From patchwork Thu Jul 17 17:52:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 8930 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs56mr2z3wnD for ; Thu, 17 Jul 2025 18:08:25 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgs25DXzz2J3 for ; Thu, 17 Jul 2025 18:08:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgs12VRpz34RP for ; Thu, 17 Jul 2025 18:08:21 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgry30Gtz34Ql for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrw62m1z2wm for ; Thu, 17 Jul 2025 18:08:16 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=VGBmJ6CZ; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775696; a=rsa-sha256; cv=none; b=N3hj8EDm4UsWi8lqfZihOhZnBJAPm0MvJaBG3LFtJYGpGOyFTNrw4NkqJG6CrKfHx+kCQF AMSlTwioEwXK3E53IqFifajfHO6LesxsHp/ZQVWLKQdGEVT9pnXneH+kmE1Se5P5N1h0Hp ZPBrfLCb6wQfSom1E8sku+/0tqP7nvJ5crhRVzs7R+hOrDeE6jtQy9xoW68+vQXPWVDtsP EpjoUy085cWqyyKc+g2ihcKl6O8ynDb1OJBhUvzdvmOFkQ07tSGMVJ2UzJD00/2TqVmiV3 lNkiNMVkOgjyCDFKakyzOIkaNHfeTiojxlwpgWR2mkkoiAoqp7AqLTfY5yTHOQ== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=VGBmJ6CZ; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1752775696; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=iXWiIn6oEVPaMXo7Vn6e5C+C64jPXfnZDhLF8Tihobs=; b=ICaJg23aAMarl2xuGeEKTf6yhS5/jEM3Ts9RIfnXBY6X3aaM3Z1EbIoW7XBRT0w3P8BjPe wFqPZl/KP66Y1sKaaRG99PV81D8qo7Bjm/ndv/ByHRXrGT5SwxWbi+LZfZHzrllh5fcEKe qvdtXNCI7s6SXgRhdo0HGSn+VIeriah0ea7fhIYABrUhPzOjJH5fi8QNY11Vy71Iuz0bQL jS79hmdB1odVIzk5XFPgO5Jh8aGnLGfaRgyNuCjKAK0oCkaSodar8bUmSnN0qICEh3P7g8 YRALn0pRb1cdBXIKczOmMuxUm4pXaRy9BD61Ivj2XGJ/HNXMt3W9vqGVs3aufA== Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 7A44B25FA8 for ; Thu, 17 Jul 2025 20:08:16 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 9Uhh6Zf_CnKD for ; Thu, 17 Jul 2025 20:08:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1752775694; bh=8ktVxMfnd5pivinY76KeAMNbeu1jjGecblQh5l+qNaM=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=VGBmJ6CZxO7bHjhk0CP+oFLv7Xi3JNODaJreB2VdPynVe1IUI35YwZ90KyRljn2k2 83Ziq6cRsQNOnF6IiGkFJpYMGsAUBUw5OnxyzyHXb9+DF/R3Bgspy9/32Ei41b6Iw4 4XqYbjfne5UBo8Le5chGfqYWeHmbKSkK2iatSZbEbclryOXiXtW9zc0WK4IyHz7D6o Qob3Xq0F+0IJqVipBbVG29GurhEtXDVYiuPqYN+CFM/RKhcXgi9esRKbtOxG1zPeN5 iB2HezzjGlfTtX8g9OWVIcWEv5rfmXKxVvPYc2aXuS+9+Zu+bQNJOs+t9xnOpxaC+F 20tvcRPVcrJjg== Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 5A4853968FD; Thu, 17 Jul 2025 20:08:08 +0200 (CEST) From: Robin Roevens To: development@lists.ipfire.org Cc: Robin Roevens Subject: [PATCH 1/6] zabbix_agentd: Update to 7.0.16 (LTS) Date: Thu, 17 Jul 2025 19:52:00 +0200 Message-ID: <20250717180805.5754-2-robin.roevens@disroot.org> In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org> References: <20250717180805.5754-1-robin.roevens@disroot.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 X-RoevensLambrechts-MailScanner-ID: 5A4853968FD.AD543 X-RoevensLambrechts-MailScanner: Found to be clean X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org X-RoevensLambrechts-MailScanner-Watermark: 1753380489.09543@gZ7J7nmahM+hjJmIU7NsvA X-Spamd-Result: default: False [-5.34 / 11.00]; BAYES_HAM(-2.94)[99.73%]; R_DKIM_ALLOW(-1.69)[disroot.org:s=mail]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.97)[-0.967]; DKIM_REPUTATION(-0.97)[-0.96571779122586]; SPF_REPUTATION_SPAM(0.54)[0.18082013945084]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+a:c]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MISSING_XM_UA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4bjgrw62m1z2wm - Update from version 7.0.11 to 7.0.16 - Update of rootfile not required Bugs fixed: ZBX-26080 Fixed old file descriptors being held when external log rotation is used ZBX-26121 Added default flags to net.dns.get arguments when none are specified ZBX-26055 Fixed failure to refresh active checks when next refresh was faster than 60 seconds Full changelogs since 7.0.11: - https://www.zabbix.com/rn/rn7.0.12 - https://www.zabbix.com/rn/rn7.0.13 - https://www.zabbix.com/rn/rn7.0.14 - https://www.zabbix.com/rn/rn7.0.15 - https://www.zabbix.com/rn/rn7.0.16 Signed-off-by: Robin Roevens --- lfs/zabbix_agentd | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index dbe2088fb..c2b8533b4 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -26,7 +26,7 @@ include Config SUMMARY = Zabbix Agent -VER = 7.0.11 +VER = 7.0.16 THISAPP = zabbix-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 