Skip to content
Snippets Groups Projects
Commit 1f672d03 authored by Michał Olber's avatar Michał Olber
Browse files

Split Template App Security into 2 independent templates: Iptables, Fail2Ban 

Move userparameter selinux-enable, from security.conf into selinux.conf
Move userparameters from security.conf into iptables.conf and linux.conf
Added squid.conf file and Template App Squid
parent 5b30b275
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
templates/Template App MySQL.xml deleted 100644 → 0
+ 0
10703
View file @ 5b30b275
This diff is collapsed.
templates/Template App S.M.A.R.T.xml deleted 100644 → 0
+ 0
1664
View file @ 5b30b275
This diff is collapsed.
templates/Template Security.xml deleted 100644 → 0
+ 0
370
View file @ 5b30b275
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>3.0</version>
<date>2016-05-02T08:53:53Z</date>
<groups>
<group>
<name>Zabbix Templates</name>
</group>
</groups>
<templates>
<template>
<template>Template Security</template>
<name>Template Security</name>
<description/>
<groups>
<group>
<name>Zabbix Templates</name>
</group>
</groups>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<items>
<item>
<name>Fail2ban is enabled in autostart</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>chkconfig[fail2ban]</key>
<delay>1800</delay>
<history>30</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>3</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>iptables is enabled in autostart</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>chkconfig[iptables]</key>
<delay>1800</delay>
<history>30</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>3</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>Firewall enabled</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>firewall-enabled</key>
<delay>90</delay>
<history>30</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>3</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<valuemap>
<name>Service state</name>
</valuemap>
<logtimefmt/>
</item>
<item>
<name>Checksum of iptables policy</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>firewall-md5</key>
<delay>1800</delay>
<history>30</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>Fail2Ban service is running</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>proc.num[fail2ban-server]</key>
<delay>60</delay>
<history>30</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
<item>
<name>Users with UID 0</name>
<type>0</type>
<snmp_community/>
<multiplier>0</multiplier>
<snmp_oid/>
<key>root_users</key>
<delay>30</delay>
<history>90</history>
<trends>365</trends>
<status>0</status>
<value_type>3</value_type>
<allowed_hosts/>
<units/>
<delta>0</delta>
<snmpv3_contextname/>
<snmpv3_securityname/>
<snmpv3_securitylevel>0</snmpv3_securitylevel>
<snmpv3_authprotocol>0</snmpv3_authprotocol>
<snmpv3_authpassphrase/>
<snmpv3_privprotocol>0</snmpv3_privprotocol>
<snmpv3_privpassphrase/>
<formula>1</formula>
<delay_flex/>
<params/>
<ipmi_sensor/>
<data_type>0</data_type>
<authtype>0</authtype>
<username/>
<password/>
<publickey/>
<privatekey/>
<port/>
<description/>
<inventory_link>0</inventory_link>
<applications>
<application>
<name>Security</name>
</application>
</applications>
<valuemap/>
<logtimefmt/>
</item>
</items>
<discovery_rules/>
<macros/>
<templates/>
<screens/>
</template>
</templates>
<triggers>
<trigger>
<expression>{Template Security:chkconfig[fail2ban].last(0)}=0</expression>
<name>Fail2ban is not enabled in autostart</name>
<url/>
<status>0</status>
<priority>2</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
<trigger>
<expression>{Template Security:proc.num[fail2ban-server].sum(#3)}=0</expression>
<name>Fail2Ban service is down</name>
<url/>
<status>0</status>
<priority>3</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
<trigger>
<expression>{Template Security:firewall-enabled.last(0)}=0</expression>
<name>Firewall is disabled</name>
<url/>
<status>0</status>
<priority>3</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
<trigger>
<expression>{Template Security:firewall-md5.diff(0)}&lt;&gt;0</expression>
<name>iptables has been changed</name>
<url/>
<status>0</status>
<priority>1</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
<trigger>
<expression>{Template Security:chkconfig[iptables].last(0)}=0</expression>
<name>iptables is not enabled in autostart</name>
<url/>
<status>0</status>
<priority>2</priority>
<description/>
<type>0</type>
<dependencies/>
</trigger>
<trigger>
<expression>{Template Security:root_users.change()}&gt;1</expression>
<name>Users with UID 0</name>
<url/>
<status>0</status>
<priority>4</priority>
<description>trigger checks the system, if there are more users with the UID 0 than 1</description>
<type>0</type>
<dependencies/>
</trigger>
</triggers>
<value_maps>
<value_map>
<name>Service state</name>
<mappings>
<mapping>
<value>0</value>
<newvalue>Down</newvalue>
</mapping>
<mapping>
<value>1</value>
<newvalue>Up</newvalue>
</mapping>
</mappings>
</value_map>
</value_maps>
</zabbix_export>
zabbix_agentd.conf.d/linux.conf
+ 10
3
View file @ 1f672d03
UserParameter=nfs[*], df | grep -cw $1
UserParameter=mount[*], df | grep -c $1
UserParameter=nfs[*],df | grep -cw $1
UserParameter=mount[*],df | grep -c $1
UserParameter=mount2[*],mount | grep -c '$1'
UserParameter=stat[*],sudo stat -c "%$2" $1
UserParameter=mdstat,egrep -ce "F|_" /proc/mdstat
UserParameter=netstat[*], ss -nat | grep -c $1
UserParameter=chkconfig[*], chkconfig --list | grep "$1" | cut -d ":" -f 5 | grep -c on
......@@ -12,4 +14,9 @@ UserParameter=sockstat.tcp.mem,cat /proc/net/sockstat|grep TCP|cut -d' ' -f 11
UserParameter=sockstat.udp.inuse,cat /proc/net/sockstat|grep UDP:|cut -d' ' -f 3
UserParameter=sockstat.udp.mem,cat /proc/net/sockstat|grep UDP:|cut -d' ' -f 5
UserParameter=check_chmod[*], stat --format '%a' $1
UserParameter=os-full, cat /etc/issue | head -1
UserParameter=os-full, cat /etc/issue | head -1
UserParameter=swap_enabled, /etc/zabbix/bin/swap_enabled.sh
UserParameter=check_md5sum[*],sudo /usr/bin/md5sum $1 | cut -d' ' -f 1
UserParameter=backup_dir_discovery, /etc/zabbix/bin/backup_dir_discovery.sh
UserParameter=du[*],sudo /usr/bin/du -sb $1 | cut -f 1
UserParameter=root_users, getent passwd | egrep -c ':0+:[0-9]+:'
\ No newline at end of file
zabbix_agentd.conf.d/security.conf deleted 100644 → 0
+ 0
3
View file @ 5b30b275
UserParameter=selinux-enabled, [ "$(getenforce)" = "Enforcing" ] && echo 1 || echo 0
UserParameter=firewall-enabled, sudo /sbin/iptables -L INPUT -n | grep -ci 'tcp dpts:10050'
UserParameter=firewall-md5, sudo /sbin/iptables -L INPUT -n | cksum | cut -d " " -f 1
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment