakfire.conf following current Zabbix template naming conventions. - Install configfiles as .ipfirenew-files to prevent removing possible user changed files on uninstall. If the configfiles are not yet present, the .ipfirenew-files will be renamed to the actual configfiles. And if an existing configfile does not differ from the new one, the .ipfirenew-file will be removed. This allows the user to manually merge his existing config with the new config after update (warnings will be displayed during update when manual review is required). Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 12 ++++---- ...pakfire.conf => template_app_pakfire.conf} | 0 lfs/zabbix_agentd | 11 ++++--- src/paks/zabbix_agentd/install.sh | 29 +++++++++++++++++++ src/paks/zabbix_agentd/uninstall.sh | 4 +++ src/paks/zabbix_agentd/update.sh | 14 +++++++-- 6 files changed, 57 insertions(+), 13 deletions(-) rename config/zabbix_agentd/{userparameter_pakfire.conf => template_app_pakfire.conf} (100%) diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index a938f2605..6945c5ef7 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -1,11 +1,11 @@ etc/logrotate.d/zabbix_agentd etc/rc.d/init.d/zabbix_agentd -etc/sudoers.d/zabbix -etc/zabbix_agentd -etc/zabbix_agentd/scripts -etc/zabbix_agentd/zabbix_agentd.conf -etc/zabbix_agentd/zabbix_agentd.d -etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf +etc/sudoers.d/zabbix.ipfirenew +#etc/zabbix_agentd +#etc/zabbix_agentd/scripts +etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew +#etc/zabbix_agentd/zabbix_agentd.d +etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew usr/bin/zabbix_get usr/bin/zabbix_sender #usr/lib/modules diff --git a/config/zabbix_agentd/userparameter_pakfire.conf b/config/zabbix_agentd/template_app_pakfire.conf similarity index 100% rename from config/zabbix_agentd/userparameter_pakfire.conf rename to config/zabbix_agentd/template_app_pakfire.conf diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 3f2af6a40..badfde3ae 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -90,10 +90,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -rmdir /etc/zabbix_agentd/zabbix_agentd.conf.d -mkdir -pv /etc/zabbix_agentd/zabbix_agentd.d -mkdir -pv /etc/zabbix_agentd/scripts + # Remove original config + @rm -f /etc/zabbix_agentd/zabbix_agentd.conf + # And replace with our own config install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \ - /etc/zabbix_agentd/zabbix_agentd.conf - install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ - /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf + /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_app_pakfire.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix @@ -111,7 +114,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Install sudoers include file install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/sudoers \ - /etc/sudoers.d/zabbix + /etc/sudoers.d/zabbix.ipfirenew # Install include file for backup install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \ diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index b98230ea1..4248a7ec1 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -23,6 +23,23 @@ # . /opt/pakfire/lib/functions.sh +review_required=false + +function setup_configfile() { + # Puts configfile in place if it does not already exist or + # remove the shipped version if it does not differ from existing file + configfile=$1 + + if [ ! -f $configfile ]; then + mv $configfile.ipfirenew $configfile + elif diff -q $configfile $configfile.ipfirenew >/dev/null; then + rm -f $configfile.ipfirenew + else + echo "WARNING: new $configfile saved as $configfile.ipfirenew for manual review" + review_required=true + fi +} + if ! getent group zabbix &>/dev/null; then groupadd -g 118 zabbix fi @@ -45,4 +62,16 @@ mkdir -pv /usr/lib/zabbix chown zabbix.zabbix /usr/lib/zabbix restore_backup ${NAME} + +# Put zabbix configfiles in place +setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf +setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf +setup_configfile /etc/sudoers.d/zabbix + +if $review_required; then + echo "WARNING: New versions of some configfile(s) where provided as .ipfirenew-files." + echo " They may need manual review in order to take advantage of new features" + echo " or even to make this version of ${NAME} work." +fi + start_service --background ${NAME} diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh index b771d1f63..7a13880c5 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -23,6 +23,10 @@ # . /opt/pakfire/lib/functions.sh stop_service ${NAME} + +# Remove .ipfirenew files in advance so they won't be included in backup +rm -rfv /etc/zabbix_agentd/*.ipfirenew /etc/zabbix_agentd/*/*.ipfirenew + make_backup ${NAME} remove_files diff --git a/src/paks/zabbix_agentd/update.sh b/src/paks/zabbix_agentd/update.sh index 68bba4f80..91dd8f723 100644 --- a/src/paks/zabbix_agentd/update.sh +++ b/src/paks/zabbix_agentd/update.sh @@ -23,10 +23,18 @@ # . /opt/pakfire/lib/functions.sh extract_backup_includes -./uninstall.sh -./install.sh + +# Ensure /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf is +# renamed to /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf +if [ -f /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf ]; then + mv -v /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf +fi # Ensure /etc/sudoers.d/zabbix.user is renamed to /etc/sudoers.d/zabbix -if [ -e /etc/sudoers.d/zabbix.user ]; then +if [ -f /etc/sudoers.d/zabbix.user ]; then mv -v /etc/sudoers.d/zabbix.user /etc/sudoers.d/zabbix fi + +./uninstall.sh +./install.sh \ No newline at end of file From patchwork Tue Mar 30 15:28:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 4003 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4F8tft2hjmz3ws3 for ; Tue, 30 Mar 2021 15:29:58 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfs6r52z1dd; Tue, 30 Mar 2021 15:29:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4F8tfs6PVnz2xmX; Tue, 30 Mar 2021 15:29:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4F8tfr5ZMDz2xSG for ; Tue, 30 Mar 2021 15:29:56 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4F8tfr20qpz1WQ for ; Tue, 30 Mar 2021 15:29:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 1ABEE50D0D for ; Tue, 30 Mar 2021 17:29:56 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r8Z_CF5DdNdO for ; Tue, 30 Mar 2021 17:29:53 +0200 (CEST) Received: from amaterasu.sicho.home ([192.168.0.1] helo=chojin.sicho.home) by filekeeper.sicho.home with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1lRGJ2-00046g-Qk; Tue, 30 Mar 2021 17:29:24 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1617118193; bh=1Rze+lBdTZxe3Bj02J28YUT60G5UHdB3Fwrl06GLKIY=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Bxyo+o5bEF22DmIfpI1a1KUl8FmwrtogRtaUiN+jtXSPCg6L0FfI8zjnykZ51rXiK yOxHE7pJCzSe/0bxs0izWDvt8NOjetEIwGR/OPjdNkAlKCyLTIJ52Utiy8XpQ2sCml GjjiZ1Fbdx9YYM3fMiJ40mVenDE9KsgQCUdxPjwl9OOSwxIoJr8BlJrF/DPu741nXd Cmx5huCcBkvsVaT9vir8oshtPO2/+xr5lC0l2DnUpTBfJG5rKBI5B2Uj5WXhJewuZg HNPB22pcGsNyt7pzsuiaZruaE/XuRY7JnA9lftZqwGyJJgDZAhC7XfDom9Z+lhUoqX 61IkRtZinkQ+A== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH 4/4] zabbix_agentd: Add IPFire specific userparameters Date: Tue, 30 Mar 2021 17:28:30 +0200 Message-Id: <20210330152830.2859-5-robin.roevens@disroot.org> In-Reply-To: <20210330152830.2859-1-robin.roevens@disroot.org> References: <20210330152830.2859-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-filekeeper-MailScanner-ID: 1lRGJ2-00046g-Qk X-filekeeper-MailScanner: Found to be clean X-filekeeper-MailScanner-From: robin.roevens@disroot.org X-filekeeper-MailScanner-Watermark: 1617722969.45833@bAfM9HfI2DmzUH0bA3fV9w ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Bxyo+o5b; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1617118196; a=rsa-sha256; cv=none; b=LOoFI5Rk++/RAnG8bPTWt6xORa62Do6H1G2ssIctJkqhkqkNkzvbJWL4uYjioMr3ogc9Ms 5NFq+jBGwFceoHLZHw6JZP2T3/PEGqoP6QLgB9mUKnkVByJnsZFkl0w955eBPsTHVC5uHz qvIHmK+WzmvkofPYKYBusobOp3wG59Xfp9NJ/KtlbqLHElYP1D8uMW9LUrtYcbdtuNLsWu ngSo0//CM91pMWq7VyH8r29eR+e5NYSjNYkELka3LZ8e4ucgq+zF4mCW2+XobPPZyZi/VF loZXxeKE7+ogRKfn4bP/kdAlVaCMp8CeM+KUKwTk9svz2C/i1BPPmLQ+pWq4Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1617118196; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gk/h/aSI0eX9QiK5SoTeXHZhMVwe47EeXi0W0Jlvs2U=; b=VLKGPIa36qJJVVjuKU6Os4bM64J/TnoNf3uj6owxnCQ8MBHTeRoGaDRUDnehVuonrWnD5V rcOEpnjJDDwTYMJpzI52t78+9LIKdPQyaZ99x8k+8X7VvtuT+STp1XHr8N0+4o+IvxX2cF 1N83KVHS+EeAlD5MRxbGCKF6u5/Ki9gi5RLrMzn+q2EcdZtdsnComkrkoE2EdSjfHN2W6n abWXFZdH1IIRFFWuFhU5BS9ilhXRdclHrhnUTt5lgryPgtgELF77p6r+fbyZ4GhzGdvqxl 6ddvTEfS147JGmp30Catw41kt5bs/OWcLmxx9IBUROE1LtjMPOIRZqSZQlQ+uw== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Bxyo+o5b; dmarc=pass (policy=quarantine) header.from=disroot.org; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-2.50 / 11.00]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+a:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; REPLY(-4.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; R_MISSING_CHARSET(2.50)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; DKIM_TRACE(0.00)[disroot.org:+]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; BAYES_HAM(-2.98)[99.93%] X-Rspamd-Queue-Id: 4F8tfr20qpz1WQ X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Provide IPFire specific items for the Zabbix server to monitor: - Networking stats: - ipfire.net.gateway.pingtime: Internet Line Quality - ipfire.net.gateway.ping: Internet connection - ipfire.net.fw.hits[*]: Firewall hits - IPFire service states: - ipfire.services: JSON formatted state of all IPFire services using new ipfire_services.pl script. Users can install the IPFire 2 Zabbix template-set provided here: https://share.zabbix.com/network-appliances/ipfire-2 to monitor these metrics. Or create their own template. Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 3 + config/zabbix_agentd/ipfire_services.pl | 221 ++++++++++++++++++ config/zabbix_agentd/sudoers | 2 +- .../template_module_ipfire_network_stats.conf | 4 + .../template_module_ipfire_services.conf | 2 + lfs/zabbix_agentd | 8 +- src/paks/zabbix_agentd/install.sh | 5 + src/paks/zabbix_agentd/uninstall.sh | 2 + 8 files changed, 245 insertions(+), 2 deletions(-) create mode 100755 config/zabbix_agentd/ipfire_services.pl create mode 100644 config/zabbix_agentd/template_module_ipfire_network_stats.conf create mode 100644 config/zabbix_agentd/template_module_ipfire_services.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 6945c5ef7..aa3f1846b 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -3,9 +3,12 @@ etc/rc.d/init.d/zabbix_agentd etc/sudoers.d/zabbix.ipfirenew #etc/zabbix_agentd #etc/zabbix_agentd/scripts +etc/zabbix_agentd/scripts/ipfire_services.pl.ipfirenew etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew #etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew +etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_network_stats.conf.ipfirenew +etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_services.conf.ipfirenew usr/bin/zabbix_get usr/bin/zabbix_sender #usr/lib/modules diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/ipfire_services.pl new file mode 100755 index 000000000..dbf8aec56 --- /dev/null +++ b/config/zabbix_agentd/ipfire_services.pl @@ -0,0 +1,221 @@ +#!/usr/bin/perl +############################################################################### +# ipfire_services.pl - Retrieves available IPFire services information and +# return this as a JSON array suitable for easy processing +# by Zabbix server +# +# Author: robin.roevens (at) disroot.org +# Version: 1.0 +# +# Based on: services.cgi by IPFire Team +# Copyright (C) 2007-2021 IPFire Team +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +############################################################################### + +use strict; + +# enable only the following on debugging purpose +# use warnings; + +# Maps a nice printable name to the changing part of the pid file, which +# is also the name of the program +my %servicenames =( + 'DHCP Server' => 'dhcpd', + 'Web Server' => 'httpd', + 'CRON Server' => 'fcron', + 'DNS Proxy Server' => 'unbound', + 'Logging Server' => 'syslogd', + 'Kernel Logging Server' => 'klogd', + 'NTP Server' => 'ntpd', + 'Secure Shell Server' => 'sshd', + 'VPN' => 'charon', + 'Web Proxy' => 'squid', + 'Intrusion Detection System' => 'suricata', + 'OpenVPN' => 'openvpn' +); + +# Hash to overwrite the process name of a process if it differs from the launch command. +my %overwrite_exename_hash = ( + "suricata" => "Suricata-Main" +); + +my $first = 1; + +print "["; + +# Built-in services +my $key = ''; +foreach $key (sort keys %servicenames){ + print "," if not $first; + $first = 0; + + print "{"; + print "\"service\":\"$key\","; + + my $shortname = $servicenames{$key}; + print &servicestats($shortname); + + print "}"; +} + +# Generate list of installed addon pak's +my @pak = `find /opt/pakfire/db/installed/meta-* 2>/dev/null | cut -d"-" -f2`; +foreach (@pak){ + chomp($_); + + # Check which of the paks are services + my @svc = `find /etc/init.d/$_ 2>/dev/null | cut -d"/" -f4`; + foreach (@svc){ + # blacklist some packages + # + # alsa has trouble with the volume saving and was not really stopped + # mdadm should not stopped with webif because this could crash the system + # + chomp($_); + if ( $_ eq 'squid' ) { + next; + } + if ( ($_ ne "alsa") && ($_ ne "mdadm") ) { + print ","; + print "{"; + + print "\"service\":\"Addon: $_\","; + print "\"servicename\":\"$_\","; + + my $onboot = isautorun($_); + print "\"onboot\":$onboot,"; + + print &addonservicestats($_); + + print "}"; + } + } +} + +print "]"; + +sub servicestats{ + my $cmd = $_[0]; + my $status = "\"servicename\":\"$cmd\",\"state\":\"0\""; + my $pid = ''; + my $testcmd = ''; + my $exename; + my $memory; + + + $cmd =~ /(^[a-z]+)/; + + # Check if the exename needs to be overwritten. + # This happens if the expected process name string + # differs from the real one. This may happened if + # a service uses multiple processes or threads. + if (exists($overwrite_exename_hash{$cmd})) { + # Grab the string which will be reported by + # the process from the corresponding hash. + $exename = $overwrite_exename_hash{$1}; + } else { + # Directly expect the launched command as + # process name. + $exename = $1; + } + + if (open(FILE, "/var/run/${cmd}.pid")){ + $pid = ; chomp $pid; + close FILE; + if (open(FILE, "/proc/${pid}/status")){ + while (){ + if (/^Name:\W+(.*)/) { + $testcmd = $1; + } + } + close FILE; + } + if (open(FILE, "/proc/${pid}/status")) { + while () { + my ($key, $val) = split(":", $_, 2); + if ($key eq 'VmRSS') { + $val =~ /\s*([0-9]*)\s+kB/; + # Convert kB to B + $memory = $1*1024; + last; + } + } + close(FILE); + } + if ($testcmd =~ /$exename/){ + $status = "\"servicename\":\"$cmd\",\"state\":1,\"pid\":$pid,\"memory\":$memory"; + } + } + return $status; +} + +sub isautorun{ + my $cmd = $_[0]; + my $status = "0"; + my $init = `find /etc/rc.d/rc3.d/S??${cmd} 2>/dev/null`; + chomp ($init); + if ($init ne ''){ + $status = "1"; + } + $init = `find /etc/rc.d/rc3.d/off/S??${cmd} 2>/dev/null`; + chomp ($init); + if ($init ne ''){ + $status = "0"; + } + + return $status; +} + +sub addonservicestats{ + my $cmd = $_[0]; + my $status = "0"; + my $pid = ''; + my $testcmd = ''; + my $exename; + my @memory = (0); + + $testcmd = `sudo /usr/local/bin/addonctrl $_ status 2>/dev/null`; + + if ( $testcmd =~ /is\ running/ && $testcmd !~ /is\ not\ running/){ + $status = "\"state\":1"; + + $testcmd =~ s/.* //gi; + $testcmd =~ s/[a-z_]//gi; + $testcmd =~ s/\[[0-1]\;[0-9]+//gi; + $testcmd =~ s/[\(\)\.]