17 +PAK_VER = 18 DEPS = fping @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 0c6544c64febc51e6fc153863b46e333d9d5564c83f40b71362a15c0533d48e50e5c340b35b2ca0dd1d776d0452f4aae42dc44d4e0e4b2c5949df02efbc7fc06 +$(DL_FILE)_BLAKE2 = 5b5ae98fd9ff819b0a202ad566fc4e9523991f67a13a0967986299cafe962e54c7769dffe821b59c55bd2b6e437ea913a6f7074bf9275cdb1bf433eeeb193117 install : $(TARGET) From patchwork Thu Jul 17 17:52:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 8928 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs22q3Mz3wnD for ; Thu, 17 Jul 2025 18:08:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgry5vmQz6hB for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgry2V4nz34Jh for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgrv336xz332k for ; Thu, 17 Jul 2025 18:08:15 +0000 (UTC) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrt2czdz83 for ; Thu, 17 Jul 2025 18:08:14 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=lXtImXBq; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775694; a=rsa-sha256; cv=none; b=e65nlnkpQcL39bPFtpXCNNTauKUCeZ+MXxe52JNfXm1GsUwuo75vSigbP5YwFO66EeGAUT bo05rzDzro/HQfmHAfCxaDuefCpUTLvDZm1Q5MS3w/njkYjq7PyeCWZIvfNSZbN/N7cUcl FKL/xHj3wGfP2+sD125WOAi6dR4sziDJH2RvRJ5+um4uAOLDMTzfuXuA/2zO5B6iyGdd6x jEsChODYah/K8tjKFdAMrmoq7ivSc6CUPwxE8rBRi7fv2WfrvXh9bs1aQ9OKnKQgAk6mGh teMpz9QDxUCc6Vrcz5E45CG5QABgCuXkFAvtoGeCO5Uf4cGvtRnjj2Az1BVlBQ== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=lXtImXBq; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1752775694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=EGbFk6LCiSx2lReOFXE4bVZLmG0L4Z8S6L+1G+WyZpc=; b=MtAS3YmqFT+QNA9Pruqu3sJknkkvQZeiA1Y+OH3bjJYaO3Mp0hMsi47ge95a6Mqx1qD/YJ BB8Fnvee4ke4077an8iW3sWy2LpwG9+hK23AiOog1X5QvOVux8H0WT3aNBBnEfj6hjh6WY t/pXkSqamJ+SkgKe/cDsoJ6fl54s9XvuHCgJHFcOH0PqBvQSiCe1j70kkLIEXnySAixC0m jLJpvOZ86/8opZW8l06p4AOaEUsMdihH740feX3vQ93aYL1zqfLyanq5Lm/kLK43uh794D ScXLPJw512e/IPhZrvxPeq0jItMqeq13VRnRozO3yzWTp9r1yN9cwZTyVLtDCw== Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id AF4A922F7C for ; Thu, 17 Jul 2025 20:08:13 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 2gCWxTU5KZ1n for ; Thu, 17 Jul 2025 20:08:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1752775692; bh=+o8ThSInjN4/prsU9qqBXm9xvyUB89K6RcDakF9RdTU=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=lXtImXBq2zJLnl65j0Ngsr4gDaHa7gKD3KtAAK50zd1yUDob4qMFlEoTX87fMXNoL 8zfPj/gcCn9sQ0m5pv9Y/XiW2nvyvbbX/bLCg88P36pMNsGJ4V04LYFzOMPnFfD1yR fselP6ttjPbs0FXlZSyIz/DISvQB4zKzfgn8D6FPhUyG+TjCkzFgrEzZ3bqfQ3COSQ hFBWrq2hLxy6J9u6Uc+/lToDYqjDEWU41TW3SzM0jkloecD8nvkCysd0xlxsWmajBL MZ4vEI6spWLPO3zqBEcClNrbJ6bvZIYj6oEk6e5nzvfy+KMqZGkn4TkFSdARoPs9fY 6x1ZzsUUUvHOg== Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 2873C39690E; Thu, 17 Jul 2025 20:08:09 +0200 (CEST) From: Robin Roevens To: development@lists.ipfire.org Cc: Robin Roevens Subject: [PATCH 2/6] zabbix_agentd: Add ARPing method for checking Internet Gateway Date: Thu, 17 Jul 2025 19:52:01 +0200 Message-ID: <20250717180805.5754-3-robin.roevens@disroot.org> In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org> References: <20250717180805.5754-1-robin.roevens@disroot.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 X-RoevensLambrechts-MailScanner-ID: 2873C39690E.AD543 X-RoevensLambrechts-MailScanner: Found to be clean X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org X-RoevensLambrechts-MailScanner-Watermark: 1753380490.49882@bJIMfKTdqgRzVIbquJM2Bg X-Spamd-Result: default: False [-5.35 / 11.00]; BAYES_HAM(-3.00)[99.99%]; R_DKIM_ALLOW(-1.70)[disroot.org:s=mail]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.98)[-0.976]; DKIM_REPUTATION(-0.97)[-0.97425615749869]; SPF_REPUTATION_SPAM(0.62)[0.20691067161651]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MISSING_XM_UA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4bjgrt2czdz83 Since some ISP's block ICMP ping to their gateway ARPing can be an alternative. This change adds arping alternatives for the regular (icmp) ping checks: - ipfire.net.gateway.arping: Check if the Internet Gateway is reachable via ARPing - ipfire.net.gateway.arpingtime: Measure the time it takes to ARPing the Internet Gateway Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/sudoers | 3 ++- config/zabbix_agentd/userparameter_gateway.conf | 12 ++++++++++++ config/zabbix_agentd/userparameter_ipfire.conf | 4 ---- lfs/zabbix_agentd | 2 ++ 5 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 config/zabbix_agentd/userparameter_gateway.