chore: Remove obsolete legacy infrastructure files

2026-01-22 13:43:00 -03:00 · 2026-01-22 13:43:00 -03:00 · f917ad6f43
parent b25114eea7
commit f917ad6f43
46 changed files with 0 additions and 2555 deletions
--- a/legacy/_automation_scripts/etc/proxy-sinc/paths.conf
+++ b/legacy/_automation_scripts/etc/proxy-sinc/paths.conf
@ -1,12 +0,0 @@
 # Adicione aqui os caminhos completos para os ficheiros e diretórios que deseja versionar, um por linha.
 # Linhas que começam com '#' são ignoradas.
 /etc/nginx
 /etc/fail2ban
 /etc/resolv.conf
 /etc/nsswitch.conf
 /etc/hosts
 /etc/ufw
 /etc/zabbix
 /etc/sudoers.d
 /etc/tmpfiles.d
 /etc/ssl
--- a/legacy/_automation_scripts/etc/systemd/system/proxy-sinc.service
+++ b/legacy/_automation_scripts/etc/systemd/system/proxy-sinc.service
@ -1,6 +0,0 @@
 [Unit]
 Description=Serviço de Sincronização de Configurações do Nginx para o Git
 After=network.target
 [Service]
 Type=oneshot
 ExecStart=/usr/local/sbin/commit_configs.sh
--- a/legacy/_automation_scripts/etc/systemd/system/proxy-sinc.timer
+++ b/legacy/_automation_scripts/etc/systemd/system/proxy-sinc.timer
@ -1,8 +0,0 @@
 [Unit]
 Description=Executa o serviço de sincronização de configurações a cada minuto
 [Timer]
 OnBootSec=1min
 OnUnitActiveSec=1min
 Unit=proxy-sinc.service
 [Install]
 WantedBy=timers.target
--- a/legacy/_automation_scripts/usr/local/sbin/commit_configs.sh
+++ b/legacy/_automation_scripts/usr/local/sbin/commit_configs.sh
@ -1,60 +0,0 @@
 #!/bin/bash
 set -e
 REPO_PATH="/opt/config_repo"
 CONFIG_DIR="/etc/proxy-sinc"
 PATHS_FILE="${CONFIG_DIR}/paths.conf"
 AUTOMATION_FILES_SOURCE=("/usr/local/sbin/commit_configs.sh" "/usr/local/sbin/proxy-sinc-update" "/etc/systemd/system/proxy-sinc.service" "/etc/systemd/system/proxy-sinc.timer" "/usr/share/man/man8/proxy-sinc.8.gz" "${PATHS_FILE}")
 AUTOMATION_FILES_DEST="$REPO_PATH/_automation_scripts/"
 log_info() { echo "[INFO] $1"; }
 log_info "--- Iniciando a verificação de sincronização [$(date)] ---"
 if [ "$EUID" -ne 0 ]; then echo "[ERRO] O script deve ser executado como root." >&2; exit 1; fi
 if [ ! -d "$REPO_PATH/.git" ]; then echo "[ERRO] O diretório do repositório $REPO_PATH não é um repositório Git válido." >&2; exit 1; fi
 log_info "Sincronizando ficheiros de configuração definidos em $PATHS_FILE..."
 if [ ! -f "$PATHS_FILE" ]; then
    echo "[AVISO] O ficheiro de caminhos $PATHS_FILE não foi encontrado. Nenhum ficheiro de configuração foi sincronizado."
 else
    while IFS= read -r path_to_sync || [ -n "$path_to_sync" ]; do
        if [ -z "$path_to_sync" ] || [[ "$path_to_sync" =~ ^# ]]; then
            continue
        fi
        if [ -e "$path_to_sync" ]; then
            # Copia para a raiz do repositório
            rsync -avz --delete --exclude='*.swp' --exclude='*.bak' --exclude='sites-enabled/' --exclude='modules-enabled/' --exclude='/var/log/' --exclude='/var/run/' --exclude='/var/cache/' "$path_to_sync" "$REPO_PATH/"
        else
            echo "[AVISO] O caminho '$path_to_sync' definido em $PATHS_FILE não existe. A ignorar."
        fi
    done < "$PATHS_FILE"
 fi
 log_info "Sincronizando ficheiros de automação..."
 mkdir -p "$AUTOMATION_FILES_DEST"
 for file in "${AUTOMATION_FILES_SOURCE[@]}"; do
    if [ -f "$file" ]; then
        rsync -aR "$file" "$AUTOMATION_FILES_DEST"
    fi
 done
 cd "$REPO_PATH"
 log_info "A verificar o status do repositório Git..."
 if [ -n "$(git status --porcelain)" ]; then
    log_info "Alterações detetadas. A preparar o commit."
    log_info "A puxar alterações do repositório remoto para evitar conflitos..."
    git pull --ff-only
    log_info "A adicionar alterações ao stage..."
    git add .
    COMMIT_MESSAGE="[Auto-Sync] Atualização das configurações em $(hostname -f) - $(date +'%Y-%m-%d %H:%M:%S')"
    log_info "A fazer o commit com a mensagem: $COMMIT_MESSAGE"
    git commit -m "$COMMIT_MESSAGE"
    log_info "A enviar as alterações para o Gitea (git push)..."
    git push origin main
    echo "[SUCESSO] As alterações foram enviadas para o repositório remoto!"
 else
    log_info "Nenhuma alteração de configuração detetada. O repositório está atualizado."
 fi
 log_info "--- Verificação de sincronização concluída [$(date)] ---"
 exit 0
--- a/legacy/_automation_scripts/usr/local/sbin/proxy-sinc-update
+++ b/legacy/_automation_scripts/usr/local/sbin/proxy-sinc-update
@ -1,27 +0,0 @@
 #!/bin/bash
 set -e
 echo "A procurar por atualizações para o serviço Proxy-Sinc..."
