Installing and Setting a Zabbix agent securely

Installing a Zabbix agent

Installing a Zabbix agent is very easy. All you need to do is install the package and edit the /etc/zabbix/zabbix_agentd.conf and change the following:
Server=zabbix-srv.example.com,127.0.0.1
Hostname=srv1.example.com
But this would expose all the data between the Zabbix Agent and the Zabbix Server, since it is not encrypted. If you take your job serious, you always encrypt your data. You don't know what kind of data you will be exchanging tomorrow. Perhaps it's something sensitive, this way you won't have to worry about that.

Setting it up securely

To make the communication secure, we can use autossh to make sure we have working SSH tunnels to and from the Zabbix Server. We will simply forward Zabbix Server port (10051) to all the servers running the agent software and reverse another SSH tunnel from every Zabbix Agent (port 10050) to the Server.
Before we can start to make the tunnels, we need a SSH account we can connect to. The easiest way to do this so it scales well, is to let the machines holding the Zabbix Agent connect to the machine holding the Zabbix Server and setting up the two connections. To make this happen, we need an account on zabbix-srv.example.com that the agent-machines can connect to.

Creating an zabbixagent User on Zabbix-srv (example.com).

#sudo adduser -r zabbixagent -g zabbixagent
#sudo mkdir -p /home/zabbixagent/.ssh
The zabbixagent is only allowed to forward ports. Not to gain shell access.

Make the tunnels on the Agent machines

To make this simple, we will use the machines root user to make the connections for us. First we need to create a SSH keypair (on the agent-machine) for the connections. Each of the agent-machines will have their own keypair.


#sudo mkdir -p /root/.ssh
#sudo ssh-keygen -t rsa -C "zabbixagent@example.com" -f /root/.ssh/zabbixagent_id_rsa -N ''
#sudo cat /root/.ssh/zabbixagent_id_rsa.pub
Once done, the public key (that is displayed on the screen) should be added to /home/zabbixagent/.ssh/authorized_keys on zabbix-srv.example.com

 #scp /root/.ssh/zabbixagent_id_rsa.pub zabbix-srv.example.com:/home/zabbixagent/.ssh/authorized_keys

 On zabbix-srv.example.com

 
# chown -R zabbixagent:zabbixagent /home/zabbixagent
# chmod 440 /home/zabbixagent/.ssh/authorized_keys

We should now be able to make a couple of tunnels to and from zabbix-srv.example.com:

To test it and to add zabbix-srv.example.com to the trusted list of machines, we can try to log in:








#sudo ssh -i /root/.ssh/zabbixagent_id_rsa zabbixagent@zabbix-srv.example.com






This should give us a welcome text, something like this:




Linux zabbix-srv.example.com 3.10.3-x86_64 Wed Oct 23 15:24:17 EDT 2013






All should be ready to go. To set up the tunnel from srv1 we need to run these two commands:








#sudo autossh -i /root/.ssh/zabbixagent_id_rsa -Nf -M 20550 -R 10150:localhost:10050 -L 10051:localhost:10051 zabbixagent@zabbix-srv.example.com






for srv2 it's:




#sudo autossh -i /root/.ssh/zabbixagent_id_rsa -Nf -M 20550 -R 10250:localhost:10050 -L 10051:localhost:10051 zabbixagent@zabbix-srv.example.com






and for srv3 it's:




#sudo autossh -i /root/.ssh/zabbixagent_id_rsa -Nf -M 20550 -R 10350:localhost:10050 -L 10051:localhost:10051 zabbixagent@zabbix-srv.example.com







Notes: Localhost is the server, which run command autossh.






-R 10150:localhost:10050




This option mean that: when the remote host( -R) access to port 10150, this will be forwarded to port 10050 on localhost.




-L 10051:localhost:10051




This option mean that: when the localhost( -L) access to port 10051, this will be forwarded to port 10051 on remote host.







Installing zabbix-agent




sudo apt-get install zabbix-agent




Change the config file to make the agent know which Zabbix Server to use:




sudo nano /etc/zabbix/zabbix_agentd.conf







Server=zabbix-srv.example.com,127.0.0.1
Hostname=srv1.example.com




and restart the agent:




sudo service zabbix-agent restart




That's it. Do the same for the other servers and we are ready to setup the hosts in Zabbix Server.



Setting up the hosts in Zabbix Server

First you should go to "Configuration" and "Hosts".



Here you see my setup. Never mind that. Just press "Create Host" in the top right corner.



The only two tabs you should use here are "Host" and "Templates". Fill out the form the way I did and continue on to the "Templates"-tab.



Click the "Add"-button in the "Templates"-tab and pick "Template OS Linux" (Make sure you are in the "Templates" category in the dropdown box at the top). Once you are done; press the "Select"-button (at the bottom of the screen) and save the host by clicking on the "Save"-button.



It can take up to 30 seconds to see the little indicator on the host-line to go green. It should go green, since we have two-way communication in the SSH tunnels.



Once the servers are green, you are ready to continue on with using Zabbix. From here you can start setting up all the services on your servers, knowing that the communication is secure.

That's it. Enjoy!





































Nhận xét











Đăng nhận xét



















Bài đăng phổ biến từ blog này









CLEANING UP THE ZABBIX DATABASE





















 My Zabbix database size increased a lot in the last few months and since my disk was running out space, I decided to clean up the old events from the database.   Looking at the database tables, the biggest one was  history_uint , which holds the items history data – over 400 millions of records and over 30 Gb of disk space before the clean up.   Since deleting the old records from this table directly would be a very slow process, I decided to create a new table and insert the latest records from the  history_uint  table and then just replace the old table with a new one.   Since this is not an offical procedure, use it at your own risk.   Environment:  Zabbix v2.2  MySql 5.1 – InnoDB with  innodb_file_per_table=ON   Step 1 – Stop the Zabbix server   Step 2 – Open your favourite MySQL client and create a new table   CREATE TABLE  history_uint_new  LIKE  history_uint;   Step 3 – Insert the latest records from the  history_uint  table to the  history_uint_new table   First you need to de








Đọc thêm










Configuring DHCP Relay service on the FortiGate unit





















 Configuring DHCP Relay service on the FortiGate unit  If the clients are configured to obtain a IP address using DHCP relay, configure the FortiGate server as below:   To configure DHCP relay on the FortiGate unit    1. Go to System > Network > Interfaces and select Interface want to configure DHCP relay.    2. Enable DHCP Server in the interface and choose Advanced    3. For Mode, select Relay.    4. In Type select Regular.    5. Select OK.    6. If a router is installed between the FortiGate unit and the DHCP server, define a static route to the DHCP server.   Note : Sometimes it is required to specify more than one DHCP relay IP, to allow for the coverage of additional LAN subnets. Although the Web Based Manager (GUI) does not provide an option to configure this, it is possible to set up to 8 IPs from the CLI.         config system interface              edit <REQUIRED_INTERFACE_HERE>                set dhcp-relay-ip <FIRST_IP> <SECOND_IP> ....<EIGHTH_IP&








Đọc thêm










Stuxnet Trojan - Memory Forensics with Volatility | Part I




















Hình ảnh







 Stuxnet could be the first advanced malware. It is thought that it was developed by the United States and Israel to attack Iran's nuclear facilities. It attacked Windows systems using a zero-day exploit and It was focused on SCADA systems in order to  affect critical infrastructures... Also, it may be spread from USB drivers. It is necessary a squad of highly capable programmers with depth of knowledge of industrial processes and an interest in attacking industrial infrastructure to develop this malware. Kaspersky Lab concluded that the sophisticated attack could only have been conducted "with nation-state support" and a study of the spread of Stuxnet by Symantec says that it was spread to Iran (58.85%), Indonesia (18.22%), India (8.31%), Azerbaijan (2.57%).... Thanks to Malware Cookbook we can download a memory dump from an infected host with this malware in the URL below:   http://www.jonrajewski.com/data/Malware/stuxnet.vmem.zip Ok, let’s go. We are going to analyze i








Đọc thêm