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index ffa66f307..cc75a49bd 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -21,6 +21,7 @@ var/ipfire/zabbix_agentd/userparameters var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf var/ipfire/zabbix_agentd/scripts var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 78e175980..921e20c89 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -8,6 +8,7 @@ # To add more sudo rights to zabbix agent, you should modify the sudoers file zabbix_agentd_user # Defaults:zabbix !requiretty -zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/local/bin/getipstat, /bin/cat /var/run/ovpnserver.log +zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat +zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/userparameter_gateway.conf b/config/zabbix_agentd/userparameter_gateway.conf new file mode 100644 index 000000000..cfae001ae --- /dev/null +++ b/config/zabbix_agentd/userparameter_gateway.conf @@ -0,0 +1,12 @@ +# Parameters to monitor Internet gateway connectivity +# +# ICMP Ping +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" +UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 +# Internet Gateway availability, can be used to check Internet connection +UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $? +# ARP Ping +# Internet Gateway ping timings, can be used to measure "Internet Line Quality" when ICMP ping is not available +UserParameter=ipfire.net.gateway.arpingtime,sudo /usr/sbin/arping -i red0 -c 3 gateway | awk 'match($0, /time=([0-9\.]+) (\w+)$/, arr) { n++; if (arr[2] == "usec") { arr[1]/=1000; }; sum+=arr[1] } END { print sum / n }' +# Internet Gateway availability, can be used to check Internet connection when ICMP ping is not available +UserParameter=ipfire.net.gateway.arping,sudo /usr/sbin/arping -q -c 3 gateway; [ ! $? == 0 ]; echo $? diff --git a/config/zabbix_agentd/userparameter_ipfire.conf b/config/zabbix_agentd/userparameter_ipfire.conf index c8ead1608..e88c20298 100644 --- a/config/zabbix_agentd/userparameter_ipfire.conf +++ b/config/zabbix_agentd/userparameter_ipfire.conf @@ -1,9 +1,5 @@ # Parameters for monitoring IPFire specific metrics # -# Internet Gateway ping timings, can be used to measure "Internet Line Quality" -UserParameter=ipfire.net.gateway.pingtime,sudo /usr/sbin/fping -c 3 gateway 2>&1 | tail -n 1 | awk '{print $NF}' | cut -d '/' -f2 -# Internet Gateway availability, can be used to check Internet connection -UserParameter=ipfire.net.gateway.ping,sudo /usr/sbin/fping -q -r 3 gateway; [ ! $? == 0 ]; echo $? # Firewall Filter Forward chain drops in bytes/chain (JSON), can be used for discovery of firewall chains and monitoring of firewall hits on each chain UserParameter=ipfire.net.fw.hits.raw,sudo /usr/local/bin/getipstat -xf | grep "/\* DROP_.* \*/$" | awk 'BEGIN { ORS = ""; print "["} { printf "%s{\"chain\": \"%s\", \"bytes\": \"%s\"}", separator, substr($11, 6), $2; separator = ", "; } END { print"]" }' # Number of currently Active DHCP leases diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index c2b8533b4..ebd184628 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -112,6 +112,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_ovpn.conf \ /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf # Install IPFire-specific Zabbix Agent scripts -mkdir -pv /var/ipfire/zabbix_agentd/scripts From patchwork Thu Jul 17 17:52:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 8929 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs23S0dz3wnT for ; Thu, 17 Jul 2025 18:08:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgry6psdz6k8 for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgry2qn2z34LY for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgrv3TMRz33B0 for ; Thu, 17 Jul 2025 18:08:15 +0000 (UTC) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrt68bJzsm for ; Thu, 17 Jul 2025 18:08:14 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Lq32qdpr; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775694; a=rsa-sha256; cv=none; b=xPMVFodxFeAQcMHVvbnfq0BRHrV4MCagoj6WMhT4zWHqjo9DDFZWnw8WlSOO61BBKD9KeY 0FydUk0U4Egn7oYThGnZc/Om6CzACVIC06ac3665jNsOCLEOKCrbRqmXHFYUwoFXrdqLT7 PtAB66+mfv9aXsLE8NSuD5es5Cz1VGvwdVBlD9kdxKpeW9JTOgD9k6w6VgV04Vu3UIS6F3 /GjOukeXaAJaSkcO3i4E/UW47BaloHLX8LEyLhPyxfIjEKRarqsDwNPtGqHugfuYYbxEoC 9g0Hj1QMsDxB1xv5SSK072kmOC4e1/eQwKc2ZIv7XqUdo/KV760QnpXZHKfZig== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Lq32qdpr; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1752775694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=tGH5HAxNZGHcIvWLMU+q2t4eI+S8dexTdkgMRSRa68c=; b=rBxUs5XPYMMtxDwkhxmfnxsLdZQMMEIVRK5QYfFSgCYEblZ2ez/8S6bI1qHGuet+dr++1D 81CEQmoOwO0kz6mwbADTkp8/sPKHwwBLQ2+kVX//fQMVck/csW1QRnxG/AE5Ehouz3ZeXb SIwJRToxs/JXUzWZ4wqKDr1q8HDxR5lOnwrwfN93l4oYRDXXKdHA+SiUtQS7elA3fV0Ryx VZp5aKfVtjNhPVlk1AddLfRll98Mq86PWygykGsAVUoCWA/6HTty3k1u4Q0OR09oKHYvdm Ps3pN7+sCzj5vrfpQGVYVFWulvSky9XBZGIXFb/gAksHUanRtOXyDfzoc93xkQ== Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 72F2825FA0 for ; Thu, 17 Jul 2025 20:08:14 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id sLDRhtHwVgQ2 for ; Thu, 17 Jul 2025 20:08:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1752775693; bh=jr4c/0m+BBjdmNoAq3f0bfyCdPu0Too/ilErgdjyAck=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Lq32qdprJoSPVY1ykhtlbNjr0JYrqzaqWolQ4YYcHpT77jvW9XWIr4flYiMZIrl4i XOky0CvzBZhqK1rEe2BifRfG1rtVUtOj1pPT9vzIdA6KJ4p1btseRj87HkG7KFHXLf fA5ZZqnWj835eo3JnTUSK58FxqRjldQvdxOjktNGuvObrawO9kBYcxgF+Ol/JBl9qJ Ss/lXa7mBwjJl8JqSZbd2HOfRCIBUiDsVvp1jzeztQYvLwDIKNJboQ9IQipDswyoGI spp52jm8TKCsBP9gv20Hgj1eawVTZoAFE5L/KZEjREWomDUOxrc4YcIbzNSXvxVOte Kqr5leO6aTIVw== Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id EAC8F396912; Thu, 17 Jul 2025 20:08:10 +0200 (CEST) From: Robin Roevens To: development@lists.ipfire.org Cc: Robin Roevens Subject: [PATCH 3/6] zabbix_agentd: Add WireGuard specific monitoring items Date: Thu, 17 Jul 2025 19:52:02 +0200 Message-ID: <20250717180805.5754-4-robin.roevens@disroot.org> In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org> References: <20250717180805.5754-1-robin.roevens@disroot.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 X-RoevensLambrechts-MailScanner-ID: EAC8F396912.AD543 X-RoevensLambrechts-MailScanner: Found to be clean X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org X-RoevensLambrechts-MailScanner-Watermark: 1753380491.67107@qxCBbTuxc/nSU9XyqUqu7Q X-Spamd-Result: default: False [-5.35 / 11.00]; BAYES_HAM(-3.00)[99.99%]; R_DKIM_ALLOW(-1.70)[disroot.org:s=mail]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.98)[-0.977]; DKIM_REPUTATION(-0.97)[-0.97425615749869]; SPF_REPUTATION_SPAM(0.62)[0.20691067161651]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+a:c]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MISSING_XM_UA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4bjgrt68bJzsm Adds new IPFire specific monitoring capabilities to Zabbix Agent: - ipfire.wireguard.peers.discovery: Discovery of configured WireGuard clients. Returns a JSON array. - ipfire.wireguard.statusreport.get: Parses and returns output of `wireguardctrl dump` as a JSON array. Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/sudoers | 2 +- config/zabbix_agentd/userparameter_wireguard.conf | 6 ++++++ lfs/zabbix_agentd | 2 ++ 4 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 config/zabbix_agentd/userparameter_wireguard.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index cc75a49bd..52cb37e93 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -22,6 +22,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf var/ipfire/zabbix_agentd/scripts var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 921e20c89..57273a2c8 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -9,6 +9,6 @@ # Defaults:zabbix !requiretty zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat -zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log +zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/userparameter_wireguard.conf b/config/zabbix_agentd/userparameter_wireguard.conf new file mode 100644 index 000000000..b7925288a --- /dev/null +++ b/config/zabbix_agentd/userparameter_wireguard.conf @@ -0,0 +1,6 @@ +# Parameters for monitoring IPFire WireGuard specific metrics +# +# Discovery of configured WireGuard peers +UserParameter=ipfire.wireguard.peers.discovery,cat /var/ipfire/wireguard/peers 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#ID}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK_B64}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $4, $5, $2, $11, $3; separator = ","; } END { print "]" }' +# Get Wireguard