 UPDATE_SCRIPT_URL="https://git.itguys.com.br/joao.goncalves/NgixProxy_Pathfinder/raw/branch/main/Instal-Proxy-Sinc.sh"
 TEMP_SCRIPT="/tmp/setup_latest.sh"
 echo "A baixar a versão mais recente do instalador de: $UPDATE_SCRIPT_URL"
 SSL_VERIFY_FLAG=""
 if [ -d "/opt/config_repo/.git" ]; then
    if [ "$(cd /opt/config_repo && git config --get http.sslVerify)" == "false" ]; then
        SSL_VERIFY_FLAG="--insecure"
        echo "[AVISO] A usar o modo inseguro para baixar a atualização devido à configuração do repositório."
    fi
 fi
 if curl $SSL_VERIFY_FLAG -L "$UPDATE_SCRIPT_URL" -o "$TEMP_SCRIPT"; then
    chmod +x "$TEMP_SCRIPT"
    echo "Instalador baixado com sucesso. A executar a atualização..."
    sudo "$TEMP_SCRIPT"
    rm "$TEMP_SCRIPT"
    echo "Atualização concluída!"
 else
    echo "ERRO: Falha ao baixar o script de atualização." >&2
    exit 1
 fi
 exit 0
--- a/legacy/_automation_scripts/usr/share/man/man8/proxy-sinc.8.gz
+++ b/legacy/_automation_scripts/usr/share/man/man8/proxy-sinc.8.gz
--- a/legacy/_deployment_logs/srvproxy001.itguys.com.br.md
+++ b/legacy/_deployment_logs/srvproxy001.itguys.com.br.md
@ -1,30 +0,0 @@
 # Registo de Deploy do Proxy-Sinc
 **Servidor:** srvproxy001.itguys.com.br
 **Instalado por:** joao.goncalves
 **Data de Instalação:** ter 16 set 2025 19:03:23 -03
 ---
 **Tipo de Ação:** Instalação Manual Inicial
 **Executado por:** joao.goncalves@itguys.com.br
 **Data:** ter 16 set 2025 20:13:37 -03
 ---
 **Tipo de Ação:** Atualização Manual
 **Executado por:** joao.goncalves@itguys.com.br
 **Data:** ter 16 set 2025 20:16:56 -03
 ---
 **Tipo de Ação:** Atualização Manual
 **Executado por:** joao.goncalves@itguys.com.br
 **Data:** ter 16 set 2025 20:29:19 -03
 ---
 **Tipo de Ação:** Atualização Manual
 **Executado por:** joao.goncalves@itguys.com.br
 **Data:** ter 16 set 2025 20:35:37 -03
 ---
 **Tipo de Ação:** Atualização Manual
 **Executado por:** joao.goncalves@itguys.com.br
 **Data:** ter 16 set 2025 20:41:37 -03
--- a/legacy/sudoers.d/README
+++ b/legacy/sudoers.d/README
@ -1,24 +0,0 @@
 #
 # The default /etc/sudoers file created on installation of the
 # sudo  package now includes the directive:
 # 
 # 	@includedir /etc/sudoers.d
 # 
 # This will cause sudo to read and parse any files in the /etc/sudoers.d 
 # directory that do not end in '~' or contain a '.' character.
 # 
 # Note that there must be at least one file in the sudoers.d directory (this
 # one will do).
 # 
 # Note also, that because sudoers contents can vary widely, no attempt is 
 # made to add this directive to existing sudoers files on upgrade.  Feel free
 # to add the above directive to the end of your /etc/sudoers file to enable 
 # this functionality for existing installations if you wish! Sudo
 # versions older than the one in Debian 11 (bullseye) require the
 # directive will only support the old syntax #includedir, and the current
 # sudo will happily accept both @includedir and #includedir
 #
 # Finally, please note that using the visudo command is the recommended way
 # to update sudoers content, since it protects against many failure modes.
 # See the man page for visudo and sudoers for more information.
 #
--- a/legacy/sudoers.d/zabbix-fail2ban
+++ b/legacy/sudoers.d/zabbix-fail2ban
@ -1 +0,0 @@
 zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client
--- a/legacy/ufw/after.init
+++ b/legacy/ufw/after.init
@ -1,40 +0,0 @@
 #!/bin/sh
 #
 # after.init: if executable, called by ufw-init. See 'man ufw-framework' for
 #             details. Note that output from these scripts is not seen via the
 #             the ufw command, but instead via ufw-init.
 #
 # Copyright 2013 Canonical Ltd.
 #
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License version 3,
 #    as published by the Free Software Foundation.
 #
 #    This program is distributed in the hope that it will be useful,
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #    GNU General Public License for more details.
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 set -e
 case "$1" in
 start)
    # typically required
    ;;
 stop)
    # typically required
    ;;
 status)
    # optional
    ;;
 flush-all)
    # optional
    ;;
 *)
    echo "'$1' not supported"
    echo "Usage: after.init {start|stop|flush-all|status}"
    ;;
 esac
--- a/legacy/ufw/after.rules
+++ b/legacy/ufw/after.rules
@ -1,30 +0,0 @@
 #
 # rules.input-after
 #
 # Rules that should be run after the ufw command line added rules. Custom
 # rules should be added to one of these chains:
 #   ufw-after-input
 #   ufw-after-output
 #   ufw-after-forward
 #
 # Don't delete these required lines, otherwise there will be errors
 *filter
 :ufw-after-input - [0:0]
 :ufw-after-output - [0:0]
 :ufw-after-forward - [0:0]
 # End required lines
 # don't log noisy services by default
 -A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
 -A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
 -A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
 -A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
 -A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
 -A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input
 # don't log noisy broadcast
 -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
 # don't delete the 'COMMIT' line or these rules won't be processed
 COMMIT
--- a/legacy/ufw/after6.rules
+++ b/legacy/ufw/after6.rules
@ -1,27 +0,0 @@
 #
 # rules.input-after
 #
 # Rules that should be run after the ufw command line added rules. Custom
 # rules should be added to one of these chains:
 #   ufw6-after-input
 #   ufw6-after-output
 #   ufw6-after-forward
 #
 # Don't delete these required lines, otherwise there will be errors
 *filter
 :ufw6-after-input - [0:0]
 :ufw6-after-output - [0:0]
 :ufw6-after-forward - [0:0]
 # End required lines
 # don't log noisy services by default
 -A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input
 -A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input
 -A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input
 -A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input
 -A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input
 -A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input
 # don't delete the 'COMMIT' line or these rules won't be processed
 COMMIT
--- a/legacy/ufw/applications.d/nginx
+++ b/legacy/ufw/applications.d/nginx
@ -1,14 +0,0 @@
 [Nginx HTTP]
 title=Web Server (Nginx, HTTP)
 description=Small, but very powerful and efficient web server
 ports=80/tcp
 [Nginx HTTPS]
 title=Web Server (Nginx, HTTPS)
 description=Small, but very powerful and efficient web server
 ports=443/tcp
 [Nginx Full]
 title=Web Server (Nginx, HTTP + HTTPS)
 description=Small, but very powerful and efficient web server
 ports=80,443/tcp
--- a/legacy/ufw/applications.d/openssh-server
+++ b/legacy/ufw/applications.d/openssh-server
@ -1,4 +0,0 @@
 [OpenSSH]
 title=Secure shell server, an rshd replacement
 description=OpenSSH is a free implementation of the Secure Shell protocol.
