Ad Widget

Collapse

server parameter in agentd.conf

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • lAni
    Junior Member
    • Jan 2005
    • 3
    #1

    server parameter in agentd.conf

    Hi,

    I run my ZABBIX server on a host that has no fixed IP. It changes at least every 24h. There is no way for me to determine a range or set of IPs that would be usefull for this parameter because i never get the same IP twice!

    What is the workaround for this? And please dont tell me to crontab a config-reset and -reload.
    I'm thinking (dreaming?!) of a disable-this-feature-at-your-own-riks-button for those who understand to deal with ipfilter...

    Btw.: You did a great job with this tool! Must've been (still be) a lot of work... don't you consider "taking some more men into the boat"?

    regards

    Phil
    Tags: None
    • Alexei
      Founder, CEO
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • Sep 2004
      • 5654
      #2
      Patch

      Here is patch from Fabien Postif. I haven't checked it carefully yet, so use it at your own risk Also, be aware that name resolution may add quite significant overhead depending on your network and DNS configuration.

      File security.c:

      Code:
      int	 check_security(int sockfd, char *ip_list, int allow_if_empty)
  {
  		char	*sname;
  		struct  sockaddr_in name;
  		int	 i;
  		char	*s;
  
  		char	tmp[MAX_STRING_LEN];
  
  		zabbix_log( LOG_LEVEL_DEBUG, "In check_security()");
  
  		if( (1 == allow_if_empty) && (strlen(ip_list)==0) )
  		{
  				return SUCCEED;
  		}
  
  		i=sizeof(name);
  
  /*	  if(getpeername(sockfd,  (struct sockaddr *)&name, (size_t *)&i) == 0)*/
 		if(getpeername(sockfd, (struct sockaddr *)&name, (socklen_t *)&i) == 0)
  		{
  				i=sizeof(struct sockaddr_in);
  
  				sname=inet_ntoa(name.sin_addr);
  
 			 zabbix_log( LOG_LEVEL_DEBUG, "Connection from [%s]. Allowed servers [%s] ",sname, ip_list);
  				strscpy(tmp,ip_list);
  				s=(char *)strtok(tmp,",");
  				while(s!=NULL)
  				{
 					 if(strcmp(sname, s)==0)
  					    {
 							 return SUCCEED;
  					    }
  					 else {
 							 struct sockaddr_in	 addr_machine;
 							 struct hostent		 *machine;
 							 char				 *ip_machine;
 							 machine = gethostbyname(s);
 							 memcpy(&addr_machine.sin_addr,machine->h_addr,machine->h_length);
 							 ip_machine=inet_ntoa(addr_machine.sin_addr);
 							 zabbix_log( LOG_LEVEL_DEBUG, "Resolve de [%s] : [%s][%s]",ip_machine,sname,machine->h_name);
 							 if(strcmp(ip_machine,sname)== 0)
 							 {
 									 return SUCCEED;
 							 }
  					    }
  
 					 s=(char *)strtok(NULL,",");
  				}
  		}
  		else
  		{
 			 zabbix_log( LOG_LEVEL_WARNING, "Error getpeername [%s]",strerror(errno));
  			 zabbix_log( LOG_LEVEL_WARNING, "Connection rejected");
  				return FAIL;
  		}
 	 zabbix_log( LOG_LEVEL_WARNING, "Connection from [%s] rejected. Allowed server is [%s] ",sname, ip_list);
  		return  FAIL;
  }
      The patch will probably be integrated into ZABBIX v1.1 codebase. Do not hesitate to chase me if I miss it.
      Alexei Vladishev
      Creator of Zabbix, Product manager
      New York | Tokyo | Riga
      My Twitter

        Comment

        • lAni
          Junior Member
          • Jan 2005
          • 3
          #3
          compiling error

          OK my coding skills are absolute low! This is what I get from the compiler (tried it on two diff. Systems: SuSE 9.0 and Debian 3.0)

          ../../include/security.c: In function `check_security':
          ../../include/security.c:75: warning: implicit declaration of function `gethostbyname'
          ../../include/security.c:75: warning: assignment makes pointer from integer without a cast
          ../../include/security.c:76: dereferencing pointer to incomplete type
          ../../include/security.c:76: dereferencing pointer to incomplete type
          ../../include/security.c:78: dereferencing pointer to incomplete type
          make[1]: *** [all] Error 1

          these are my lines:

          Code:
          #70  else
#71    {       
#72        struct  sockaddr_in addr_machine;
#73        struct  hostent *machine;
#74        char    *ip_machine;
#75        machine=gethostbyname(s);
#76        memcpy(&addr_machine.sin_addr,machine->h_addr,machine->h_length);
#77        ip_machine=inet_ntoa(addr_machine.sin_addr);
#78        zabbix_log( LOG_LEVEL_DEBUG, "Resolving of [%s] : [%s][%s]",ip_machine,sname,machine->h_name);
#79        if(strcmp(ip_machine,sname)== 0)
#80        {        
#81            return SUCCEED;
#82        }
#83    }
          I googled for the return value of "gethostbyname" (struct hostent) and everything looks OK so far. Right?

          Also
          Code:
          s=(char *)strtok(tmp,",");
          looks OK to be feeded into "gethostbyname", doesn't it? The compiler would report a diffrent message in case of such an error I guess!

          So where is the bug?
          Why does it want to cast? The variable 'machine' and the return-value of 'gethostbyname' are of the same 'struct' aren't they?
          What does "...makes pointer from integer..." mean?

          *-----------------*snip
          ok forget it, i told ya that i am a noob and thats the proof... but i can learn.
          there is no gethostbyname function at all(yet). what file do i have to include?
          *-----------------*snap

          PS: <netdb.h> OK it works nicely now. FIXED.

          Cheers & thnx for the code. Don't forget to integrate it into 1.1, I don't want to to this again

          PPS: if someone is interested I can post or email the "final" code, just ask.
          Last edited by lAni; 05-01-2005, 00:56.

            Comment

            Previous template Next
            Working...