status report +UserParameter=ipfire.wireguard.statusreport.get,sudo /usr/local/bin/wireguardctrl dump | awk 'BEGIN { ORS = ""; print "[" } NR>1 { printf "%s{\"id\":\"%s\",\"endpoint\":\"%s\",\"allowed_ip\":\"%s\",\"handshake_timestamp\":%s,\"bytes_in\":%s,\"bytes_out\":%s}", separator, $1, $3, $4, $5, $6, $7; separator = ","; } END { print "]" }' diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index ebd184628..6d0a6b4ea 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -114,6 +114,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \ /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf # Install IPFire-specific Zabbix Agent scripts -mkdir -pv /var/ipfire/zabbix_agentd/scripts From patchwork Thu Jul 17 17:52:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 8927 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs22QDGz3wm9 for ; Thu, 17 Jul 2025 18:08:22 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgry5YGzz6cv for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgry1p8Gz34RR for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgrv2Zztz2y7D for ; Thu, 17 Jul 2025 18:08:15 +0000 (UTC) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrt5GMFzlL for ; Thu, 17 Jul 2025 18:08:14 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=hRYiOnbr; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775694; a=rsa-sha256; cv=none; b=WjuxnATJNsnmvgm8VtFhGy83HhXpd3XuhS3zuPsnPtVPyyktg+q3hSm8nmls71RpXaib02 NDAAR5sEGep0mMAJYcq7S5gyIVX+wPed8aDzfIdnG5LX+RV15gcpaSn3E3v897Vn1kCdKM FvOrYyWc1VRvr/ZxpIMtjL1CuAL08nKS+xT4PT3lZXrJzIlnICfK6sRRmivf3VwpluRHPZ LdT2rF0YMrf5fn9M+ljsXs5VyQr6nIuVg5BwNKJ9Zfgfg5nE6Uht98LfM3ebfSNl0mbwwC yJv3Qi5Up6Vl1s9CUceAvi5WUjXndI4vEXw7phoJJEhTME4T+Q12IwrlOsH7/A== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=hRYiOnbr; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1752775694; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=KaNmyv+/n/huQzyuAtecGTLYbJI337zV25XMXU2KyFU=; b=lSv74YSwoFIayeGrYQEMSHjyixgF1m90ksNwWO8Sd+ZVb32Nnzy3m0lmBbJe0IfRItkTbW vgmUHIRQhjfqa71fnGL2NS/xKyZZYYhdm1g3aqxJxv18nAGNoroMw01pBrlSLTuG5n9ug/ 18zuvaBLKOWh/8FFly3AvDZzU8o0XmUGmXKlzmtRdPp/jAA4IvCF4EccAYjY+kUys/J5H7 VcCF1iE4EM9js1LxW+zsMzpGa74dQqb0L3t5T/uQDXVOz6PzXPZcPcjgsA176N+REjTpFZ LnhGdE9SfQsuANSenSaerzeOW98K6UaD1lycSOWCytrF7iQggbNbxF/mj1BQ3Q== Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 29B0825F8D for ; Thu, 17 Jul 2025 20:08:14 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id WRwzd9PfQwnc for ; Thu, 17 Jul 2025 20:08:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1752775693; bh=08N2AdZmxvNYuLq+lORCuln2UlM+/4XRii807Gl5skU=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=hRYiOnbrkO21rmaLSLFb8vGSZgHglfOmwGb6QJ96Ip2jJ3Q2LNnP4oTKkDe1wyBB0 mB+PWuSSE7HPjdNY639oShk83KjYPXdpxV9kKC9nmVVX4S31sdOioTmrXPHFuOFg2S zj6D8gusQZRJ54fznnVBd4M4o9AEPU5hP08d8/9BcXt+1vcAMOIJw35b6y1IsSYMuE wHq96A0YZ+lyb7GpdVqLNo2wB8XyNDkuB9sZ89SnK8qxPyYejc+PJHdgVjUQ0xYQvN GjkvQ5JlWSN7QXXdxNrCfyVH9nMacpZxHa4US3jAIc8RW7f40nJFOC3STsP/UKhV0+ 17tbN84Ib1cow== Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id B800839691F; Thu, 17 Jul 2025 20:08:10 +0200 (CEST) From: Robin Roevens To: development@lists.ipfire.org Cc: Robin Roevens Subject: [PATCH 4/6] zabbix_agentd: Add LocationDB functionality Date: Thu, 17 Jul 2025 19:52:03 +0200 Message-ID: <20250717180805.5754-5-robin.roevens@disroot.org> In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org> References: <20250717180805.5754-1-robin.roevens@disroot.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 X-RoevensLambrechts-MailScanner-ID: B800839691F.AD543 X-RoevensLambrechts-MailScanner: Found to be clean X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org X-RoevensLambrechts-MailScanner-Watermark: 1753380491.69771@re6qabUZLtP6iP4g4pJYhA X-Spamd-Result: default: False [-3.20 / 11.00]; R_DKIM_ALLOW(-1.70)[disroot.org:s=mail]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.98)[-0.975]; DKIM_REPUTATION(-0.97)[-0.97425615749869]; BAYES_HAM(-0.86)[85.51%]; SPF_REPUTATION_SPAM(0.62)[0.20691067161651]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+a:c]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MISSING_XM_UA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4bjgrt5GMFzlL Adds new IPFire specific monitoring capabilities to Zabbix Agent: - ipfire.locationdb.lookup[,,...]: Perform IPFire LocationDB lookups from within Zabbix. Returns a JSON