From cfd8bdd89152653aa691d74e949cd43a47a88bcb Mon Sep 17 00:00:00 2001 From: Mikhail Kolesnik Date: Fri, 19 Aug 2011 15:37:39 +0300 Subject: [PATCH] [notify] zabbix_server: update to 1.8.6 Fixes frontend XSS vulnerability, see https://support.zabbix.com/browse/ZBX-3835 for details --- zabbix_server/.footprint | 4 + zabbix_server/.md5sum | 4 +- zabbix_server/Pkgfile | 3 +- zabbix_server/README | 16 +- zabbix_server/zabbix_server.conf | 528 ++++++++++++++++++++++++------- 5 files changed, 420 insertions(+), 135 deletions(-) diff --git a/zabbix_server/.footprint b/zabbix_server/.footprint index 06f9998db..06c64b6cf 100644 --- a/zabbix_server/.footprint +++ b/zabbix_server/.footprint @@ -4,6 +4,10 @@ drwxr-xr-x root/root etc/rc.d/ drwxr-xr-x root/root etc/zabbix/ -rw-r----- daemon/daemon etc/zabbix/zabbix_server.conf drwxr-xr-x root/root usr/ +drwxr-xr-x root/root usr/man/ +drwxr-xr-x root/root usr/man/man1/ +drwxr-xr-x root/root usr/man/man8/ +-rw-r--r-- root/root usr/man/man8/zabbix_server.8.gz drwxr-xr-x root/root usr/sbin/ -rwxr-xr-x root/root usr/sbin/zabbix_server drwxr-xr-x root/root var/ diff --git a/zabbix_server/.md5sum b/zabbix_server/.md5sum index 1d5746a7e..187a832c8 100644 --- a/zabbix_server/.md5sum +++ b/zabbix_server/.md5sum @@ -1,3 +1,3 @@ -3255afd2d44454bae3ec5158920a824f zabbix-1.6.8.tar.gz +4642fd263167211a73a02fe7f3bcd998 zabbix-1.8.6.tar.gz 5fc33083b95fa0df59242469d150ba41 zabbix_server -ce04b1fc57362ff6a4fe439e96f061d3 zabbix_server.conf +90491ea6cc5ea33a5c70aee89c23f4ee zabbix_server.conf diff --git a/zabbix_server/Pkgfile b/zabbix_server/Pkgfile index aac48fd4c..5424e75c6 100644 --- a/zabbix_server/Pkgfile +++ b/zabbix_server/Pkgfile @@ -4,7 +4,7 @@ # Depends on: net-snmp fping mysql name=zabbix_server -version=1.6.8 +version=1.8.6 release=1 source=(http://download.sourceforge.net/zabbix/ZABBIX%20Latest%20Stable/$version/zabbix-$version.tar.gz \ $name.conf $name) @@ -12,6 +12,7 @@ source=(http://download.sourceforge.net/zabbix/ZABBIX%20Latest%20Stable/$version build() { cd zabbix-$version ./configure --prefix=/usr \ + --mandir=/usr/man \ --enable-server \ --with-net-snmp \ --with-libcurl \ diff --git a/zabbix_server/README b/zabbix_server/README index 4d28a83b0..624012eb9 100644 --- a/zabbix_server/README +++ b/zabbix_server/README @@ -4,16 +4,10 @@ Contents of this file were wikified, see current version at: http://crux.nu/Wiki/InstallingZabbix PRECAUTION -If you are upgrading to some 1.6.x version - it is recommended to create -the following indexes in order to speed up performance of ZABBIX front-end -as well as server side (ignore it if the indexes already exist): - CREATE UNIQUE INDEX history_log_2 on history_log (itemid,id); - CREATE UNIQUE INDEX history_text_2 on history_text (itemid,id); - CREATE INDEX graphs_items_1 on graphs_items (itemid); - CREATE INDEX graphs_items_2 on graphs_items (graphid); - CREATE INDEX services_1 on services (triggerid); - -After upgrading from version 1.6.4 log default file location was changed, -adjust /etc/zabbix/zabbix_server.conf file: +For detailed upgrade instructions please refer to +http://www.zabbix.com/documentation/1.8/manual/about/installation_and_upgrade + +After upgrading from version 1.6.4 default log file location was changed, +adjust /etc/zabbix/zabbix_server.conf: LogFile=/var/log/zabbix_server/zabbix_server.log and change it's permissions, and possibly delete old log dir. diff --git a/zabbix_server/zabbix_server.conf b/zabbix_server/zabbix_server.conf index d0caad14d..64c9fd1a5 100644 --- a/zabbix_server/zabbix_server.conf +++ b/zabbix_server/zabbix_server.conf @@ -1,142 +1,428 @@ -# This is config file for ZABBIX server process -# To get more information about ZABBIX, -# go http://www.zabbix.com +# This is a configuration file for Zabbix Server process +# To get more information about Zabbix, +# visit http://www.zabbix.com ############ GENERAL PARAMETERS ################# -# This defines unique NodeID in distributed setup, -# Default value 0 (standalone server) -# This parameter must be between 0 and 999 -#NodeID=0 +### Option: NodeID +# Unique NodeID in distributed setup. +# 0 - standalone server +# +# Mandatory: no +# Range: 0-999 +# Default: +# NodeID=0 -# Number of pre-forked instances of pollers -# Default value is 5 -# This parameter must be between 0 and 255 -#StartPollers=5 +### Option: ListenPort +# Listen port for trapper. +# +# Mandatory: no +# Range: 1024-32767 +# Default: +# ListenPort=10051 -# Number of pre-forked instances of IPMI pollers -# Default value is 0 -# This parameter must be between 0 and 255 -#StartIPMIPollers=0 +### Option: SourceIP +# Source IP address for outgoing connections. +# +# Mandatory: no +# Default: +# SourceIP= -# Number of pre-forked instances of pollers for unreachable hosts -# Default value is 1 -# This parameter must be between 0 and 255 -#StartPollersUnreachable=1 +### Option: LogFile +# Name of log file. +# If not set, syslog is used. +# +# Mandatory: no +# Default: +# LogFile= -# Number of pre-forked instances of trappers -# Default value is 5 -# This parameter must be between 0 and 255 -#StartTrappers=5 - -# Number of pre-forked instances of ICMP pingers -# Default value is 1 -# This parameter must be between 0 and 255 -#StartPingers=1 - -# Number of pre-forked instances of discoverers -# Default value is 1 -# This parameter must be between 0 and 255 -#StartDiscoverers=1 - -# Number of pre-forked instances of HTTP pollers -# Default value is 1 -# This parameter must be between 0 and 255 -#StartHTTPPollers=1 - -# Listen port for trapper. Default port number is 10051. This parameter -# must be between 1024 and 32767 -#ListenPort=10051 - -# Source IP address for outgouing connections -#SourceIP= - -# Listen interface for trapper. Trapper will listen all network interfaces -# if this parameter is missing. -#ListenIP=127.0.0.1 - -# How often ZABBIX will perform housekeeping procedure -# (in hours) -# Default value is 1 hour -# Housekeeping is removing unnecessary information from -# tables history, alert, and alarms -# This parameter must be between 1 and 24 -#HousekeepingFrequency=1 - -# How often ZABBIX will try to send unsent alerts -# (in seconds) -# Default value is 30 seconds -#SenderFrequency=30 - -# Uncomment this line to disable housekeeping procedure -#DisableHousekeeping=1 - -# Specifies debug level -# 0 - debug is not created -# 1 - critical information -# 2 - error information -# 3 - warnings (default) -# 4 - for debugging (produces lots of information) -#DebugLevel=3 - -# Specifies how long we wait for agent response (in sec) -# Must be between 1 and 30 -Timeout=5 - -# Specifies how many seconds trapper may spend processing new data -# Must be between 1 and 30 -#TrapperTimeout=5 - -# After how many seconds of unreachability treat a host as unavailable -#UnreachablePeriod=45 - -# How ofter check host for availability during the unavailability period -#UnavailableDelay=60 - -# Name of PID file -PidFile=/var/run/zabbix_server/zabbix_server.pid - -# Name of log file -# If not set, syslog is used LogFile=/var/log/zabbix_server/zabbix_server.log -# Maximum size of log file in MB. Set to 0 to disable automatic log rotation. +### Option: LogFileSize +# Maximum size of log file in MB. +# 0 - disable automatic log rotation. +# +# Mandatory: no +# Range: 0-1024 +# Default: +# LogFileSize=1 + LogFileSize=5 -# Location for custom alert scripts -AlertScriptsPath=/home/zabbix/bin/ +### Option: DebugLevel +# Specifies debug level +# 0 - no debug +# 1 - critical information +# 2 - error information +# 3 - warnings +# 4 - for debugging (produces lots of information) +# +# Mandatory: no +# Range: 0-4 +# Default: +# DebugLevel=3 -# Location of external scripts -#ExternalScripts=/etc/zabbix/externalscripts +### Option: PidFile +# Name of PID file. +# +# Mandatory: no +# Default: +# PidFile=/tmp/zabbix_server.pid -# Location of 'fping. Default is /usr/sbin/fping -# Make sure that fping binary has root permissions and SUID flag set -#FpingLocation=/usr/sbin/fping +PidFile=/var/run/zabbix_server/zabbix_server.pid -# Location of fping6. Default is /usr/sbin/fping6 -# Make sure that fping binary has root permissions and SUID flag set -#Fping6Location=/usr/sbin/fping6 +### Option: DBHost +# Database host