Signed-off-by: Robin Roevens <[email protected]>
---
config/zabbix_agentd/sudoers | 2 +-
config/zabbix_agentd/userparameter_ovpn.conf | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 57273a2c8..50a9e69de 100644
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
#
Defaults:zabbix !requiretty
zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping,
/usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log,
/usr/local/bin/wireguardctrl dump
+zabbix ALL=(ALL) NOPASSWD: /usr/local/bin/openvpnctrl rw log,
/usr/local/bin/wireguardctrl dump
zabbix ALL=(ALL) NOPASSWD:
/var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl
diff --git a/config/zabbix_agentd/userparameter_ovpn.conf
b/config/zabbix_agentd/userparameter_ovpn.conf
index a7a6d8535..d2ce10bb3 100644
--- a/config/zabbix_agentd/userparameter_ovpn.conf
+++ b/config/zabbix_agentd/userparameter_ovpn.conf
@@ -3,7 +3,7 @@
# Discovery of configured ovpn clients
UserParameter=ipfire.ovpn.clients.discovery,cat /var/ipfire/ovpn/ovpnconfig
2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf
"%s{\"{#NAME}\":\"%s\",\"{#COMMONNAME}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK}\":\"%s\",\"{#TYPE}\":\"%s\"}",
separator, $3, $4, $2, $27, $5; separator = ","; } END { print "]" }'
# Get OpenVPN status report
-UserParameter=ipfire.ovpn.statusreport.get,sudo cat /var/run/ovpnserver.log
2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return
mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf
"\"timestamp\":%s,\"clients\":[",unixtime($2) }
/^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 !=
"Common Name") { printf
"%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}",
separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/
{ print "],\"routing_table\":["; separator = "" }
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ {
if ($1 != "Virtual Address") { printf
"%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}",
separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
+UserParameter=ipfire.ovpn.statusreport.get,sudo /usr/local/bin/openvpnctrl rw
log 2>/dev/null | awk -F"," 'function unixtime(t) { gsub(/[-:]/," ",t); return
mktime(t) } BEGIN { ORS = ""; print "{" } /^Updated,.+/ { printf
"\"timestamp\":%s,\"clients\":[",unixtime($2) }
/^.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,[0-9]+,[0-9]+,.+/ { if ($1 !=
"Common Name") { printf
"%s{\"common_name\":\"%s\",\"real_address\":\"%s\",\"bytes_in\":\"%s\",\"bytes_out\":\"%s\",\"connected_since\":\"%s\"}",
separator, $1, $2, $3, $4, unixtime($5); separator = ","; } } /^ROUTING TABLE/
{ print "],\"routing_table\":["; separator = "" }
/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+,.+,[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+,.+/ {
if ($1 != "Virtual Address") { printf
"%s{\"common_name\":\"%s\",\"virtual_address\":\"%s\",\"real_address\":\"%s\",\"last_ref\":\"%s\"}",
separator, $2, $1, $3, unixtime($4); separator = "," } } END { print "]}" }'
# Get OpenVPN client certificate details
UserParameter=ipfire.ovpn.clientcert[*],sudo
/var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
/var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/certs/$1cert.pem
UserParameter=ipfire.ovpn.cacert,sudo
/var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
/var/ipfire/ovpn/ca/cacert.pem /var/ipfire/ovpn/ca/cacert.pem
--
2.50.1
--
Dit bericht is gescanned op virussen en andere gevaarlijke
inhoud door MailScanner en lijkt schoon te zijn.