dict. - ipfire.locationdb.version: Get LocationDB version timestamp in unixtime. Signed-off-by: Robin Roevens --- config/rootfiles/packages/zabbix_agentd | 1 + config/zabbix_agentd/userparameter_locationdb.conf | 6 ++++++ lfs/zabbix_agentd | 2 ++ 3 files changed, 9 insertions(+) create mode 100644 config/zabbix_agentd/userparameter_locationdb.conf diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd index 52cb37e93..7f1f39b64 100644 --- a/config/rootfiles/packages/zabbix_agentd +++ b/config/rootfiles/packages/zabbix_agentd @@ -23,6 +23,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf +var/ipfire/zabbix_agentd/userparameters/userparameter_locationdb.conf var/ipfire/zabbix_agentd/scripts var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/userparameter_locationdb.conf b/config/zabbix_agentd/userparameter_locationdb.conf new file mode 100644 index 000000000..4aa540762 --- /dev/null +++ b/config/zabbix_agentd/userparameter_locationdb.conf @@ -0,0 +1,6 @@ +# Parameters for querying IPFire Location DB +# +# Returns Location DB lookup for one or more IP addresses +UserParameter=ipfire.locationdb.lookup[*],/usr/bin/location lookup $1 $2 $3 $4 $5 $6 $7 $8 $9 2>&1 | awk -F"[[:space:]]*:[[:space:]]*" 'BEGIN { printf "{" } /[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+:/ { printf "%s\"%s\":{",separator,$$1; separator = "," } /^[[:space:]]*Network/ { printf "\"network\":\"" $$2 "\"" } /^[[:space:]]*Country/ { printf ",\"country\":\"" $$2 "\"" } /^[[:space:]]*Autonomous System/ { printf ",\"as\":\"" $$2 "\"}" } /Errno [[:digit:]]+/ { printf "\"error\":\"%s\"",$$0 } END { printf "}" }' +# Returns the Unix timestamp of the IPFire Location DB version +UserParameter=ipfire.locationdb.version,date -d"$(/usr/bin/location version)" +%s diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index 6d0a6b4ea..db43bd611 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -116,6 +116,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \ /var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf + install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_locationdb.conf \ + /var/ipfire/zabbix_agentd/userparameters/userparameter_locationdb.conf # Install IPFire-specific Zabbix Agent scripts -mkdir -pv /var/ipfire/zabbix_agentd/scripts From patchwork Thu Jul 17 17:52:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 8932 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs83tQXz3wnD for ; Thu, 17 Jul 2025 18:08:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgs61fFvz5H3 for ; Thu, 17 Jul 2025 18:08:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgs60vTRz332Q for ; Thu, 17 Jul 2025 18:08:26 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs31XLdz34Nl for ; Thu, 17 Jul 2025 18:08:23 +0000 (UTC) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrz3nK4z2yC for ; Thu, 17 Jul 2025 18:08:19 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=PyBeUzub; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775699; a=rsa-sha256; cv=none; b=cEDpvczajC/T8iQ8DRbG54n5fap518M4uH8tOEvymHM9I33lxfPb/myaW0awrr8GVWtSn8 tk7OjjdV7BvhbdpoPVmW8Rkp1p+M/hWpX/NvuLKjPgWKKU3/NFDEZExC9rB+fhehNobByW QFgvpfdu9UBUoQVhFaZ230pJ0aumDcNw+ki5Rw+B+xzVH33CYXcc8cnzhzud7vsI/IoXaq MZbUjp7UhT/Erey4hhSWHmvoAAFkq/KbZJSWWyrO26en62YmLn4dbS21PNNcXPrsybQPSA DXyLduJ/5E5+0Ezouc3gxtZbmwJ1w/KhCHBq+wqboTHVU3YvLBVMyoP7+MFdgw== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=PyBeUzub; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1752775699; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GFAq24nq/GblK6BKxBfbOxJDhORHv4u8aGQFIWab6oE=; b=kn6aD+RwbZeSvF6XVeJ8426AjOntOBo1c/qZqkseq1ktIIziHctZK2ClLgSK1SzUtbWisC 278+LAZt/88LyPOgPxRh2RVyLxryOtUdDCO+9QBFh9uGfN0ELONglDZk/4YVbUot3hUb+h eAe/PBH00etMgFbaMVpCpYf65s0MbBUyEtTrN4+cY+8gPvQQuMyAcnw2ZumxjS+OZGcZD6 hpVrnMsAANBWCBb1S38ICMX9NySkGYlCuEXUHq+uGtXLGaqY3YG6EQS0b8chzDb8ZvI96D 7zzYGLLPdgACuYiORdPwf4YYEgdwUw+UGgY+rDRTrXXYdcvg9Agwx3ZVIOpSiw== Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 38EDC2061D for ; Thu, 17 Jul 2025 20:08:19 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id yXtXrqar1XQg for ; Thu, 17 Jul 2025 20:08:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1752775695; bh=dlOhUf0SAg1m2vAcMKLMFAYVIPLhA1VPvizeOn7BKC8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=PyBeUzubMNQKN6lWkIwxia61YkaMUiny7qqvsn1+10ZH1+aSm/yVCdZzdDd/80jK9 vuyn4fp7O0mkVh7IhI52xw0wz4g7uRfIu+zUxiw0/g6fbj00kR2r8Ht7JmGLl7Vay0 iT2hF/QmEi/zV8N/nIC+SOSLKMFpFKBmotLIfQKBzNl27G9hTNejwYSfnuwEkfraCN EWFTTTKw2yxGLqkjpQl3/BYR8NvNd3Cth+FqJ/jWIGBmB5GQPxLP5SkUTLYT4IUaYH JXAACjZ0+mv39QsbV6KtyEbUwzHt7mnbtlCL6t4+6TY0mr0L2ShHNmJAi/dHdrAxcB wM1CESPf1gUlQ== Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 8535C396924; Thu, 17 Jul 2025 20:08:11 +0200 (CEST) From: Robin Roevens To: development@lists.ipfire.org Cc: Robin Roevens Subject: [PATCH 5/6] zabbix_agentd: Openvpn-2.6: fix pid name for services stats Date: Thu, 17 Jul 2025 19:52:04 +0200 Message-ID: <20250717180805.5754-6-robin.roevens@disroot.org> In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org> References: <20250717180805.5754-1-robin.roevens@disroot.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 X-RoevensLambrechts-MailScanner-ID: 8535C396924.AD543 X-RoevensLambrechts-MailScanner: Found to be clean X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org X-RoevensLambrechts-MailScanner-Watermark: 1753380493.01099@1YX7xfRliTd8V/za2Yuj8A X-Spamd-Result: default: False [-5.36 / 11.00]; BAYES_HAM(-2.96)[99.82%]; R_DKIM_ALLOW(-1.69)[disroot.org:s=mail]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.97)[-0.970]; DKIM_REPUTATION(-0.97)[-0.96571772715206]; SPF_REPUTATION_SPAM(0.54)[0.18081922421901]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+a:c]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MISSING_XM_UA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4bjgrz3nK4z2yC Signed-off-by: Robin Roevens --- config/zabbix_agentd/ipfire_services.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/zabbix_agentd/ipfire_services.pl b/config/zabbix_agentd/ipfire_services.pl index 653b606ee..d3f9855ba 100755 --- a/config/zabbix_agentd/ipfire_services.pl +++ b/config/zabbix_agentd/ipfire_services.pl @@ -100,7 +100,7 @@ my %services = ( # OpenVPN Roadwarrior 'OpenVPN Roadwarrior Server' => { "process" => "openvpn", - "pidfile" => "/var/run/openvpn.pid", + "pidfile" => "/var/run/openvpn-rw.pid", } ); From patchwork Thu Jul 17 17:52:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Robin Roevens X-Patchwork-Id: 8931 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bjgs72rm1z3wm9 for ; Thu, 17 Jul 2025 18:08:27 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgs44Y1fz7Cq for ; Thu, 17 Jul 2025 18:08:24 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bjgs33vxVz333d for ; Thu, 17 Jul 2025 18:08:23 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bjgry69Zwz34Rk for ; Thu, 17 Jul 2025 18:08:18 +0000 (UTC) Received: from layka.disroot.org (layka.disroot.org [178.21.23.139]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 4bjgrx3pL7z6FM for ; Thu, 17 Jul 2025 18:08:17 +0000 (UTC) Authentication-Results: mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Fb9Pbdbi; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1752775697; a=rsa-sha256; cv=none; b=CvMcUFFIphrY709bynmQR+CFugsH8bKeYjP0DNIstWa4PMH++sVEcppryyW44zUlfaIqkq kNHhHKC86S3Y6tU3IFPrHSqJo6inb4SZYZr/5q0/C0yjH/1XrXAbDJvPteHs4dzy6hCYly Fx0yMpGCSEsMX1Iq+mWmXFcjtVKN05uKrljZe0JZjfPJJF/pGnPrbcJ4Dd0EuaLwqmiL8q exqI49YcINBb8VEmPfikjaS7jWMcKFLIsEp3YC9tzvoqH5IYPJrmilG2NmLqyTpOhDYKZ0 PCtJZuOvbUTNrQDCfeg5IDBkvLe+ozgapfKH8qA3OKZ4I5vUmR3T8a53DCTqVA== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=pass header.d=disroot.org header.s=mail header.b=Fb9Pbdbi; spf=pass (mail01.ipfire.org: domain of robin.roevens@disroot.org designates 178.21.23.139 as permitted sender) smtp.mailfrom=robin.roevens@disroot.org; dmarc=pass (policy=reject) header.from=disroot.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1752775697; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SNKCIzr6cb+4NG4Rnp5LHECie9o7/XGZK9PDOIsTNSU=; b=Tt32zWVwBNMhlGmUP8JzmcFBig6e221THYW8nHYjGrIYSKZAFtyvnJkwiHkGlp53HgUIQJ 9Pw47lScWoqNfCxipTW49j4MFeAmwDSvOlX+LS5jhRjYKfHmoYpLzQC5CkZHrV3C8VLBGa 7frOih8lxZpVZvGlLh5Nywm2vctFOc43CyX0LkJv2lNi1mTt74xXVWbrlKkerxisOnOtuY OSSzW1CFvpGQKEv3rBBLkALtkLHGBgbKLf6wU0t+TNR2seOII6xRTYOvLOt8Q/xcwGHwNE lrU2ldRGGVjXBsYWmXyhDMhvBoMrnwRQLoONTq5PRVilMNtuY5h7oekzC1QY+g== Received: from mail01.disroot.lan (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 23F462061D for ; Thu, 17 Jul 2025 20:08:17 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from layka.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id IgAgrDyRn6_r for ; Thu, 17 Jul 2025 20:08:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1752775695; bh=YKro5BQXVO8J1yCjkTkt3QK6a6ESkQxqxw98PPyrZ1M=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=Fb9PbdbipARorP69+SkxYucfHdnit6KGJAngtf2rLdEruHw+8Lyl6emFGaHopWFV1 PE5F3PMmL2eG06fk9eugMurAz/pQiSG1MGyCzZ5TPQcHF7K97FZioE1HKNNqUTaQ2f yy5Bm1Y370tkrMqBuegRFe1kWGisYMZAtqt6Vv2G6Elqyc0LfkQ0NJZB1Wrm0vErTG h0P9CYra3Ac1bYDmXOhI6WG9qfScpndoTccPgVI7oUGoBElE7iRenqNCgnxcmomAYT cdwSOmJIDooJ3u17dK7tJvPs2ojNjglB7IfEUMxPIidgEhUSv6qDFywUFq4nccH2Ox B5vTuwPntOSeQ== Received: from chojin.roevenslambrechts.be (chojin.roevenslambrechts.be [192.168.0.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (no client certificate requested) (Authenticated sender) by hachiman (MailScanner Milter) with SMTP id 5271739693C; Thu, 17 Jul 2025 20:08:12 +0200 (CEST) From: Robin Roevens To: development@lists.ipfire.org Cc: Robin Roevens Subject: [PATCH 6/6] zabbix_agentd: Openvpn-2.6: use the helper binary to read the status log Date: Thu, 17 Jul 2025 19:52:05 +0200 Message-ID: <20250717180805.5754-7-robin.roevens@disroot.org> In-Reply-To: <20250717180805.5754-1-robin.roevens@disroot.org> References: <20250717180805.5754-1-robin.roevens@disroot.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 X-RoevensLambrechts-MailScanner-ID: 5271739693C.AD543 X-RoevensLambrechts-MailScanner: Found to be clean X-RoevensLambrechts-MailScanner-From: robin.roevens@disroot.org X-RoevensLambrechts-MailScanner-Watermark: 1753380493.05576@99HCbqiyjhf4SF0c8UAobQ X-Spamd-Result: default: False [-5.40 / 11.00]; BAYES_HAM(-3.00)[99.99%]; R_DKIM_ALLOW(-1.69)[disroot.org:s=mail]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.97)[-0.971]; DKIM_REPUTATION(-0.97)[-0.96571772715206]; SPF_REPUTATION_SPAM(0.54)[0.18081922421901]; DMARC_POLICY_ALLOW(-0.50)[disroot.org,reject]; R_MISSING_CHARSET(0.50)[]; R_SPF_ALLOW(-0.20)[+a:c]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; IP_REPUTATION_HAM(-0.01)[asn: 50673(0.00), country: NL(-0.01), ip: 178.21.23.139(0.00)]; FUZZY_RATELIMITED(0.00)[rspamd.com]; ASN(0.00)[asn:50673, ipnet:178.21.23.0/24, country:NL]; ARC_NA(0.00)[]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MISSING_XM_UA(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[disroot.org:+]; ARC_SIGNED(0.00)[lists.ipfire.org:s=202003rsa:i=1]; PREVIOUSLY_DELIVERED(0.00)[development@lists.ipfire.org]; FROM_HAS_DN(0.00)[] X-Rspamd-Action: no action X-Rspamd-Server: mail01.haj.ipfire.org X-Rspamd-Queue-Id: 4bjgrx3pL7z6FM Signed-off-by: Robin Roevens --- config/zabbix_agentd/sudoers | 2 +- config/zabbix_agentd/userparameter_ovpn.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers index 57273a2c8..50a9e69de 100644 --- a/config/zabbix_agentd/sudoers +++ b/config/zabbix_agentd/sudoers @@ -9,6 +9,6 @@ # Defaults:zabbix !requiretty zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat -zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump +zabbix ALL=(ALL) NOPASSWD: /usr/local/bin/openvpnctrl rw log, /usr/local/bin/wireguardctrl dump zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl diff --git a/config/zabbix_agentd/userparameter_ovpn.conf b/config/zabbix_agentd/userparameter_ovpn.conf index a7a6d8535..d2ce10bb3 100644 --- a/config/zabbix_agentd/userparameter_ovpn.conf +++ b/config/zabbix_agentd/userparameter_ovpn.conf @@ -3,7 +3,7 @@ # Discovery of configured ovpn clients UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }' # Get OpenVPN status report -UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }' +UserParameter=ipfire.ovpn.statusreport.get,sudo /usr/local/bin/openvpnctrl rw log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf "\"timestamp\":%s,\"clients\":[",unixtime($2) } /^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 != "Common Name") { printf "%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}", separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/ { print "],\"routing_table\":["; separator = "" } /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ { if ($1 != "Virtual Address") { printf "%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}", separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }' # Get OpenVPN client certificate details UserParameter=ipfire.ovpn.clientcert[*],sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem UserParameter=ipfire.ovpn.cacert,sudo /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh /var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem