diff --git a/net-mgmt/pfSense-pkg-zabbix-agent/Makefile b/net-mgmt/pfSense-pkg-zabbix-agent/Makefile
index 62ecdd560314..11bcd4195103 100644
--- a/net-mgmt/pfSense-pkg-zabbix-agent/Makefile
+++ b/net-mgmt/pfSense-pkg-zabbix-agent/Makefile
@@ -2,7 +2,7 @@
PORTNAME= pfSense-pkg-zabbix-agent
PORTVERSION= 0.8.9
-PORTREVISION= 2
+PORTREVISION= 4
CATEGORIES= net-mgmt
MASTER_SITES= # empty
DISTFILES= # empty
@@ -13,7 +13,7 @@ COMMENT= pfSense package zabbix-agent
LICENSE= ESF
-RUN_DEPENDS= ${LOCALBASE}/sbin/zabbix_agent:net-mgmt/zabbix22-agent
+RUN_DEPENDS= ${LOCALBASE}/sbin/zabbix_agentd:net-mgmt/zabbix3-agent
NO_BUILD= yes
NO_MTREE= yes
diff --git a/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.inc b/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.inc
index a918153bd46e..e9e51e340d37 100644
--- a/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.inc
+++ b/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.inc
@@ -32,11 +32,12 @@ require_once("util.inc");
require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("globals.inc");
+require_once("certs.inc");
define('ZABBIX_AGENT_BASE', '/usr/local');
function php_deinstall_zabbix_agent_lts() {
- unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf");
+ unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix3/zabbix_agentd.conf");
unlink_if_exists("/var/log/zabbix-agent-lts/zabbix_agentd_lts.log");
unlink_if_exists("/var/run/zabbix-agent-lts/zabbix_agentd_lts.pid");
@@ -132,6 +133,44 @@ function sync_package_zabbix_agent_lts() {
$ListenIp = $zbagent_config['listenip'] ?: "0.0.0.0";
$ListenPort = $zbagent_config['listenport'] ?: "10050";
$TimeOut = $zbagent_config['timeout'] ?: "3";
+ $TLSConnect = $zbagent_config['tlsconnect'];
+ $TLSAccept = $zbagent_config['tlsaccept'] ?: "unencrypted";
+
+ if ($zbagent_config['tlscaso']) {
+ $TlsCAfile = "TLSCAFile=/usr/local/etc/ssl/cert.pem";
+ } else {
+ if ($zbagent_config['tlscafile'] != "none") {
+ $ca = lookup_ca($zbagent_config['tlscafile']);
+ zabbix_add_keyfile($ca['crt'], "ca");
+ $TlsCAfile = "TLSCAFile=/usr/local/etc/zabbix3/zabbix_agentd.ca";
+ }
+ }
+
+ if ($zbagent_config['tlscrlfile'] != "none") {
+ $crl = lookup_crl($zbagent_config['tlscrlfile']);
+ crl_update($crl);
+ zabbix_add_keyfile($crl['text'], "crl-verify");
+ $TlsCRLfile = "TLSCRLFile=/usr/local/etc/zabbix3/zabbix_agentd.crl-verify";
+ }
+
+ if ($zbagent_config['tlscertfile'] != "none") {
+ $cert = lookup_cert($zbagent_config['tlscertfile']);
+
+ zabbix_add_keyfile($cert['crt'], "cert");
+ $TlsCERTfile = "TLSCertFile=/usr/local/etc/zabbix3/zabbix_agentd.cert";
+
+ zabbix_add_keyfile($cert['prv'], "key");
+ $TlsKEYfile = "TLSKeyFile=/usr/local/etc/zabbix3/zabbix_agentd.key";
+ }
+
+ if (! empty($zbagent_config['tlspskidentity']) ) {
+ $TLSPSKIdentity = "TLSPSKIdentity={$zbagent_config['tlspskidentity']}";
+ }
+
+ if (! empty($zbagent_config['tlspskfile']) ) {
