From patchwork Wed Feb 9 23:26:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 5138 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNn4bxrz3wgk for ; Wed, 9 Feb 2022 23:31:37 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNh70RKz5Lj; Wed, 9 Feb 2022 23:31:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNh6DzMz2xkv; Wed, 9 Feb 2022 23:31:32 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNf0TsSz2yDs for ; Wed, 9 Feb 2022 23:31:30 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNd4RyKz3rY for ; Wed, 9 Feb 2022 23:31:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 6683C8EB10 for ; Thu, 10 Feb 2022 00:31:29 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WNaxEsiSM2DG for ; Thu, 10 Feb 2022 00:31:27 +0100 (CET) Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 3DA8DEF67; Thu, 10 Feb 2022 00:30:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1644449484; bh=DyhMPjXhwIsDke0B8jq7LUdNEy0mv7QCakLLGWY4gS0=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=WdjTTpubIWR6WDFRqb4jxy/UHwpG7iH8aW0hr5qYtnGcFnaNKn09TdRlrTA1xmU6L F7ThumybZfANCv10ArxJoUiZsCVICWAFoGKqXrFdQjCwGoYJrM0JRXl4sWvmjOQpbr WyvJH4hbNCYLmjGjqdiyHBikjh66diE6yWKKpuEyj+Khtq/uGbyWS+LMJTNJa/rOPo FqojCO3lMSQyh9s67v1mBeMoIy3Ay+BLFJ5JJf+NXeKKtfA8JUPB8Jz+kgcZ1Dre2y chlrmr+6b+Z24zuFR6WiGam9tmOBxR5hzrSL1xY8g+M/WDErdgv7DNPAIBjucEcQjQ MWsh4uK83Pd2A== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH v3 1/5] zabbix_agentd: Update to v5.0.20 (LTS) Date: Thu, 10 Feb 2022 00:26:27 +0100 Message-Id: <20220209232631.14673-2-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-sicho-MailScanner-ID: 3DA8DEF67.A8A80 X-sicho-MailScanner: Found to be clean X-sicho-MailScanner-From: robin.roevens@disroot.org X-sicho-MailScanner-Watermark: 1645054254.23353@fZBLp0DmVZJABwF10e3BxQ ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449489; a=rsa-sha256; cv=none; b=xipfQw5SHwz/uZbSxI4XevBeMBHCRXhQJIK+TPtLIsSPlIwEHPqLcHCgoRIgJt/SzodXfQ sxEVHtBzl7Inq3zfpM2t3KFbzdpjLyZZ50UKgkqlpxwqmWUofetcO7upSKuSj+lXVLvE8o P8R8GT6eTQgq41IYRzM4TfxHxtU6iRLk1Hodw960T5Lcc59nQaAilYnkCxyRKXO+viwlIU Tkaehw7zrOBwVAWYmEI0c1+XUNFR5XAni3WXWjWCxqY4G/cxtomcqCWtKgvDJC0GR7bNln +sUhpj7xHIw/Me84DUFIujCs/+tvzyMDKm0GpmjbZLimo4weYR/uP0nKQsBRjA== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=WdjTTpub; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1644449489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4QUtg2ukYVK62yNeeYWh5JerftW8Iy5LuXFmDWfiEOU=; b=d28Py3Y5O0hbgByU7xsIXEyLwBYPj8yAP0r7eYlUYkS2jelDM3hb6URTL5VWtuZ00iDoTP i5Wj92IA3O+Qb0Njck4wMFXZkakSGtYiD9GEjQt4cXyxuqgZvFpfkZ4za7I/xWaRppfRMZ tNnkLxziT93chnog2yRYAgxpyHwBKh2f4o6pjmVdujh/DMgfCpVkle6cQqXStsHOG4YHlE JV6r6frHN4V92DFWnQhjgZcR96PnMQ3+KWOeA0h8JxuA20kF0SP2CCtbuLqq8HEptkD1aX aly63zBCfg31Xc68XvfbSTP6e8vuCHPVj8U0ME1QxQnS67s1CRQqAzyXkGGJ6A== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=WdjTTpub; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.36 / 11.00]; BAYES_HAM(-3.00)[99.99%]; IP_REPUTATION_HAM(-1.12)[asn: 50673(-0.32), country: NL(-0.01), ip: 178.21.23.139(-0.80)]; MID_CONTAINS_FROM(1.00)[]; SPF_REPUTATION_HAM(-0.70)[-0.70437937615597]; NEURAL_HAM(-0.52)[-0.521]; MV_CASE(0.50)[]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4JvGNd4RyKz3rY X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from 4.2.6 to latest LTS version 5.0.20 See release notes: https://www.zabbix.com/rn/rn5.0.20 Signed-off-by: Robin Roevens --- config/zabbix_agentd/zabbix_agentd.conf | 135 ++++++++++++++++++++++-- lfs/zabbix_agentd | 11 +- 2 files changed, 132 insertions(+), 14 deletions(-) diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf index 21b8e0122..aa8b899dc 100644 --- a/config/zabbix_agentd/zabbix_agentd.conf +++ b/config/zabbix_agentd/zabbix_agentd.conf @@ -63,14 +63,33 @@ LogFileSize=0 # Default: # SourceIP= -### Option: EnableRemoteCommands -# Whether remote commands from Zabbix server are allowed. -# 0 - not allowed -# 1 - allowed +### Option: AllowKey +# Allow execution of item keys matching pattern. +# Multiple keys matching rules may be defined in combination with DenyKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# +# Mandatory: no + +### Option: DenyKey +# Deny execution of items keys matching pattern. +# Multiple keys matching rules may be defined in combination with AllowKey. +# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments. +# Parameters are processed one by one according their appearance order. +# If no AllowKey or DenyKey rules defined, all keys are