//gi; + $testcmd =~ s/ //gi; + $testcmd =~ s///gi; + + my @pid = split(/\s/,$testcmd); + $status .=",\"pid\":\"$pid[0]\""; + + my $memory = 0; + + foreach (@pid){ + chomp($_); + if (open(FILE, "/proc/$_/statm")){ + my $temp = ; + @memory = split(/ /,$temp); + } + $memory+=$memory[0]; + } + $memory*=1024; + $status .=",\"memory\":$memory"; + }else{ + $status = "\"state\":0"; + } + return $status; +} diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 1b362a4fd..340bb8e66 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -14,4 +14,4 @@ # Append / edit the following list of commands to fit your needs: # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/local/bin/addonctrl, /sbin/iptables, /usr/sbin/fping diff --git a/config/zabbix_agentd/template_module_ipfire_network_stats.conf b/config/zabbix_agentd/template_module_ipfire_network_stats.conf new file mode 100644 index 000000000..f1658ed07 --- /dev/null +++ b/config/zabbix_agentd/template_module_ipfire_network_stats.conf @@ -0,0 +1,4 @@ +### Parameters for monitoring IPFire network statistics +UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? ]; echo $? +UserParameter=ipfire.net.fw.hits[*],sudo /sbin/iptables -vnxL $1 | grep "\/\* $2 \*\/" | awk '{ print $$2 }'; diff --git a/config/zabbix_agentd/template_module_ipfire_services.conf b/config/zabbix_agentd/template_module_ipfire_services.conf new file mode 100644 index 000000000..5f95218e3 --- /dev/null +++ b/config/zabbix_agentd/template_module_ipfire_services.conf @@ -0,0 +1,2 @@ +### Parameter for monitoring IPFire services +UserParameter=ipfire.services,/etc/zabbix_agentd/scripts/ipfire_services.pl diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index badfde3ae..1debfeeb0 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd PAK_VER = 5 -DEPS = +DEPS = "fping" ############################################################################### # Top-level Rules @@ -97,6 +97,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_app_pakfire.conf \ /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf.ipfirenew + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_module_ipfire_network_stats.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_network_stats.conf.ipfirenew + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/template_module_ipfire_services.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_services.conf.ipfirenew + install -v -m 755 $(DIR_SRC)/config/zabbix_agentd/ipfire_services.pl \ + /etc/zabbix_agentd/scripts/ipfire_services.pl.ipfirenew # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index 4248a7ec1..ced915c81 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -66,8 +66,13 @@ restore_backup ${NAME} # Put zabbix configfiles in place setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_app_pakfire.conf +setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_network_stats.conf +setup_configfile /etc/zabbix_agentd/zabbix_agentd.d/template_module_ipfire_services.conf setup_configfile /etc/sudoers.d/zabbix +# Overwrite script if it exists as user should not modify it but it is included in backup +mv /etc/zabbix_agentd/scripts/ipfire_services.pl.ipfirenew /etc/zabbix_agentd/scripts/ipfire_services.pl + if $review_required; then echo "WARNING: New versions of some configfile(s) where provided as .ipfirenew-files." echo " They may need manual review in order to take advantage of new features" diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh index 7a13880c5..ccbc8f7cf 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -26,6 +26,8 @@ stop_service ${NAME} # Remove .ipfirenew files in advance so they won't be included in backup rm -rfv /etc/zabbix_agentd/*.ipfirenew /etc/zabbix_agentd/*/*.ipfirenew +# Remove script-file as it should not have been modified by user +rm -fv /etc/zabbix_agentd/scripts/ipfire_services.pl make_backup ${NAME} remove_files