+ zabbix_add_keyfile($zbagent_config['tlspskfile'], "psk");
+ $TLSPSKFile = "TLSPSKFile=/usr/local/etc/zabbix3/zabbix_agentd.psk";
+ }
$zbagent_conf_file = <<< EOF
Server={$zbagent_config['server']}
@@ -148,10 +187,18 @@ Timeout={$TimeOut}
BufferSend={$BufferSend}
BufferSize={$BufferSize}
StartAgents={$StartAgents}
+TLSConnect={$TLSConnect}
+TLSAccept={$TLSAccept}
+{$TlsCAfile}
+{$TlsCRLfile}
+{$TlsCERTfile}
+{$TlsKEYfile}
+{$TLSPSKIdentity}
+{$TLSPSKFile}
{$UserParams}
EOF;
- file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => "")));
+ file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix3/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => "")));
}
}
@@ -203,8 +250,8 @@ EOF;
// Check startup script files
// Create a few directories and ensure the sample files are in place
- if (!is_dir(ZABBIX_AGENT_BASE . "/etc/zabbix22")) {
- mwexec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/zabbix22");
+ if (!is_dir(ZABBIX_AGENT_BASE . "/etc/zabbix3")) {
+ mwexec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/zabbix3");
}
$dir_checks = <<< EOF
@@ -250,4 +297,15 @@ EOF;
conf_mount_ro();
}
+// Based on openvpn_add_keyfile() function
+function zabbix_add_keyfile(& $data, $directive) {
+ global $g;
+
+ $fpath = "/usr/local/etc/zabbix3/zabbix_agentd.{$directive}";
+
+ file_put_contents($fpath, base64_decode($data));
+ @chmod($fpath, 0600);
+ @chown($fpath, "zabbix");
+}
+
?>
diff --git a/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.xml b/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.xml
index ff70ae87c0b2..acd597031792 100644
--- a/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.xml
+++ b/net-mgmt/pfSense-pkg-zabbix-agent/files/usr/local/pkg/zabbix-agent-lts.xml
@@ -177,6 +177,107 @@
]]>
+
+ TLS-RELATED Parameters
+ listtopic
+
+
+ TLS Connect
+ tlsconnect
+
+
+ Only one value can be specified:
+ unencrypted - connect without encryption
+ psk - connect using TLS and a pre-shared key
+ cert - connect using TLS and a certificate
+ ]]>
+
+ select
+ unencrypted
+
+
+
+
+
+
+
+ TLS Accept
+ tlsaccept
+
+
+ Multiple values can be specified:
+ unencrypted - connect without encryption
+ psk - connect using TLS and a pre-shared key
+ cert - connect using TLS and a certificate
+ ]]>
+
+ select
+ unencrypted
+
+
+
+
+
+
+ 3
+
+
+ TLS CA
+ tlscafile
+ Top-level CA certificate for peer certificate verification.
+ select_source
+
+ descr
+ refid
+ none
+ none
+
+
+ TLS CA System
+ tlscaso
+ Use the CA certificate list from the operating system. This option overrides prior option.
+ checkbox
+
+
+ TLS CRL
+ tlscrlfile
+ List of revoked certificates.
+ select_source
+
+ descr
+ refid
+ none
+ none
+
+
+ TLS Cert
+ tlscertfile
+ Agent certificate.
+ select_source
+
+ descr
+ refid
+ none
+ none
+
+
+ TLS PSK Identity
+ tlspskidentity
+ Unique, case sensitive string used to identify the pre-shared key.
+ input
+ 60
+
+
+ TLS PSK
+ tlspskfile
+ base64
+ textarea
+ 5
+ 50
+
+
User Parameters
userparams
diff --git a/net-mgmt/pfSense-pkg-zabbix-proxy/Makefile b/net-mgmt/pfSense-pkg-zabbix-proxy/Makefile
index 5931bcc12ecc..2b935d4b3a2e 100644
--- a/net-mgmt/pfSense-pkg-zabbix-proxy/Makefile
+++ b/net-mgmt/pfSense-pkg-zabbix-proxy/Makefile
@@ -2,7 +2,7 @@
PORTNAME= pfSense-pkg-zabbix-proxy
PORTVERSION= 0.8.9
-PORTREVISION= 2
+PORTREVISION= 4
CATEGORIES= net-mgmt
MASTER_SITES= # empty
DISTFILES= # empty
@@ -13,7 +13,7 @@ COMMENT= pfSense package zabbix-proxy
LICENSE= ESF
-RUN_DEPENDS= ${LOCALBASE}/sbin/zabbix_proxy:net-mgmt/zabbix22-proxy
+RUN_DEPENDS= ${LOCALBASE}/sbin/zabbix_proxy:net-mgmt/zabbix3-proxy
NO_BUILD= yes
NO_MTREE= yes
diff --git a/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.inc b/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.inc
index d3a51388a3ac..151874d0f9f9 100644
--- a/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.inc
+++ b/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.inc
@@ -32,11 +32,12 @@ require_once("util.inc");
require_once("functions.inc");
require_once("pkg-utils.inc");
require_once("globals.inc");
+require_once("certs.inc");
define('ZABBIX_PROXY_BASE', '/usr/local');
function php_deinstall_zabbix_proxy_lts() {
- unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy_lts.conf");
+ unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix3/zabbix_proxy_lts.conf");
unlink_if_exists("/var/log/zabbix-proxy-lts/zabbix_proxy_lts.log");
unlink_if_exists("/var/run/zabbix-proxy-lts/zabbix_proxy_lts.pid");
@@ -84,6 +85,44 @@ function sync_package_zabbix_proxy_lts() {
if ($zbproxy_config['proxyenabled'] == "on") {
$Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0);
$AdvancedParams = base64_decode($zbproxy_config['advancedparams']);
+ $TLSConnect = $zbproxy_config['tlsconnect'];
+ $TLSAccept = $zbproxy_config['tlsaccept'] ?: "unencrypted";
+
+ if ($zbproxy_config['tlscaso']) {
+ $TlsCAfile = "TLSCAFile=/usr/local/etc/ssl/cert.pem";
+ } else {
+ if ($zbproxy_config['tlscafile'] != "none") {
+ $ca = lookup_ca($zbproxy_config['tlscafile']);
+ zabbix_add_keyfile($ca['crt'], "ca");
+ $TlsCAfile = "TLSCAFile=/usr/local/etc/zabbix3/zabbix_proxy.ca";
+ }
+ }
+
+ if ($zbproxy_config['tlscrlfile'] != "none") {
+ $crl = lookup_crl($zbproxy_config['tlscrlfile']);
+ crl_update($crl);
+ zabbix_add_keyfile($crl['text'], "crl-verify");
+ $TlsCRLfile = "TLSCRLFile=/usr/local/etc/zabbix3/zabbix_proxy.crl-verify";
+ }
+
+ if ($zbproxy_config['tlscertfile'] != "none") {
+ $cert = lookup_cert($zbproxy_config['tlscertfile']);
+
+ zabbix_add_keyfile($cert['crt'], "cert");
+ $TlsCERTfile = "TLSCertFile=/usr/local/etc/zabbix3/zabbix_proxy.cert";
+
+ zabbix_add_keyfile($cert['prv'], "key");
+ $TlsKEYfile = "TLSKeyFile=/usr/local/etc/zabbix3/zabbix_proxy.key";
+ }
+
+ if (! empty($zbproxy_config['tlspskidentity']) ) {
+ $TLSPSKIdentity = "TLSPSKIdentity={$zbproxy_config['tlspskidentity']}";
+ }
+
+ if (! empty($zbproxy_config['tlspskfile']) ) {
+ zabbix_add_keyfile($zbproxy_config['tlspskfile'], "psk");
+ $TLSPSKFile = "TLSPSKFile=/usr/local/etc/zabbix3/zabbix_proxy.psk";
+ }
$zbproxy_conf_file = <<< EOF
Server={$zbproxy_config['server']}
@@ -98,10 +137,18 @@ FpingLocation=/usr/local/sbin/fping
# but if there was, the binary would likely also be in /usr/local/sbin.
Fping6Location=/usr/local/sbin/fping6
ProxyMode={$Mode}
+TLSConnect={$TLSConnect}
+TLSAccept={$TLSAccept}
+{$TlsCAfile}
+{$TlsCRLfile}
+{$TlsCERTfile}
+{$TlsKEYfile}
+{$TLSPSKIdentity}
+{$TLSPSKFile}
{$AdvancedParams}
EOF;
- file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
+ file_put_contents(ZABBIX_PROXY_BASE . "/etc/zabbix3/zabbix_proxy.conf", strtr($zbproxy_conf_file, array("\r" => "")));
}
}
@@ -153,8 +200,8 @@ EOF;
// Check startup script files
// Create a few directories and ensure the sample files are in place
- if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22")) {
- mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22");
+ if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix3")) {
+ mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix3");
}
$dir_checks = <<< EOF
@@ -218,4 +265,15 @@ EOF;
conf_mount_ro();
}
+// Based on openvpn_add_keyfile() function
+function zabbix_add_keyfile(& $data, $directive) {
+ global $g;
+
+ $fpath = "/usr/local/etc/zabbix3/zabbix_proxy.{$directive}";
+
+ file_put_contents($fpath, base64_decode($data));
+ @chmod($fpath, 0600);
+ @chown($fpath, "zabbix");
+}
+
?>
diff --git a/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.xml b/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.xml
index f6b1621e5ce8..f33b62f61427 100644
--- a/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.xml
+++ b/net-mgmt/pfSense-pkg-zabbix-proxy/files/usr/local/pkg/zabbix-proxy-lts.xml
@@ -126,6 +126,107 @@
10
true
+
+ TLS-RELATED Parameters
+ listtopic
+
+
+ TLS Connect
+ tlsconnect
+
+
+ Only one value can be specified:
+ unencrypted - connect without encryption
+ psk - connect using TLS and a pre-shared key
+ cert - connect using TLS and a certificate
+ ]]>
+
+ select
+ unencrypted
+
+
+
+
+
+
+
+ TLS Accept
+ tlsaccept
+
+
+ Multiple values can be specified:
+ unencrypted - connect without encryption
+ psk - connect using TLS and a pre-shared key
+ cert - connect using TLS and a certificate
+ ]]>
+
+ select
+ unencrypted
+
+
+
+
+
+
+ 3
+
+
+ TLS CA
+ tlscafile
+ Top-level CA certificate for peer certificate verification.
+ select_source
+
+ descr
+ refid
+ none
+ none
+
+
+ TLS CA System
+ tlscaso
+ Use the CA certificate list from the operating system. This option overrides prior option.
+ checkbox
+
+
+ TLS CRL
+ tlscrlfile
+ List of revoked certificates.
+ select_source
+
+ descr
+ refid
+ none
+ none
+
+
+ TLS Cert
+ tlscertfile
+ Agent certificate.
+ select_source
+
+ descr
+ refid
+ none
+ none
+
+
+ TLS PSK Identity
+ tlspskidentity
+ Unique, case sensitive string used to identify the pre-shared key.
+ input
+ 60
+
+
+ TLS PSK
+ tlspskfile
+ base64
+ textarea
+ 5
+ 50
+
+
Advanced Parameters
advancedparams
diff --git a/net-mgmt/zabbix3-agent/Makefile b/net-mgmt/zabbix3-agent/Makefile
index 724f60991f34..b2a3f7c6e13b 100644
--- a/net-mgmt/zabbix3-agent/Makefile
+++ b/net-mgmt/zabbix3-agent/Makefile
@@ -5,10 +5,15 @@ PORTNAME= zabbix3
CATEGORIES= net-mgmt
PKGNAMESUFFIX= -agent
+MAINTAINER= pakhom@pakhom.spb.ru
+COMMENT= Enterprise-class open source distributed monitoring (${PKGNAMESUFFIX:S/^-//}) LTS
+
+LICENSE= GPLv2
+
MASTERDIR= ${.CURDIR}/../zabbix3-server
PLIST= ${PKGDIR}/pkg-plist.agent
OPTIONS_DEFINE= IPV6
-OPTIONS_DEFAULT= IPV6
+OPTIONS_DEFAULT= IPV6 OPENSSL
.include "${MASTERDIR}/Makefile"
diff --git a/net-mgmt/zabbix3-proxy/Makefile b/net-mgmt/zabbix3-proxy/Makefile
index 8abd47dda4cb..09af4b39c14f 100644
--- a/net-mgmt/zabbix3-proxy/Makefile
+++ b/net-mgmt/zabbix3-proxy/Makefile
@@ -5,6 +5,11 @@ PORTNAME= zabbix3
CATEGORIES= net-mgmt
PKGNAMESUFFIX= -proxy
+MAINTAINER= pakhom@pakhom.spb.ru
+COMMENT= Enterprise-class open source distributed monitoring (${PKGNAMESUFFIX:S/^-//}) LTS
+
+LICENSE= GPLv2
+
MASTERDIR= ${.CURDIR}/../zabbix3-server
.include "${MASTERDIR}/Makefile"
diff --git a/net-mgmt/zabbix3-server/Makefile b/net-mgmt/zabbix3-server/Makefile
index 638ac39880b5..b1733b2f4d73 100644
--- a/net-mgmt/zabbix3-server/Makefile
+++ b/net-mgmt/zabbix3-server/Makefile
@@ -3,7 +3,7 @@
PORTNAME= zabbix3
PORTVERSION= 3.0.1
-PORTREVISION?= 0
+PORTREVISION?= 1
CATEGORIES= net-mgmt
MASTER_SITES= SF/zabbix/ZABBIX%20Latest%20Stable/${PORTVERSION}
PKGNAMESUFFIX?= -server
@@ -72,7 +72,8 @@ CONFIGURE_ARGS+= --with-net-snmp
OPTIONS_DEFINE= IPV6 FPING JABBER CURL LDAP IPMI SSH NMAP JAVAGW \
LIBXML2
-OPTIONS_DEFAULT= IPV6 FPING JABBER CURL UNIXODBC MYSQL SSH
+
+OPTIONS_DEFAULT= IPV6 FPING JABBER CURL UNIXODBC MYSQL SSH OPENSSL
OPTIONS_SUB= yes
CURL_DESC= Support for web monitoring
@@ -86,9 +87,10 @@ ODBC_DESC= Support for database checks via ODBC
JAVAGW_DESC= Support for Java gateway
LIBXML2_DESC= Support for libxml2 (required by monitoring VMware)
-OPTIONS_SINGLE= DB ODBC
+OPTIONS_SINGLE= DB ODBC SSL
OPTIONS_SINGLE_DB= MYSQL PGSQL SQLITE ORACLE
OPTIONS_SINGLE_ODBC= IODBC UNIXODBC
+OPTIONS_SINGLE_SSL= OPENSSL GNUTLS POLARSSL
MYSQL_CONFIGURE_WITH= mysql
MYSQL_USE= MYSQL=yes
@@ -123,6 +125,9 @@ IODBC_LIB_DEPENDS= libiodbc.so:databases/libiodbc
UNIXODBC_CONFIGURE_WITH=unixodbc
UNIXODBC_LIB_DEPENDS= libodbc.so:databases/unixODBC
+.else
+OPTIONS_SINGLE= SSL
+OPTIONS_SINGLE_SSL= OPENSSL GNUTLS POLARSSL
.endif # if ${ZABBIX_BUILD} != "agent"
IPV6_CONFIGURE_ENABLE= ipv6
@@ -136,8 +141,23 @@ JAVAGW_USE= JAVA=yes
LIBXML2_CONFIGURE_WITH= libxml2
LIBXML2_LIB_DEPENDS= libxml2.so:textproc/libxml2
+OPENSSL_CONFIGURE_WITH= openssl
+OPENSSL_USE= OPENSSL=yes
+
+WITH_OPENSSL_PORT=yes
+
+GNUTLS_CONFIGURE_WITH= gnutls
+GNUTLS_LIB_DEPENDS= libgnutls.so:security/gnutls
+
+POLARSSL_CONFIGURE_WITH=mbedtls
+POLARSSL_LIB_DEPENDS= libmbedtls.so:security/polarssl13
+
.include
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1000000
+WITH_OPENSSL_PORT=yes
+.endif
+
post-patch:
@${GREP} -rl "/etc/zabbix" ${WRKSRC} \
| ${XARGS} ${REINPLACE_CMD} -e 's#/etc/zabbix#${ETCDIR}#g'