allowed. +# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default. # # Mandatory: no # Default: -# EnableRemoteCommands=0 +# DenyKey=system.run[*] + +### Option: EnableRemoteCommands - Deprecated, use AllowKey=system.run[*] or DenyKey=system.run[*] instead +# Internal alias for AllowKey/DenyKey parameters depending on value: +# 0 - DenyKey=system.run[*] +# 1 - AllowKey=system.run[*] +# +# Mandatory: no ### Option: LogRemoteCommands # Enable logging of executed shell commands as warnings. @@ -177,6 +196,28 @@ ServerActive=127.0.0.1 # Default: # HostMetadataItem= +### Option: HostInterface +# Optional parameter that defines host interface. +# Host interface is used at host auto-registration process. +# An agent will issue an error and not start if the value is over limit of 255 characters. +# If not defined, value will be acquired from HostInterfaceItem. +# +# Mandatory: no +# Range: 0-255 characters +# Default: +# HostInterface= + +### Option: HostInterfaceItem +# Optional parameter that defines an item used for getting host interface. +# Host interface is used at host auto-registration process. +# During an auto-registration request an agent will log a warning message if +# the value returned by specified item is over limit of 255 characters. +# This option is only used when HostInterface is not defined. +# +# Mandatory: no +# Default: +# HostInterfaceItem= + ### Option: RefreshActiveChecks # How often list of active checks is refreshed, in seconds. # @@ -265,7 +306,6 @@ ServerActive=127.0.0.1 Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf - ####### USER-DEFINED MONITORED PARAMETERS ####### ### Option: UnsafeUserParameters @@ -299,7 +339,7 @@ Include=/etc/zabbix_agentd/zabbix_agentd.d/*.conf # # Mandatory: no # Default: -# LoadModulePath=/usr/lib/modules +# LoadModulePath=${libdir}/modules LoadModulePath=/usr/lib/zabbix @@ -357,14 +397,14 @@ LoadModulePath=/usr/lib/zabbix # TLSCRLFile= ### Option: TLSServerCertIssuer -# Allowed server certificate issuer. +# Allowed server certificate issuer. # # Mandatory: no # Default: # TLSServerCertIssuer= ### Option: TLSServerCertSubject -# Allowed server certificate subject. +# Allowed server certificate subject. # # Mandatory: no # Default: @@ -397,3 +437,80 @@ LoadModulePath=/usr/lib/zabbix # Mandatory: no # Default: # TLSPSKFile= + +####### For advanced users - TLS ciphersuite selection criteria ####### + +### Option: TLSCipherCert13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# +# Mandatory: no +# Default: +# TLSCipherCert13= + +### Option: TLSCipherCert +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128 +# +# Mandatory: no +# Default: +# TLSCipherCert= + +### Option: TLSCipherPSK13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example: +# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherPSK13= + +### Option: TLSCipherPSK +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL +# Example for OpenSSL: +# kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherPSK= + +### Option: TLSCipherAll13 +# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example: +# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 +# +# Mandatory: no +# Default: +# TLSCipherAll13= + +### Option: TLSCipherAll +# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. +# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. +# Example for GnuTLS: +# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 +# Example for OpenSSL: +# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128 +# +# Mandatory: no +# Default: +# TLSCipherAll= + +####### For advanced users - TCP-related fine-tuning parameters ####### + +## Option: ListenBacklog +# The maximum number of pending connections in the queue. This parameter is passed to +# listen() function as argument 'backlog' (see "man listen"). +# +# Mandatory: no +# Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) +# Default: SOMAXCONN (hard-coded constant, depends on system) +# ListenBacklog= diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index c69643a54..28fe97b4f 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2019 IPFire Team # +# Copyright (C) 2007-2022 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.2.6 +VER = 5.0.20 THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 4 +PAK_VER = 5 DEPS = ############################################################################### @@ -43,7 +43,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 6cd55cd743d416d9ffbf2e6fdee680ee +$(DL_FILE)_MD5 = 52df25394f9a4cf83ff55278b23e6295 install : $(TARGET) @@ -80,7 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --prefix=/usr \ --enable-agent \ --sysconfdir=/etc/zabbix_agentd \ - --with-openssl + --with-openssl \ + --with-libcurl cd $(DIR_APP) && make cd $(DIR_APP) && make install From patchwork Wed Feb 9 23:26:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 5140 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNt2NyGz3wgk for ; Wed, 9 Feb 2022 23:31:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNk1Y0Lz5QF; Wed, 9 Feb 2022 23:31:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNk0prpz2yqd; Wed, 9 Feb 2022 23:31:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNg080Gz2yqd for ; Wed, 9 Feb 2022 23:31:31 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNf6qLWz3L8 for ; Wed, 9 Feb 2022 23:31:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id BABF88DC81 for ; Thu, 10 Feb 2022 00:31:30 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dzjcppU6tT5J for ; Thu, 10 Feb 2022 00:31:29 +0100 (CET) Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 46BC1EF6A; Thu, 10 Feb 2022 00:30:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1644449484; bh=pJV37aI6E168++qTH+D9yNksIFfe8w7l/jE95vYdBAs=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=e0RncGinGgFs46ifW58H6oiMiJUNuF9LOfJDIGdmigAT4uLWlBNCzURq7DfXkGSzY VDPrfeBcpWy/tUSZI3javuYervf0g4MyrS7Jghn+rUb56qhb5uuUIhAMd3rPg4qPyJ 69Tl3yWVQFBAnSEtBjI+ecquzBZL7oyJHyPQNy0oVU4W7Mq7Sv/BR6lXxjTz3+Dt2/ fT9hxtndEtFAQb6i617CQjfSHfhGDzDBgyyAZFNiNdlcy7wTgYKyb810Q0q5dobJpi hSgLVU1igAWOrV9JEWQtOWave/KGsVq6wLlG74c8h3Lcl4nf5+WpVpFfAGsGNdJ/g8 oMeRHU2l9NaGA== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH v3 2/5] zabbix_agentd: Fix agent modules dir and few minor bugs Date: Thu, 10 Feb 2022 00:26:28 +0100 Message-Id: <20220209232631.14673-3-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-sicho-MailScanner-ID: 46BC1EF6A.A8A80 X-sicho-MailScanner: Found to be clean X-sicho-MailScanner-From: robin.roevens@disroot.org X-sicho-MailScanner-Watermark: 1645054254.06508@NQ3JuF6cdaZR4AKEl8d74g ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449490; a=rsa-sha256; cv=none; b=YvGCCoOgwYuVblFseRErYIzUUiJbgS3gp3UvDWDWUT9EYTIh5n8KRn02f28Lxw3PGuG/Mw mZ0ix+GQtGoICj1Qt7yjpcyj6MGLi+udJciI49DcUxYo8p+x0esm73nt676heXBLgyrBRd +3zPR7jVW5O3yXMdclJJ3OwdVltP9OTPQUnnQmq3bsfBYigYGUwGJ3zsS4U7vpZF1v5Hwm nMTZDvNHBPWtXZKEnICQ+ju269EiLHDAtY7wtlrKukcwaCklCPLDqLEGLRp/h0F11nTTat 4PFYY36xsWqO5vpPsnDjBw+W9JosPrw/FldNVGw1JR6tuFi6Y6Ixs008husbTA== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=e0RncGin; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1644449490; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ang1wjwrmqmIahKAFrEd1uUGUw1bgGvTFE2S8QzgfcU=; b=sxVz4wtoiP4/xYtqXYuoa5S5akQGGKvBImOhwg0Os+tzE9bE+ItXr11Ya1piI2Xxu5Lbf6 upGMAgwn8UGcHtz3/C73v0TOlNwj0TEV3bH/FxbWICRWLm7Z3MWdF7I039pDhbGbT1AGdC /qL8ucRLiXI0V2ObTSQE0jkCNt9cFGLD2IdLGwcYHCu2MC+C2acX6xxr8/0zkAo8thYncu AJDQIWIvep1a1XR5bGc8uH8eGII8w7rwYthKE2RunC+RSBcjGNQHNM60YQiACEH/G4bHDS AKUUUtI0YNEDr1KNWfU5iETfd2t6V4oJfQsZzMVKFQvTckeCCgfYk7wCEepouw== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=e0RncGin; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.77 / 11.00]; BAYES_HAM(-3.00)[99.99%]; IP_REPUTATION_HAM(-1.12)[asn: 50673(-0.32), country: NL(-0.01), ip: 178.21.23.139(-0.80)]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.93)[-0.933]; SPF_REPUTATION_HAM(-0.70)[-0.70437943086819]; MV_CASE(0.50)[]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4JvGNf6qLWz3L8 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Add agent modules-dir to backup - Remove original, not used agent modules dir from rootfile - Create modules-dir during install if it not already exists - bugfix: Add existence check before creating log-dir, avoiding error messages if it already exists from a previous install - bugfix: add extract_backup_includes to update.sh script to make sure backup includes exist when backup is taken. Signed-off-by: Robin Roevens --- config/backup/includes/zabbix_agentd | 3 ++- config/rootfiles/packages/zabbix_agentd | 2 +- src/paks/zabbix_agentd/install.sh | 4 ++-- src/paks/zabbix_agentd/update.sh | 1 + 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/backup/includes/zabbix_agentd b/config/backup/includes/zabbix_agentd index cba18d772..d3305cb96 100644 --- a/config/backup/includes/zabbix_agentd +++ b/config/backup/includes/zabbix_agentd @@ -1,2 +1,3 @@ /etc/sudoers.d/zabbix -/etc/zabbix_agentd/* +/etc/zabbix_agentd/ +/usr/lib/zabbix/ diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 4420bda05..d9bbc3ccf 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -8,7 +8,7 @@ etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf usr/bin/zabbix_get usr/bin/zabbix_sender -usr/lib/modules +#usr/lib/modules usr/lib/zabbix usr/sbin/zabbix_agentd #usr/share/man/man1/zabbix_get.1 diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index e1450a1d8..cf435918d 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -39,8 +39,8 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc0.d/K02zabbix_agentd ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd # Create additonal directories and set permissions -mkdir -pv /var/log/zabbix -chown zabbix.zabbix /var/log/zabbix +[ -d /var/log/zabbix ] || ( mkdir -pv /var/log/zabbix && chown zabbix.zabbix /var/log/zabbix ) +[ -d /usr/lib/zabbix ] || ( mkdir -pv /usr/lib/zabbix && chown zabbix.zabbix /usr/lib/zabbix ) restore_backup ${NAME} start_service --background ${NAME} diff --git a/src/paks/zabbix_agentd/update.sh b/src/paks/zabbix_agentd/update.sh index 7fc1c96fb..68bba4f80 100644 --- a/src/paks/zabbix_agentd/update.sh +++ b/src/paks/zabbix_agentd/update.sh @@ -22,6 +22,7 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh +extract_backup_includes ./uninstall.sh ./install.sh From patchwork Wed Feb 9 23:26:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 5136 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNl0Jm3z3wgk for ; Wed, 9 Feb 2022 23:31:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNg0zl2z4nW; Wed, 9 Feb 2022 23:31:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNf4JvNz30b1; Wed, 9 Feb 2022 23:31:30 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNd1Ly5z2x9p for ; Wed, 9 Feb 2022 23:31:29 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNc2kh9z3rY for ; Wed, 9 Feb 2022 23:31:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id EEA7E8D1C9 for ; Thu, 10 Feb 2022 00:31:27 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5G_F_GW8fHSF for ; Thu, 10 Feb 2022 00:31:26 +0100 (CET) Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 58049EF6D; Thu, 10 Feb 2022 00:30:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1644449484; bh=MF+MIm6LOpCX7cESj3L4qnw8bDEiW2BIUYenLK+CD7I=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=LgA2BkKlDpkis1c0+zhT0rmCLF32rEmoQgW0ga4mT+kizd0tdu0AhTDwUka9kvEIf CuYUmPoLFYLSkvIV21QckikdW/Ezu7rP6VkG1pGgEkgPo4tyw+HqzCD1tOETfSDGOx Y98bJSZfWKoBT+QWTb6LFszfD6YetIM1HkXY5wjVsfG8GRbuUxNCV9C7NmIh7j+Iov M5adlyI7ZmaFttNVFQ4riYUeiLOM35csozMJwtfR3FWQb8QCSbVX5xiKli9z6Qvp6k OvrtP1NPaEHDZjPI8WUltgNycGeXPLUVFzYuZjkqTrtOKRA+JQcfdmMa3En3jDJIhp TmmHVWBvDVZOQ== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH v3 3/5] zabbix_agentd: Better configfile handling during update Date: Thu, 10 Feb 2022 00:26:29 +0100 Message-Id: <20220209232631.14673-4-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-sicho-MailScanner-ID: 58049EF6D.A8A80 X-sicho-MailScanner: Found to be clean X-sicho-MailScanner-From: robin.roevens@disroot.org X-sicho-MailScanner-Watermark: 1645054253.64403@28hoeQXxacmjGJYeVhIBwA ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449488; a=rsa-sha256; cv=none; b=PS+/SREx3RdLp9OjGQPHzFck3XvSBkmTT6XGCJBEswJPD7Lwwmtia4ve2Y5CcB6TORpbMe NUYmhdTad257kgBK4r7cv6RyPSR4s+NsrdeqlmGYvJTFL34lv3hzpnPkT0u1uzrjvJcb7T sLyN5vwhPwi9gu4YEcph0k6zSVp17GmfRDeWU39xUrBaV8t9agaxXsiDVw7G+savZow/ey x7CtYCAj47zG9dRF2Ii5N7iw2z9kUMYGiNB8RyFftp7MKRPaLXwqb3uR33cQBuESurSceP Sh55fzcWTBi4Gn1v8zJYfe2TlCn4sYPn8RfkMeCD3/C+Km2evld6tQb2Vg6Mug== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=LgA2BkKl; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1644449488; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VklN5RXBtP0L7RnUNlpujHzb8xkUlntUi+k91wYF8hQ=; b=LW0vPhYu1/w6WYR7VM7iUQLV3/lR4RF+L7R+kiOdKBEZZQJ/GVkZMOGNPcRTP0STDjid9i f2wJj/IQim0ApnvKyK9Y5RcOqC9dvAjtO3o9AnJvjwasY4ve6jzgfwwqdpzf3X1iTJ8jY7 s4hTz4ft0x1xm5GO6+BjYS7IvvjgFP/fPNMDCFEt9earpqQqgSJXkwmSuk4/jxAn8rTIdp qJY02wkJvb5D2/a1deAXoYTD2l9YJ9Kvb7BHJtJzYgRZ660zRQD7ERhF9VxHLQx+l4PNls xxtkttlN0RKlfqwoz+VHhm8IZKBf73Tdo38r7QJYyaomDS31WdV1t4yMFf7M0Q== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=LgA2BkKl; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-3.72 / 11.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.99)[-0.995]; SPF_REPUTATION_HAM(-0.70)[-0.70437930609794]; R_MISSING_CHARSET(0.50)[]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; DKIM_TRACE(0.00)[disroot.org:+]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4JvGNc2kh9z3rY X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Install user changeable configfiles as .ipfirenew-files to allow user to merge their config with the new version. (warnings will be displayed during update when manual review is required). If the configfiles are not yet present, the .ipfirenew-files will be renamed to the actual configfiles. And if an existing configfile does not differ from the new one, the .ipfirenew-file will be removed. - Make sure .ipfirenew files and userparameter_pakfire.conf are not included in backup during uninstall to prevent newer versions from being overwritten by backup restore during install. - Explicitly remove installed sudoers file as it is not removed by remove_files due to the renaming from .ipfirenew - Added comment in userparameter_pakfire.conf not to modify the file as it will be overwritten on update Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 4 +-- .../zabbix_agentd/userparameter_pakfire.conf | 7 +++++ lfs/zabbix_agentd | 7 +++-- src/paks/zabbix_agentd/install.sh | 29 +++++++++++++++++++ src/paks/zabbix_agentd/uninstall.sh | 8 +++++ 5 files changed, 51 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index d9bbc3ccf..6f7090fe7 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -1,9 +1,9 @@ etc/logrotate.d/zabbix_agentd etc/rc.d/init.d/zabbix_agentd -etc/sudoers.d/zabbix +etc/sudoers.d/zabbix.ipfirenew etc/zabbix_agentd etc/zabbix_agentd/scripts -etc/zabbix_agentd/zabbix_agentd.conf +etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf usr/bin/zabbix_get diff --git a/config/zabbix_agentd/userparameter_pakfire.conf b/config/zabbix_agentd/userparameter_pakfire.conf index aa2e80f5c..09ddf61c9 100644 --- a/config/zabbix_agentd/userparameter_pakfire.conf +++ b/config/zabbix_agentd/userparameter_pakfire.conf @@ -1,2 +1,9 @@ +# +# IPFire specific configuration file +# +# +# DO NOT MODIFY - Changes will be overwritten when zabbix_agentd addon is +# updated. +# ### Parameter for monitoring pakfire status UserParameter=pakfire.status,sudo /opt/pakfire/pakfire status diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 28fe97b4f..dae59fe48 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -90,8 +90,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) -rmdir /etc/zabbix_agentd/zabbix_agentd.conf.d -mkdir -pv /etc/zabbix_agentd/zabbix_agentd.d -mkdir -pv /etc/zabbix_agentd/scripts + # Remove original config + @rm -f /etc/zabbix_agentd/zabbix_agentd.conf + # And replace with our own config install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/zabbix_agentd.conf \ - /etc/zabbix_agentd/zabbix_agentd.conf + /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf @@ -111,7 +114,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) # Install sudoers include file install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/sudoers \ - /etc/sudoers.d/zabbix + /etc/sudoers.d/zabbix.ipfirenew # Install include file for backup install -v -m 644 $(DIR_SRC)/config/backup/includes/zabbix_agentd \ diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index cf435918d..4ef4b5be6 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -23,6 +23,23 @@ # . /opt/pakfire/lib/functions.sh +review_required=false + +function setup_configfile() { + # Puts configfile in place if it does not already exist or + # remove the shipped version if it does not differ from existing file + configfile=$1 + + if [ ! -f $configfile ]; then + mv $configfile.ipfirenew $configfile + elif diff -q $configfile $configfile.ipfirenew >/dev/null; then + rm -f $configfile.ipfirenew + else + echo "WARNING: new $configfile saved as $configfile.ipfirenew for manual review" + review_required=true + fi +} + if ! getent group zabbix &>/dev/null; then groupadd -g 118 zabbix fi @@ -41,6 +58,18 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd # Create additonal directories and set permissions [ -d /var/log/zabbix ] || ( mkdir -pv /var/log/zabbix && chown zabbix.zabbix /var/log/zabbix ) [ -d /usr/lib/zabbix ] || ( mkdir -pv /usr/lib/zabbix && chown zabbix.zabbix /usr/lib/zabbix ) +[ -d /etc/zabbix_agentd/scripts ] || ( mkdir -pv /etc/zabbix_agentd/scripts && chown zabbix.zabbix /etc/zabbix_agentd/scripts ) restore_backup ${NAME} + +# Put zabbix configfiles in place +setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf +setup_configfile /etc/sudoers.d/zabbix + +if $review_required; then + echo "WARNING: New versions of some configfile(s) where provided