name. +# If set to localhost, socket is used for MySQL. +# +# Mandatory: no +# Default: +# DBHost=localhost -# Temporary directory. Default is /tmp -#TmpDir=/tmp +### Option: DBName +# Database name. +# For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored. +# +# Mandatory: yes +# Default: +# DBName= -# Frequency of ICMP pings (item keys 'icmpping' and 'icmppingsec'). Defauls is 60 seconds. -#PingerFrequency=60 - -# Database host name -# Default is localhost -#DBHost=localhost - -# Database name -# SQLite3 note: path to database file must be provided. DBUser and DBPassword are ignored. DBName=zabbix -# Database user +### Option: DBSchema +# Schema name. Used for IBM DB2. +# +# Mandatory: no +# Default: +# DBSchema= + +### Option: DBUser +# Database user. Ignored for SQLite. +# +# Mandatory: no +# Default: +# DBUser= + DBUser=root -# Database password -# Comment this line if no password used -#DBPassword= +### Option: DBPassword +# Database password. Ignored for SQLite. +# Comment this line if no password is used. +# +# Mandatory: no +# Default: +# DBPassword= -# Connect to MySQL using Unix socket? -#DBSocket=/tmp/mysql.sock +### Option: DBSocket +# Path to MySQL socket. +# +# Mandatory: no +# Default: +# DBSocket=/tmp/mysql.sock + +### Option: DBPort +# Database port when not using local socket. Ignored for SQLite. +# +# Mandatory: no +# Range: 1024-65535 +# Default (for MySQL): +# DBPort=3306 + +############ ADVANCED PARAMETERS ################ + +### Option: StartPollers +# Number of pre-forked instances of pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollers=5 + +### Option: StartIPMIPollers +# Number of pre-forked instances of IPMI pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartIPMIPollers=0 + +### Option: StartPollersUnreachable +# Number of pre-forked instances of pollers for unreachable hosts (including IPMI). +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPollersUnreachable=1 + +### Option: StartTrappers +# Number of pre-forked instances of trappers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartTrappers=5 + +### Option: StartPingers +# Number of pre-forked instances of ICMP pingers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartPingers=1 + +### Option: StartDiscoverers +# Number of pre-forked instances of discoverers. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartDiscoverers=1 + +### Option: StartHTTPPollers +# Number of pre-forked instances of HTTP pollers. +# +# Mandatory: no +# Range: 0-1000 +# Default: +# StartHTTPPollers=1 + +### Option: ListenIP +# List of comma delimited IP addresses that the trapper should listen on. +# Trapper will listen on all network interfaces if this parameter is missing. +# +# Mandatory: no +# Default: +# ListenIP=0.0.0.0 + +# ListenIP=127.0.0.1 + +### Option: HousekeepingFrequency +# How often Zabbix will perform housekeeping procedure (in hours). +# Housekeeping is removing unnecessary information from history, alert, and alarms tables. +# +# Mandatory: no +# Range: 1-24 +# Default: +# HousekeepingFrequency=1 + +### Option: MaxHousekeeperDelete +# The table "housekeeper" contains "tasks" for housekeeping procedure in the format: +# [housekeeperid], [tablename], [field], [value]. +# No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value]) +# will be deleted per one task in one housekeeping cycle. +# SQLite3 does not use this parameter, deletes all corresponding rows without a limit. +# If set to 0 then no limit is used at all. In this case you must know what you are doing! +# +# Mandatory: no +# Range: 0-1048576 +# Default: +# MaxHousekeeperDelete=500 + +### Option: DisableHousekeeping +# If set to 1, disables housekeeping. +# +# Mandatory: no +# Range: 0-1 +# Default: +# DisableHousekeeping=0 + +### Option: SenderFrequency +# How often Zabbix will try to send unsent alerts (in seconds). +# +# Mandatory: no +# Range: 5-3600 +# Default: +# SenderFrequency=30 + +### Option: CacheSize +# Size of configuration cache, in bytes. +# Shared memory size for storing hosts and items data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# CacheSize=8M + +### Option: CacheUpdateFrequency +# How often Zabbix will perform update of configuration cache, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# CacheUpdateFrequency=60 + +### Option: HistoryCacheSize +# Size of history cache, in bytes. +# Shared memory size for storing history data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# HistoryCacheSize=8M + +### Option: TrendCacheSize +# Size of trend cache, in bytes. +# Shared memory size for storing trends data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# TrendCacheSize=4M + +### Option: HistoryTextCacheSize +# Size of text history cache, in bytes. +# Shared memory size for storing character, text or log history data. +# +# Mandatory: no +# Range: 128K-1G +# Default: +# HistoryTextCacheSize=16M + +### Option: NodeNoEvents +# If set to '1' local events won't be sent to master node. +# This won't impact ability of this node to propagate events from its child nodes. +# +# Mandatory: no +# Range: 0-1 +# Default: +# NodeNoEvents=0 + +### Option: NodeNoHistory +# If set to '1' local history won't be sent to master node. +# This won't impact ability of this node to propagate history from its child nodes. +# +# Mandatory: no +# Range: 0-1 +# Default: +# NodeNoHistory=0 + +### Option: Timeout +# Specifies how long we wait for agent, SNMP device or external check (in seconds). +# +# Mandatory: no +# Range: 1-30 +# Default: +# Timeout=3 +Timeout=5 + +### Option: TrapperTimeout +# Specifies how many seconds trapper may spend processing new data. +# +# Mandatory: no +# Range: 1-300 +# Default: +# TrapperTimeout=300 + +### Option: UnreachablePeriod +# After how many seconds of unreachability treat a host as unavailable. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachablePeriod=45 + +### Option: UnavailableDelay +# How often host is checked for availability during the unavailability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnavailableDelay=60 + +### Option: UnreachableDelay +# How often host is checked for availability during the unreachability period, in seconds. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# UnreachableDelay=15 + +### Option: AlertScriptsPath +# Location of custom alert scripts +# +# Mandatory: no +# Default: +# AlertScriptsPath=/home/zabbix/bin/ + +### Option: ExternalScripts +# Location of external scripts +# +# Mandatory: no +# Default: +# ExternalScripts=/etc/zabbix/externalscripts + +### Option: FpingLocation +# Location of fping. +# Make sure that fping binary has root ownership and SUID flag set. +# +# Mandatory: no +# Default: +# FpingLocation=/usr/sbin/fping + +### Option: Fping6Location +# Location of fping6. +# Make sure that fping6 binary has root ownership and SUID flag set. +# Make empty if your fping utility is capable to process IPv6 addresses. +# +# Mandatory: no +# Default: +# Fping6Location=/usr/sbin/fping6 + +### Option: SSHKeyLocation +# Location of public keys for SSH checks +# +# Mandatory: no +# Default: +# SSHKeyLocation= + +### Option: LogSlowQueries +# How long a database query may take before being logged (in milliseconds). +# 0 - don't log slow queries. +# +# Mandatory: no +# Range: 1-3600000 +# Default: +# LogSlowQueries=0 + +### Option: TmpDir +# Temporary directory. +# +# Mandatory: no +# Default: +# TmpDir=/tmp + +### Option: Include +# You may include individual files or all files in a directory in the configuration file. +# +# Mandatory: no +# Default: +# Include= + +# Include=/etc/zabbix/zabbix_server.general.conf +# Include=/etc/zabbix/zabbix_server/ + +### Option: StartProxyPollers +# Number of pre-forked instances of pollers for passive proxies. +# +# Mandatory: no +# Range: 0-250 +# Default: +# StartProxyPollers=1 + +### Option: ProxyConfigFrequency +# How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. +# +# Mandatory: no +# Range: 1-3600*24*7 +# Default: +# ProxyConfigFrequency=3600 + +### Option: ProxyDataFrequency +# How often Zabbix Server requests history data from a Zabbix Proxy in seconds. +# This parameter is used only for proxies in the passive mode. +# +# Mandatory: no +# Range: 1-3600 +# Default: +# ProxyDataFrequency=1