as .ipfirenew-files." + echo " They may need manual review in order to take advantage of new features" + echo " or even to make this version of ${NAME} work." +fi + start_service --background ${NAME} diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh index edff3b818..0770b40f1 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -23,8 +23,16 @@ # . /opt/pakfire/lib/functions.sh stop_service ${NAME} + +# Remove .ipfirenew files in advance so they won't be included in backup +rm -rfv /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew /etc/sudoers.d/zabbix.ipfirenew +# Remove IPFire provided userparameter config files in advance +rm -rfv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf + make_backup ${NAME} remove_files +# Remove sudoers file +rm -rvf /etc/sudoers.d/zabbix # Remove init-scripts and symlinks rm -rfv /etc/rc.d/rc*.d/*zabbix_agentd From patchwork Wed Feb 9 23:26:30 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 5139 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNr1JVWz3xfS for ; Wed, 9 Feb 2022 23:31:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNk0qzhz3vg; Wed, 9 Feb 2022 23:31:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNk04TTz2yDs; Wed, 9 Feb 2022 23:31:34 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNf5PtKz32JT for ; Wed, 9 Feb 2022 23:31:30 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNf4pW0z3L8 for ; Wed, 9 Feb 2022 23:31:30 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 7614A8DC81 for ; Thu, 10 Feb 2022 00:31:30 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HSglLlREiRxU for ; Thu, 10 Feb 2022 00:31:29 +0100 (CET) Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 5F46BEF70; Thu, 10 Feb 2022 00:30:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1644449484; bh=s95tffZChrjXlE2Y90YPtkG3fsm5x5NWl2yfb2AEkUg=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Y0pMaUsdi4Pd1Nl1U4T4daa7B7jqRZyAriCb7hb0sI9leHXPtPscnQVNUjYBU1et0 UmTUfUeG3YRSzvj/NqfUuaKlA/VA5/zXqhBc3vTPwN3ky8P+quOLqYI6IG4WZrKrzu GzmofAjGoryT36TGmtwe2y0yWKGpAJK5E/r8xTqwQA4qIL5pd1hwmbc2C1CX+zJu7+ RePqeQQwGSMQWxITc/zgEgcV6YjGnGzkkMudH4/seoOYd02PgKKASXPT3ychxnXQvb rCzYvS/POPhw7RoYr+1+2AKNZC465AraTYaXhHN+tRJsCJ+2hW55r7pWh1Z31aym4V otbVeVnXQL8IA== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH v3 4/5] zabbix_agentd: By default only listen on GREEN ip Date: Thu, 10 Feb 2022 00:26:30 +0100 Message-Id: <20220209232631.14673-5-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-sicho-MailScanner-ID: 5F46BEF70.A8A80 X-sicho-MailScanner: Found to be clean X-sicho-MailScanner-From: robin.roevens@disroot.org X-sicho-MailScanner-Watermark: 1645054254.14509@5Of5NKpRhyh0uqmCYTXcbA ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449490; a=rsa-sha256; cv=none; b=cp2cQ2J4JH7MmdDP1Y75Vw3/aLlGn5SinV/0z4wLtU0fs7w28xN6RsGvgsaQMbqWvZndZC hV6TIXgVrsalZj77ODlz7v5kjYRcSMiyKzSwlhHUP1GDbCQJSwwZHhCCBnpQINe+/ObyGq LkNBeAxNTSHBKtVxazDQE+wxipO2ywNy9Wvl/ZhwtJ5IHjatLT72K9PLOQHzJ8hrnLeRgT D4v+tRADqByU91UBMOioPZhwCALyIroTRGwbi8+9eOHoS5Z43gIniO+C/9ghul+jhRuPGH wfeqQ7QcqEhZSPZF9YD8DOBWhEVNQl8pGB5Wi9hQNLhkm4SkLeAJwP2ygMXQ5A== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Y0pMaUsd; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1644449490; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Yfb3Up166YrAfsTCagqMF6OahJsRbDph+Aa176amJQw=; b=htRXPURj/Tqk+4DsyqIMygmFkyB5xj9byIQc951r8BjYhJZQ3SV8paggQrmFgsJylg+K7/ yfAg8FvqWXsxn+2uJWTbccbV5dBj//nAi+lfcCNqFXV5S4qrMd5NkUgLD7AcU+f+Sunck0 PneL408aUCJo9Cw8hYXX+mc8AkSFHoppQpknjmRj1qUWbv1wOGJg7CcYK0NH5RmskoFfng bqW6j00j0c36wbIbaqmgCa+X4tDn4RLYwMnQN0ohYwqj266kkANzZ/Ezjb91d6wQK0OsBx fuPY1gpZvDHu3rhqvfTp5eTfZCE7esuAWyuA5xmq2CJP943N/U6ZsXPHqFmTcw== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Y0pMaUsd; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.83 / 11.00]; BAYES_HAM(-3.00)[99.99%]; IP_REPUTATION_HAM(-1.12)[asn: 50673(-0.32), country: NL(-0.01), ip: 178.21.23.139(-0.80)]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-1.00)[-0.997]; SPF_REPUTATION_HAM(-0.70)[-0.70437943086819]; MV_CASE(0.50)[]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4JvGNf4pW0z3L8 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Change zabbix_agentd.conf during install to only listen on the GREEN ip by default. Signed-off-by: Robin Roevens --- config/zabbix_agentd/zabbix_agentd.conf | 2 ++ src/paks/zabbix_agentd/install.sh | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/config/zabbix_agentd/zabbix_agentd.conf b/config/zabbix_agentd/zabbix_agentd.conf index aa8b899dc..5eea7d4b5 100644 --- a/config/zabbix_agentd/zabbix_agentd.conf +++ b/config/zabbix_agentd/zabbix_agentd.conf @@ -132,6 +132,8 @@ Server=127.0.0.1 # Default: # ListenIP=0.0.0.0 +ListenIP=GREEN_ADDRESS + ### Option: StartAgents # Number of pre-forked instances of zabbix_agentd that process passive checks. # If set to 0, disables passive checks and the agent will not listen on any TCP port. diff --git a/src/paks/zabbix_agentd/install.sh b/src/paks/zabbix_agentd/install.sh index 4ef4b5be6..f7218a603 100644 --- a/src/paks/zabbix_agentd/install.sh +++ b/src/paks/zabbix_agentd/install.sh @@ -62,6 +62,16 @@ ln -sf ../init.d/zabbix_agentd /etc/rc.d/rc6.d/K02zabbix_agentd restore_backup ${NAME} +# By default, only listen on GREEN +( + eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) + if [ -n "${GREEN_ADDRESS}" ]; then + sed -i -e "s|ListenIP=GREEN_ADDRESS|ListenIP=${GREEN_ADDRESS}|g" /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew + else + sed -i -e "\|ListenIP=GREEN_ADDRESS|d" /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew + fi +) || : + # Put zabbix configfiles in place setup_configfile /etc/zabbix_agentd/zabbix_agentd.conf setup_configfile /etc/sudoers.d/zabbix From patchwork Wed Feb 9 23:26:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 5137 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNl3wGkz3xfw for ; Wed, 9 Feb 2022 23:31:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNh6KJMz5Gg; Wed, 9 Feb 2022 23:31:32 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4JvGNh5cpDz2ykC; Wed, 9 Feb 2022 23:31:32 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4JvGNd4Dwbz2yDs for ; Wed, 9 Feb 2022 23:31:29 +0000 (UTC) Received: from knopi.disroot.org (knopi.disroot.org [178.21.23.139]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4JvGNd3Z18z3L8 for ; Wed, 9 Feb 2022 23:31:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 422CE8DC81 for ; Thu, 10 Feb 2022 00:31:29 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GV6ISNdW-_Vq for ; Thu, 10 Feb 2022 00:31:28 +0100 (CET) Received: from chojin.sicho.home (amaterasu.sicho.home [192.168.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 7B2A1EF73; Thu, 10 Feb 2022 00:30:53 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1644449484; bh=L59Gxnf5zFP1bUCUfoVPLfG7XdFXnLxsGYWSWot/n9o=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=MlHStZtC/IXaGKT20mzJSYFlCRTNIyrTUwmnSzjDhqArPJEUUUak8ayzfHNGe0PnM i+KrrE4TW2tjQp62V/yNzmjvToDWUsugYx3X9WAsDR2JJQzuNEMYj2iexeXqnlg0uR +FJojXMf1p7zhCslu6gTY4+X1RFJ3ScbMTPXTE9s11HetqyODDJH2MtEO1Ocm/5QoD UBaMSuh8lw4gYRdDUxKP4HbCOBuI86hKXEKFOv9T3dzp1OuZyc7/wyqKfilvS35zBT Q1va1/j4FyPQ9JppULCabVKYbMUAJfp1+g6ocuS3WhtSoAKPsZYaZ7m/2zP2Ds1Hqb DHf5IXF2i/pQA== From: Robin Roevens To: development@lists.ipfire.org Subject: [PATCH v3 5/5] zabbix_agentd: Add IPFire specific userparameters Date: Thu, 10 Feb 2022 00:26:31 +0100 Message-Id: <20220209232631.14673-6-robin.roevens@disroot.org> In-Reply-To: <20220209232631.14673-1-robin.roevens@disroot.org> References: <20220209232631.14673-1-robin.roevens@disroot.org> Mime-Version: 1.0 X-sicho-MailScanner-ID: 7B2A1EF73.A8A80 X-sicho-MailScanner: Found to be clean X-sicho-MailScanner-From: robin.roevens@disroot.org X-sicho-MailScanner-Watermark: 1645054253.8882@d9N9BYArRUUvvlU3MB5bJA ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1644449489; a=rsa-sha256; cv=none; b=NCO3/4IHUYOt/Z2UVgZ74XpepulYqw70TLOo+Ux379mQ5NP2jPu0/O4oRTl2iuNPny3S36 9c6YDPVVHi8fdoVxYFRDe/ugaX+21k8jyF3IZw48gUKLDXC51/r5RMjcN4tdBNZB75NehV jCF8sQBAqF4JEGXMNPVqXm+sl7NVyheOty11TnVwY66v1oaEfRlX/cjQFdgyWgPoaKBkOy hglfgqIMDoGgYxCQ11hVTli6NNSjvSINcskGr2AE4ebxNMCvc3uXkYo56ltLycNGKE+Q36 1lmcTjFjm8nSdJ1IPX7NJZKEbV+v7elbQVQLlqRuPDqwFR+/6bAxdFWUiDW82w== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=MlHStZtC; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1644449489; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hsyLHdMOThM39VKa0R3DTCHBS5elt4IURjVERJun3Jc=; b=m+sZUyGj2jxCJ6AJBC9Yb/3Cn0J8WOeucr/QBlXtrixLMUKkGqUadhwIytXMuXd3q2aoO4 WGTAadZ8jt6jhCN3iTFcy3e91EB2s/pv2wJUi6/eelpnXZ62RS28W4RfvWjKNDedb8LnLs 4VLTozzKpz8c//5G4Lxav4Jkbwodcv7uUvDRU4nkzMDpDryYRbAII3qvqM/N7R5RgElIc9 IUhHdwz9nBZ2LYlQiRxnH84YlZo214Hy59Tfma5lBEM0egsuUvWg2cEGcB44ZaNVeU1OEi U5mnXDtJkdUqPpckGm+TZUqasgK/UK/LEKQMwajo4Dox0VSs2k0IeZFwVfUfww== Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=MlHStZtC; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=quarantine) header.from=disroot.org X-Rspamd-Server: mail01.haj.ipfire.org X-Spamd-Result: default: False [-4.83 / 11.00]; BAYES_HAM(-3.00)[99.99%]; IP_REPUTATION_HAM(-1.12)[asn: 50673(-0.32), country: NL(-0.01), ip: 178.21.23.139(-0.80)]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.99)[-0.995]; SPF_REPUTATION_HAM(-0.70)[-0.70437930609794]; MV_CASE(0.50)[]; R_MISSING_CHARSET(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,quarantine]; R_SPF_ALLOW(-0.20)[+a:c]; R_DKIM_ALLOW(-0.20)[disroot.org:s=mail]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; TO_DN_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4JvGNd3Z18z3L8 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Provide IPFire specific items for the Zabbix server to monitor: - ipfire.net.gateway.pingtime: Internet Line Quality - ipfire.net.gateway.ping: Internet connection - ipfire.net.fw.hits.raw: JSON formatted list of Firewall hits/chain - ipfire.dhcpd.clients: Number of active DHCP leases - ipfire.captive.clients: Number of Captive Portal clients Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/sudoers | 2 +- config/zabbix_agentd/userparameter_ipfire.conf | 18 ++++++++++++++++++ lfs/zabbix_agentd | 5 ++++- src/paks/zabbix_agentd/uninstall.sh | 2 +- 5 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 config/zabbix_agentd/userparameter_ipfire.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 6f7090fe7..fc62217f2 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -6,6 +6,7 @@ etc/zabbix_agentd/scripts etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew etc/zabbix_agentd/zabbix_agentd.d etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf +etc/zabbix_agentd/zabbix_agentd.d/userparameter_ipfire.conf usr/bin/zabbix_get usr/bin/zabbix_sender #usr/lib/modules diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 1b362a4fd..c73a95667 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -14,4 +14,4 @@ # Append / edit the following list of commands to fit your needs: # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf new file mode 100644 index 000000000..88f5447e7 --- /dev/null +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -0,0 +1,18 @@ +# IPFire specific configuration file +# +# +# DO NOT MODIFY - Changes will be overwritten when zabbix_agentd addon is +# updated. +# +# Parameters for monitoring IPFire specific metrics +# +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" +UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +# Internet Gateway availability, can be used to check Internet connection +UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? ]; echo $? +# Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain +UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "\/\* DROP_.* \*\/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' +# Number of currently Active DHCP leases +UserParameter=ipfire.dhcpd.clients,grep -s -E 'lease|bind' /var/state/dhcp/dhcpd.leases | sed ':a;/{$/{N;s/\n//;ba}' | grep "state active" | wc -l +# Number of Captive Portal clients +UserParameter=ipfire.captive.clients,awk -F ',' 'length($2) == 17 {sum += 1} END {if (length(sum) == 0) print 0; else print sum}' /var/ipfire/captive/clients \ No newline at end of file diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index dae59fe48..f909b8faa 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -33,7 +33,8 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd PAK_VER = 5 -DEPS = + +DEPS = fping ############################################################################### # Top-level Rules @@ -97,6 +98,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_pakfire.conf \ /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ipfire.conf \ + /etc/zabbix_agentd/zabbix_agentd.d/userparameter_ipfire.conf # Create directory for additional agent modules -mkdir -pv /usr/lib/zabbix diff --git a/src/paks/zabbix_agentd/uninstall.sh b/src/paks/zabbix_agentd/uninstall.sh index 0770b40f1..f87ef8c17 100644 --- a/src/paks/zabbix_agentd/uninstall.sh +++ b/src/paks/zabbix_agentd/uninstall.sh @@ -27,7 +27,7 @@ stop_service ${NAME} # Remove .ipfirenew files in advance so they won't be included in backup rm -rfv /etc/zabbix_agentd/zabbix_agentd.conf.ipfirenew /etc/sudoers.d/zabbix.ipfirenew # Remove IPFire provided userparameter config files in advance -rm -rfv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf +rm -rfv /etc/zabbix_agentd/zabbix_agentd.d/userparameter_pakfire.conf /etc/zabbix_agentd/zabbix_agentd.d/userparameter_ipfire.conf make_backup ${NAME} remove_files