 ports=22/tcp
--- a/legacy/ufw/applications.d/ufw-bittorent
+++ b/legacy/ufw/applications.d/ufw-bittorent
@ -1,19 +0,0 @@
 [Transmission]
 title=Transmission
 description=Transmission BitTorrent client
 ports=51413
 [Deluge]
 title=Deluge
 description=Deluge BitTorrent client
 ports=6881:6891/tcp
 [KTorrent]
 title=KTorrent
 description=KTorrent BitTorrent client
 ports=6881/tcp|4444/udp
 [qBittorrent]
 title=qBittorrent
 description=qBittorrent BitTorrent client
 ports=6881/tcp
--- a/legacy/ufw/applications.d/ufw-chat
+++ b/legacy/ufw/applications.d/ufw-chat
@ -1,35 +0,0 @@
 [PeopleNearby]
 title=People Nearby
 description=People Nearby (Bonjour/Salut) functionality in Empathy
 ports=5353/udp|5298
 [Bonjour]
 title=Bonjour
 description=Bonjour protocol
 ports=5353/udp|5298
 [MSN]
 title=MSN Chat
 description=MSN chat protocol (with file transfer and voice)
 ports=1863|6891:6900/tcp|6901
 [MSN SSL]
 title=MSN Chat (SSL)
 description=MSN chat protocol (SSL)
 ports=443/tcp
 [AIM]
 title=AIM Talk
 description=AIM talk protocol
 ports=5190/tcp
 [Yahoo]
 title=Yahoo Chat
 description=Yahoo chat protocol
 ports=5050
 [XMPP]
 title=XMPP Chat
 description=XMPP protocol (Jabber and Google Talk)
 ports=5222/tcp|5269/tcp
--- a/legacy/ufw/applications.d/ufw-directoryserver
+++ b/legacy/ufw/applications.d/ufw-directoryserver
@ -1,29 +0,0 @@
 [Kerberos KDC]
 title=Kerberos v5 KDC server
 description=Kerberos v5 KDC server
 ports=88
 [Kerberos Admin]
 title=Kerberos v5 admin
 description=Kerberos v5 server
 ports=749/tcp
 [Kerberos Password]
 title=Kerberos v5 password
 description=Kerberos v5 password
 ports=464/udp
 [Kerberos Full]
 title=Kerberos v5 server
 description=Kerberos v5 server
 ports=88,749/tcp|464/udp
 [LDAP]
 title=LDAP server
 description=LDAP server
 ports=389/tcp
 [LDAPS]
 title=LDAP server (LDAPS)
 description=LDAP server (LDAPS)
 ports=636/tcp
--- a/legacy/ufw/applications.d/ufw-dnsserver
+++ b/legacy/ufw/applications.d/ufw-dnsserver
@ -1,4 +0,0 @@
 [DNS]
 title=Internet Domain Name Server
 description=Internet Domain Name Server
 ports=53
--- a/legacy/ufw/applications.d/ufw-fileserver
+++ b/legacy/ufw/applications.d/ufw-fileserver
@ -1,14 +0,0 @@
 [CIFS]
 title=SMB/CIFS server
 description=SMB/CIFS server
 ports=137,138/udp|139,445/tcp
 [NFS]
 title=NFS server
 description=NFS and portmap server. Will also need access to mountd, statd and possibly others
 ports=2049,111/tcp|2049,111/udp
 [svnserve]
 title=Subversion server
 description=Subversion server for access to Subversion repositories.
 ports=3690/tcp
--- a/legacy/ufw/applications.d/ufw-loginserver
+++ b/legacy/ufw/applications.d/ufw-loginserver
@ -1,14 +0,0 @@
 [Telnet]
 title=Telnet server (insecure)
 description=Telnet server (insecure)
 ports=23/tcp
 [SSH]
 title=SSH server
 description=SSH server
 ports=22/tcp
 [VNC]
 title=VNC server
 description=VNC server
 ports=5900/tcp
--- a/legacy/ufw/applications.d/ufw-mailserver
+++ b/legacy/ufw/applications.d/ufw-mailserver
@ -1,30 +0,0 @@
 [POP3]
 title=Mail server (POP3)
 description=Mail server (POP3)
 ports=110/tcp
 [POP3S]
 title=Secure mail server (POP3S)
 description=Secure mail server (POP3S)
 ports=995/tcp
 [IMAP]
 title=Mail server (IMAP)
 description=Mail server (IMAP)
 ports=143/tcp
 [IMAPS]
 title=Secure mail server (IMAPS)
 description=Secure mail server (IMAPS)
 ports=993/tcp
 [SMTP]
 title=Mail server (SMTP)
 description=Mail server (SMTP)
 ports=25/tcp
 [Mail submission]
 title=Mail server (Submission)
 description=Mail server (Submission)
 ports=587/tcp
--- a/legacy/ufw/applications.d/ufw-printserver
+++ b/legacy/ufw/applications.d/ufw-printserver
@ -1,9 +0,0 @@
 [IPP]
 title=Cups server (IPP)
 description=Cups server (IPP)
 ports=631
 [LPD]
 title=LPD server
 description=LPD server
 ports=515/tcp
--- a/legacy/ufw/applications.d/ufw-proxyserver
+++ b/legacy/ufw/applications.d/ufw-proxyserver
@ -1,9 +0,0 @@
 [Socks]
 title=Socks proxy
 description=Socks proxy
 ports=1080/tcp
 [Transparent Proxy]
 title=Transparent proxy
 description=Transparent proxy
 ports=8081/tcp
--- a/legacy/ufw/applications.d/ufw-webserver
+++ b/legacy/ufw/applications.d/ufw-webserver
@ -1,19 +0,0 @@
 [WWW]
 title=Web Server
 description=Web server
 ports=80/tcp
 [WWW Secure]
 title=Web Server (HTTPS)
 description=Web Server (HTTPS)
 ports=443/tcp
 [WWW Full]
 title=Web Server (HTTP,HTTPS)
 description=Web Server (HTTP,HTTPS)
 ports=80,443/tcp
 [WWW Cache]
 title=Web Server (8080)
 description=Web Server (8080)
 ports=8080/tcp
--- a/legacy/ufw/before.init
+++ b/legacy/ufw/before.init
@ -1,40 +0,0 @@
 #!/bin/sh
 #
 # before.init: if executable, called by ufw-init. See 'man ufw-framework' for
 #              details. Note that output from these scripts is not seen via the
 #              the ufw command, but instead via ufw-init.
 #
 # Copyright 2013 Canonical Ltd.
 #
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License version 3,
 #    as published by the Free Software Foundation.
 #
 #    This program is distributed in the hope that it will be useful,
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #    GNU General Public License for more details.
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 set -e
 case "$1" in
 start)
    # typically required
    ;;
 stop)
    # typically required
    ;;
 status)
    # optional
    ;;
 flush-all)
    # optional
    ;;
 *)
    echo "'$1' not supported"
    echo "Usage: before.init {start|stop|flush-all|status}"
    ;;
 esac
--- a/legacy/ufw/before.rules
+++ b/legacy/ufw/before.rules
@ -1,75 +0,0 @@
 #
 # rules.before
 #
 # Rules that should be run before the ufw command line added rules. Custom
 # rules should be added to one of these chains:
 #   ufw-before-input
 #   ufw-before-output
 #   ufw-before-forward
 #
 # Don't delete these required lines, otherwise there will be errors
 *filter
 :ufw-before-input - [0:0]
 :ufw-before-output - [0:0]
 :ufw-before-forward - [0:0]
 :ufw-not-local - [0:0]
 # End required lines
 # allow all on loopback
 -A ufw-before-input -i lo -j ACCEPT
 -A ufw-before-output -o lo -j ACCEPT
 # quickly process packets for which we already have a connection
 -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 # drop INVALID packets (logs these in loglevel medium and higher)
 -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
 -A ufw-before-input -m conntrack --ctstate INVALID -j DROP
 # ok icmp codes for INPUT
 -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
 -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
 -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
 -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
 # ok icmp code for FORWARD
 -A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
 -A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
 -A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
 -A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
 # allow dhcp client to work
 -A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
 #
 # ufw-not-local
 #
 -A ufw-before-input -j ufw-not-local
 # if LOCAL, RETURN
 -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
 # if MULTICAST, RETURN
 -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
 # if BROADCAST, RETURN
 -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
 # all other non-local packets are dropped
 -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
 -A ufw-not-local -j DROP
 # allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
 # is uncommented)
 -A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
 # allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
 # is uncommented)
 -A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
 # don't delete the 'COMMIT' line or these rules won't be processed
 COMMIT
--- a/legacy/ufw/before6.rules
+++ b/legacy/ufw/before6.rules
@ -1,142 +0,0 @@
 #
 # rules.before
 #
 # Rules that should be run before the ufw command line added rules. Custom
 # rules should be added to one of these chains:
 #   ufw6-before-input
 #   ufw6-before-output
 #   ufw6-before-forward
 #
 # Don't delete these required lines, otherwise there will be errors
 *filter
 :ufw6-before-input - [0:0]
 :ufw6-before-output - [0:0]
 :ufw6-before-forward - [0:0]
 # End required lines
 # allow all on loopback
 -A ufw6-before-input -i lo -j ACCEPT
 -A ufw6-before-output -o lo -j ACCEPT
 # drop packets with RH0 headers
 -A ufw6-before-input -m rt --rt-type 0 -j DROP
 -A ufw6-before-forward -m rt --rt-type 0 -j DROP
 -A ufw6-before-output -m rt --rt-type 0 -j DROP
 # quickly process packets for which we already have a connection
 -A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 -A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
 # multicast ping replies are part of the ok icmp codes for INPUT (rfc4890,
 # 4.4.1 and 4.4.2), but don't have an associated connection and are otherwise
 # be marked INVALID, so allow here instead.
 -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
 # drop INVALID packets (logs these in loglevel medium and higher)
 -A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
 -A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
 # ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2)
 -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
 # codes 0 and 1
 -A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
 # codes 0-2 (echo-reply needs to be before INVALID, see above)
 -A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
 # IND solicitation
 -A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
 # IND advertisement
 -A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
 # MLD query
 -A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
 # MLD report
 -A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
 # MLD done
 -A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
 # MLD report v2
 -A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
 # SEND certificate path solicitation
 -A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
 # SEND certificate path advertisement
 -A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
 # MR advertisement
 -A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
 # MR solicitation
 -A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
 # MR termination
 -A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
 # ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2)
 -A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
 # codes 0 and 1
 -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
 # codes 0-2
 -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
 -A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
 # IND solicitation
 -A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
 # IND advertisement
 -A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
 # MLD query
 -A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
 # MLD report
 -A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
 # MLD done
 -A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
 # MLD report v2
 -A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
 # SEND certificate path solicitation
 -A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
 # SEND certificate path advertisement
 -A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
 # MR advertisement
 -A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
 # MR solicitation
 -A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
 # MR termination
 -A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
 # ok icmp codes for FORWARD (rfc4890, 4.3.1)
 -A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
 -A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
 # codes 0 and 1
 -A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
 # codes 0-2
 -A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
 -A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
 -A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
 # ok icmp codes for FORWARD (rfc4890, 4.3.2)
 # Home Agent Address Discovery Reques
 -A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT
 # Home Agent Address Discovery Reply
 -A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT
 # Mobile Prefix Solicitation
 -A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT
 # Mobile Prefix Advertisement
 -A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT
 # allow dhcp client to work
 -A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT
 # allow MULTICAST mDNS for service discovery
 -A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT
 # allow MULTICAST UPnP for service discovery
 -A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT
 # don't delete the 'COMMIT' line or these rules won't be processed
 COMMIT
--- a/legacy/ufw/sysctl.conf
+++ b/legacy/ufw/sysctl.conf
@ -1,41 +0,0 @@
 #
 # Configuration file for setting network variables. Please note these settings
 # override /etc/sysctl.conf and /etc/sysctl.d. If you prefer to use
 # /etc/sysctl.conf, please adjust IPT_SYSCTL in /etc/default/ufw. See
 # Documentation/networking/ip-sysctl.txt in the kernel source code for more
 # information.
 #
 # Uncomment this to allow this host to route packets between interfaces
 #net/ipv4/ip_forward=1
 #net/ipv6/conf/default/forwarding=1
 #net/ipv6/conf/all/forwarding=1
 # Disable ICMP redirects. ICMP redirects are rarely used but can be used in
 # MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
 # traffic to those sites.
 net/ipv4/conf/all/accept_redirects=0
 net/ipv4/conf/default/accept_redirects=0
 net/ipv6/conf/all/accept_redirects=0
 net/ipv6/conf/default/accept_redirects=0
 # Ignore bogus ICMP errors
 net/ipv4/icmp_echo_ignore_broadcasts=1
 net/ipv4/icmp_ignore_bogus_error_responses=1
 net/ipv4/icmp_echo_ignore_all=0
 # Don't log Martian Packets (impossible addresses)
 # packets
 net/ipv4/conf/all/log_martians=0
 net/ipv4/conf/default/log_martians=0
 #net/ipv4/tcp_fin_timeout=30
 #net/ipv4/tcp_keepalive_intvl=1800
 # Uncomment this to turn off ipv6 autoconfiguration
 #net/ipv6/conf/default/autoconf=1
 #net/ipv6/conf/all/autoconf=1
 # Uncomment this to enable ipv6 privacy addressing
 #net/ipv6/conf/default/use_tempaddr=2
 #net/ipv6/conf/all/use_tempaddr=2
--- a/legacy/ufw/ufw.conf
+++ b/legacy/ufw/ufw.conf
@ -1,10 +0,0 @@
 # /etc/ufw/ufw.conf
 #
 # Set to yes to start on boot. If setting this remotely, be sure to add a rule
 # to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
 ENABLED=yes
 # Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
 # See 'man ufw' for details.
 LOGLEVEL=low
--- a/legacy/ufw/user.rules
+++ b/legacy/ufw/user.rules
@ -1,65 +0,0 @@
 *filter
 :ufw-user-input - [0:0]
 :ufw-user-output - [0:0]
 :ufw-user-forward - [0:0]
 :ufw-before-logging-input - [0:0]
 :ufw-before-logging-output - [0:0]
 :ufw-before-logging-forward - [0:0]
 :ufw-user-logging-input - [0:0]
 :ufw-user-logging-output - [0:0]
 :ufw-user-logging-forward - [0:0]
 :ufw-after-logging-input - [0:0]
 :ufw-after-logging-output - [0:0]
 :ufw-after-logging-forward - [0:0]
 :ufw-logging-deny - [0:0]
 :ufw-logging-allow - [0:0]
 :ufw-user-limit - [0:0]
 :ufw-user-limit-accept - [0:0]
 ### RULES ###
 ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p tcp --dport 22 -j ACCEPT
 ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p tcp --dport 80 -j ACCEPT
 ### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p tcp --dport 443 -j ACCEPT
 -A ufw-user-input -p udp --dport 443 -j ACCEPT
 ### tuple ### allow any any 0.0.0.0/0 any 172.16.254.11 in
 -A ufw-user-input -s 172.16.254.11 -j ACCEPT
 ### tuple ### allow any any 0.0.0.0/0 any 172.16.254.125 in
 -A ufw-user-input -s 172.16.254.125 -j ACCEPT
 ### tuple ### allow udp 443 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p udp --dport 443 -j ACCEPT
 ### tuple ### allow udp 80 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p udp --dport 80 -j ACCEPT
 ### tuple ### allow tcp 10051 0.0.0.0/0 any 0.0.0.0/0 in
 -A ufw-user-input -p tcp --dport 10051 -j ACCEPT
 ### tuple ### allow tcp 6160 0.0.0.0/0 any 0.0.0.0/0 in comment=566565616d206465706c6f796d656e742072756c65
 -A ufw-user-input -p tcp --dport 6160 -j ACCEPT
 ### tuple ### allow tcp 6162 0.0.0.0/0 any 0.0.0.0/0 in comment=566565616d207472616e73706f72742072756c65
 -A ufw-user-input -p tcp --dport 6162 -j ACCEPT
 ### END RULES ###
 ### LOGGING ###
 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
 ### END LOGGING ###
 ### RATE LIMITING ###
 -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
 -A ufw-user-limit -j REJECT
 -A ufw-user-limit-accept -j ACCEPT
 ### END RATE LIMITING ###
 COMMIT
--- a/legacy/ufw/user6.rules
+++ b/legacy/ufw/user6.rules
@ -1,59 +0,0 @@
 *filter
 :ufw6-user-input - [0:0]
 :ufw6-user-output - [0:0]
 :ufw6-user-forward - [0:0]
 :ufw6-before-logging-input - [0:0]
 :ufw6-before-logging-output - [0:0]
 :ufw6-before-logging-forward - [0:0]
 :ufw6-user-logging-input - [0:0]
 :ufw6-user-logging-output - [0:0]
 :ufw6-user-logging-forward - [0:0]
 :ufw6-after-logging-input - [0:0]
 :ufw6-after-logging-output - [0:0]
 :ufw6-after-logging-forward - [0:0]
 :ufw6-logging-deny - [0:0]
 :ufw6-logging-allow - [0:0]
 :ufw6-user-limit - [0:0]
 :ufw6-user-limit-accept - [0:0]
 ### RULES ###
 ### tuple ### allow tcp 22 ::/0 any ::/0 in
 -A ufw6-user-input -p tcp --dport 22 -j ACCEPT
 ### tuple ### allow tcp 80 ::/0 any ::/0 in
 -A ufw6-user-input -p tcp --dport 80 -j ACCEPT
 ### tuple ### allow any 443 ::/0 any ::/0 in
 -A ufw6-user-input -p tcp --dport 443 -j ACCEPT
 -A ufw6-user-input -p udp --dport 443 -j ACCEPT
 ### tuple ### allow udp 443 ::/0 any ::/0 in
 -A ufw6-user-input -p udp --dport 443 -j ACCEPT
 ### tuple ### allow udp 80 ::/0 any ::/0 in
 -A ufw6-user-input -p udp --dport 80 -j ACCEPT
 ### tuple ### allow tcp 10051 ::/0 any ::/0 in
 -A ufw6-user-input -p tcp --dport 10051 -j ACCEPT
 ### tuple ### allow tcp 6160 ::/0 any ::/0 in comment=566565616d206465706c6f796d656e742072756c65
 -A ufw6-user-input -p tcp --dport 6160 -j ACCEPT
 ### tuple ### allow tcp 6162 ::/0 any ::/0 in comment=566565616d207472616e73706f72742072756c65
 -A ufw6-user-input -p tcp --dport 6162 -j ACCEPT
 ### END RULES ###
 ### LOGGING ###
 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
 ### END LOGGING ###
 ### RATE LIMITING ###
 -A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
 -A ufw6-user-limit -j REJECT
 -A ufw6-user-limit-accept -j ACCEPT
 ### END RATE LIMITING ###
 COMMIT
--- a/legacy/zabbix/zabbix_agent2.conf
+++ b/legacy/zabbix/zabbix_agent2.conf
@ -1,564 +0,0 @@
 # This is a configuration file for Zabbix agent 2 (Unix)
 # To get more information about Zabbix, visit https://www.zabbix.com
 ############ GENERAL PARAMETERS #################
 ### Option: PidFile
 #	Name of PID file.
 #
 # Mandatory: no
 # Default:
 # PidFile=/tmp/zabbix_agent2.pid
 PidFile=/run/zabbix/zabbix_agent2.pid
 ### Option: LogType
 #	Specifies where log messages are written to:
 #		system  - syslog
 #		file    - file specified with LogFile parameter
 #		console - standard output
 #
 # Mandatory: no
 # Default:
 # LogType=file
 ### Option: LogFile
 #	Log file name for LogType 'file' parameter.
 #
 # Mandatory: yes, if LogType is set to file, otherwise no
 # Default:
 # LogFile=/tmp/zabbix_agent2.log
 LogFile=/var/log/zabbix/zabbix_agent2.log
 ### Option: LogFileSize
 #	Maximum size of log file in MB.
 #	0 - disable automatic log rotation.
 #
 # Mandatory: no
 # Range: 0-1024
 # Default:
 # LogFileSize=1
 LogFileSize=0
 ### Option: DebugLevel
 #	Specifies debug level:
 #	0 - basic information about starting and stopping of Zabbix processes
 #	1 - critical information
 #	2 - error information
 #	3 - warnings
 #	4 - for debugging (produces lots of information)
 #	5 - extended debugging (produces even more information)
 #
 # Mandatory: no
 # Range: 0-5
 # Default:
 # DebugLevel=3
 ### Option: SourceIP
 #	Source IP address for outgoing connections.
 #
 # Mandatory: no
 # Default:
 # SourceIP=
 ##### Passive checks related
 ### Option: Server
 #	List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
 #	Incoming connections will be accepted only from the hosts listed here.
 #	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
 #	and '::/0' will allow any IPv4 or IPv6 address.
 #	'0.0.0.0/0' can be used to allow any IPv4 address.
 #	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
 #
 #   If left empty or not set will disable passive checks, and Zabbix agent 2 will not listen on the ListenPort.
 #
 # Mandatory: no
 # Default:
 # Server=
 Server=172.16.254.11
 ### Option: ListenPort
 #	Agent will listen on this port for connections from the server.
 #
 # Mandatory: no
 # Range: 1024-32767
 # Default:
 # ListenPort=10050
 ### Option: ListenIP
 #	List of comma delimited IP addresses that the agent should listen on.
 #	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
 #
 # Mandatory: no
 # Default:
 # ListenIP=0.0.0.0
 ### Option: StatusPort
 #	Agent will listen on this port for HTTP status requests.
 #
 # Mandatory: no
 # Range: 1024-32767
 # Default:
 # StatusPort=
 ##### Active checks related
 ### Option: ServerActive
 #	Zabbix server/proxy address or cluster configuration to get active checks from.
 #	Server/proxy address is IP address or DNS name and optional port separated by colon.
 #	Cluster configuration is one or more server addresses separated by semicolon.
 #	Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
 #	More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
 #	If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
 #	Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
 #	If port is not specified, default port is used.
 #	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
 #	If port is not specified, square brackets for IPv6 addresses are optional.
 #	If this parameter is not specified, active checks are disabled.
 #	Example for Zabbix proxy:
 #		ServerActive=127.0.0.1:10051
 #	Example for multiple servers:
 #		ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
 #	Example for high availability:
 #		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
 #	Example for high availability with two clusters and one server:
 #		ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
 #
 # Mandatory: no
 # Default:
 # ServerActive=
 ServerActive=172.16.254.11
 ### Option: Hostname
 #	List of comma delimited unique, case sensitive hostnames.
 #	Required for active checks and must match hostnames as configured on the server.
 #	Value is acquired from HostnameItem if undefined.
 #
 # Mandatory: no
 # Default:
 # Hostname=
 Hostname=srvproxy001
 ### Option: HostnameItem
 #	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
 #	Does not support UserParameters or aliases.
 #
 # Mandatory: no
 # Default:
 # HostnameItem=system.hostname
 ### Option: HostMetadata
 #	Optional parameter that defines host metadata.
 #	Host metadata is used at host auto-registration process.
 #	An agent will issue an error and not start if the value is over limit of 2034 bytes.
 #	If not defined, value will be acquired from HostMetadataItem.
 #
 # Mandatory: no
 # Range: 0-2034 bytes
 # Default:
 # HostMetadata=
 ### Option: HostMetadataItem
 #	Optional parameter that defines an item used for getting host metadata.
 #	Host metadata is used at host auto-registration process.
 #	During an auto-registration request an agent will log a warning message if
 #	the value returned by specified item is over limit of 65535 characters.
 #	This option is only used when HostMetadata is not defined.
 #
 # Mandatory: no
 # Default:
 # HostMetadataItem=
 ### Option: HostInterface
 #	Optional parameter that defines host interface.
 #	Host interface is used at host auto-registration process.
 #	An agent will issue an error and not start if the value is over limit of 255 characters.
 #	If not defined, value will be acquired from HostInterfaceItem.
 #
 # Mandatory: no
 # Range: 0-255 characters
 # Default:
 # HostInterface=
 ### Option: HostInterfaceItem
 #	Optional parameter that defines an item used for getting host interface.
 #	Host interface is used at host auto-registration process.
 #	During an auto-registration request an agent will log a warning message if
 #	the value returned by specified item is over limit of 255 characters.
 #	This option is only used when HostInterface is not defined.
 #
 # Mandatory: no
 # Default:
 # HostInterfaceItem=
 ### Option: RefreshActiveChecks
 #	How often list of active checks is refreshed, in seconds.
 #
 # Mandatory: no
 # Range: 1-86400
 # Default:
 # RefreshActiveChecks=5
 ### Option: BufferSend
 #	Do not keep data longer than N seconds in buffer.
 #
 # Mandatory: no
 # Range: 1-3600
 # Default:
 # BufferSend=5
 ### Option: BufferSize
 #	Maximum number of values in a memory buffer. The agent will send
 #	all collected data to Zabbix Server or Proxy if the buffer is full.
 #	Option is not valid if EnablePersistentBuffer=1
 #
 # Mandatory: no
 # Range: 2-65535
 # Default:
 # BufferSize=1000
 ### Option: EnablePersistentBuffer
 #	Enable usage of local persistent storage for active items.
 #	0 - disabled, in-memory buffer is used (default); 1 - use persistent buffer
 # Mandatory: no
 # Range: 0-1
 # Default:
 # EnablePersistentBuffer=0
 ### Option: PersistentBufferPeriod
 #	Zabbix Agent2 will keep data for this time period in case of no
 #	connectivity with Zabbix server or proxy. Older data will be lost. Log data will be preserved.
 #	Option is valid if EnablePersistentBuffer=1
 #
 # Mandatory: no
 # Range: 1m-365d
 # Default:
 # PersistentBufferPeriod=1h
 ### Option: PersistentBufferFile
 #	Full filename. Zabbix Agent2 will keep SQLite database in this file.
 #	Option is valid if EnablePersistentBuffer=1
 #
 # Mandatory: no
 # Default:
 # PersistentBufferFile=
 ### Option: HeartbeatFrequency
 #	Frequency of heartbeat messages in seconds.
 #	Used for monitoring availability of active checks.
 #	0 - heartbeat messages disabled.
 #
 # Mandatory: no
 # Range: 0-3600
 # Default: 60
 # HeartbeatFrequency=
 ############ ADVANCED PARAMETERS #################
 ### Option: Alias
 #	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
 #	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
 #	Different Alias keys may reference the same item key.
 #	For example, to retrieve the ID of user 'zabbix':
 #	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
 #	Now shorthand key zabbix.userid may be used to retrieve data.
 #	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
 #
 # Mandatory: no
 # Range:
 # Default:
 ### Option: Timeout
 #	Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy or server.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Timeout=3
 ### Option:PluginTimeout
 #	Timeout for connections with external plugins.
 #
 # Mandatory: no
 # Range: 1-30
 # Default: <Global timeout>
 # PluginTimeout=
 ### Option:PluginSocket
 #	Path to unix socket for external plugin communications.
 #
 # Mandatory: no
 # Default:/tmp/agent.plugin.sock
 # PluginSocket=
 PluginSocket=/run/zabbix/agent.plugin.sock
 ####### USER-DEFINED MONITORED PARAMETERS #######
 ### Option: UnsafeUserParameters
 #	Allow all characters to be passed in arguments to user-defined parameters.
 #	The following characters are not allowed:
 #	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
 #	Additionally, newline characters are not allowed.
 #	0 - do not allow
 #	1 - allow
 #
 # Mandatory: no
 # Range: 0-1
 # Default:
 UnsafeUserParameters=1
 ### Option: UserParameter
 #	User-defined parameter to monitor. There can be several user-defined parameters.
 #	Format: UserParameter=<key>,<shell command>
 #	See 'zabbix_agentd' directory for examples.
 #
 # Mandatory: no
 # Default:
 # UserParameter=
 ### Option: UserParameterDir
 #	Directory to execute UserParameter commands from. Only one entry is allowed.
 #	When executing UserParameter commands the agent will change the working directory to the one
 #	specified in the UserParameterDir option.
 #	This way UserParameter commands can be specified using the relative ./ prefix.
 #
 # Mandatory: no
 # Default:
 # UserParameterDir=
 ### Option: ControlSocket
 #	The control socket, used to send runtime commands with '-R' option.
 #
 # Mandatory: no
 # Default:
 # ControlSocket=
 ControlSocket=/run/zabbix/agent.sock
 ####### TLS-RELATED PARAMETERS #######
 ### Option: TLSConnect
 #	How the agent should connect to server or proxy. Used for active checks.
 #	Only one value can be specified:
 #		unencrypted - connect without encryption
 #		psk         - connect using TLS and a pre-shared key
 #		cert        - connect using TLS and a certificate
 #
 # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
 # Default:
 # TLSConnect=unencrypted
 ### Option: TLSAccept
 #	What incoming connections to accept.
 #	Multiple values can be specified, separated by comma:
 #		unencrypted - accept connections without encryption
 #		psk         - accept connections secured with TLS and a pre-shared key
 #		cert        - accept connections secured with TLS and a certificate
 #
 # Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
 # Default:
 # TLSAccept=unencrypted
 ### Option: TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for
 #	peer certificate verification.
 #
 # Mandatory: no
 # Default:
 # TLSCAFile=
 ### Option: TLSCRLFile
 #	Full pathname of a file containing revoked certificates.
 #
 # Mandatory: no
 # Default:
 # TLSCRLFile=
 ### Option: TLSServerCertIssuer
 #		Allowed server certificate issuer.
 #
 # Mandatory: no
 # Default:
 # TLSServerCertIssuer=
 ### Option: TLSServerCertSubject
 #		Allowed server certificate subject.
 #
 # Mandatory: no
 # Default:
 # TLSServerCertSubject=
 ### Option: TLSCertFile
 #	Full pathname of a file containing the agent certificate or certificate chain.
 #
 # Mandatory: no
 # Default:
 # TLSCertFile=
 ### Option: TLSKeyFile
 #	Full pathname of a file containing the agent private key.
 #
 # Mandatory: no
 # Default:
 # TLSKeyFile=
 ### Option: TLSPSKIdentity
 #	Unique, case sensitive string used to identify the pre-shared key.
 #
 # Mandatory: no
 # Default:
 # TLSPSKIdentity=
 ### Option: TLSPSKFile
 #	Full pathname of a file containing the pre-shared key.
 #
 # Mandatory: no
 # Default:
 # TLSPSKFile=
 ####### PLUGIN-SPECIFIC PARAMETERS #######
 ### Option: Plugins
 #	A plugin can have one or more plugin specific configuration parameters in format:
 #     Plugins.<PluginName>.<Parameter1>=<value1>
 #     Plugins.<PluginName>.<Parameter2>=<value2>
 #
 # Mandatory: no
 # Range:
 # Default:
 ### Option: Plugins.Log.MaxLinesPerSecond
 #	Maximum number of new lines the agent will send per second to Zabbix Server
 #	or Proxy processing 'log' and 'logrt' active checks.
 #	The provided value will be overridden by the parameter 'maxlines',
 #	provided in 'log' or 'logrt' item keys.
 #
 # Mandatory: no
 # Range: 1-1000
 # Default:
 # Plugins.Log.MaxLinesPerSecond=20
 ### Option: AllowKey
 #	Allow execution of item keys matching pattern.
 #	Multiple keys matching rules may be defined in combination with DenyKey.
 #	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
 #	Parameters are processed one by one according their appearance order.
 #	If no AllowKey or DenyKey rules defined, all keys are allowed.
 #
 # Mandatory: no
 ### Option: DenyKey
 #	Deny execution of items keys matching pattern.
 #	Multiple keys matching rules may be defined in combination with AllowKey.
 #	Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
 #	Parameters are processed one by one according their appearance order.
 #	If no AllowKey or DenyKey rules defined, all keys are allowed.
 #       Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
 #
 # Mandatory: no
 # Default:
 # DenyKey=system.run[*]
 ### Option: Plugins.SystemRun.LogRemoteCommands
 #	Enable logging of executed shell commands as warnings.
 #	0 - disabled
 #	1 - enabled
 #
 # Mandatory: no
 # Default:
 # Plugins.SystemRun.LogRemoteCommands=0
 ### Option: ForceActiveChecksOnStart
 #	Perform active checks immediately after restart for first received configuration.
 #	Also available as per plugin configuration, example: Plugins.Uptime.System.ForceActiveChecksOnStart=1
 #
 # Mandatory: no
 # Range: 0-1
 # Default:
 ForceActiveChecksOnStart=1
 # Include configuration files for plugins
 Include=/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf
 ####### For advanced users - TLS ciphersuite selection criteria #######
 ### Option: TLSCipherCert13
 #	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
 #	Override the default ciphersuite selection criteria for certificate-based encryption.
 #
 # Mandatory: no
 # Default:
 # TLSCipherCert13=
 ### Option: TLSCipherCert
 #	OpenSSL (TLS 1.2) cipher string.
 #	Override the default ciphersuite selection criteria for certificate-based encryption.
 #	Example:
 #		EECDH+aRSA+AES128:RSA+aRSA+AES128
 #
 # Mandatory: no
 # Default:
 # TLSCipherCert=
 ### Option: TLSCipherPSK13
 #	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
 #	Override the default ciphersuite selection criteria for PSK-based encryption.
 #	Example:
 #		TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
 #
 # Mandatory: no
 # Default:
 # TLSCipherPSK13=
 ### Option: TLSCipherPSK
 #	OpenSSL (TLS 1.2) cipher string.
 #	Override the default ciphersuite selection criteria for PSK-based encryption.
 #	Example:
 #		kECDHEPSK+AES128:kPSK+AES128
 #
 # Mandatory: no
 # Default:
 # TLSCipherPSK=
 ### Option: TLSCipherAll13
 #	Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
 #	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
 #	Example:
 #		TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
 #
 # Mandatory: no
 # Default:
 # TLSCipherAll13=
 ### Option: TLSCipherAll
 #	OpenSSL (TLS 1.2) cipher string.
 #	Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
 #	Example:
 #		EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
 #
 # Mandatory: no
 # Default:
 # TLSCipherAll=
 ####### Additional configuration files  #######
 ### Option: Include
 #	You may include individual files or all files in a directory in the configuration file.
 #	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
 #
 # Mandatory: no
 # Default:
 # Include=
 Include=/etc/zabbix/zabbix_agent2.d/*.conf
 # Include=/usr/local/etc/zabbix_agent2.userparams.conf
 # Include=/usr/local/etc/zabbix_agent2.conf.d/
 # Include=/usr/local/etc/zabbix_agent2.conf.d/*.conf
--- a/legacy/zabbix/zabbix_agent2.d/Fail2ban.conf
+++ b/legacy/zabbix/zabbix_agent2.d/Fail2ban.conf
@ -1,2 +0,0 @@
 UserParameter=fail2ban.status[*],sudo /usr/bin/fail2ban-client status '$1'
 UserParameter=fail2ban.discovery,sudo /usr/bin/fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/ //g' -e 's/,/ /g' | xargs -n1 | sed -e 's/\(.*\)/{"{#JAIL}":"\1"}/' | tr '\n' ',' | sed -e 's/,$//' -e 's/.*/{"data":[&]}/'
--- a/legacy/zabbix/zabbix_agent2.d/nginx_custom.conf
+++ b/legacy/zabbix/zabbix_agent2.d/nginx_custom.conf
@ -1,5 +0,0 @@
 # UserParameter para monitoramento customizado do Nginx
 # Data: 2025-09-27
 # Contexto: Listar todos os arquivos de log (.log) no diretório /var/log/nginx/
 UserParameter=nginx.access.logs.list,ls -m /var/log/nginx/*.access.log
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/ceph.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/ceph.conf
@ -1,77 +0,0 @@
 ### Option: Plugins.Ceph.InsecureSkipVerify
 #	InsecureSkipVerify controls whether an HTTP client verifies the	server's certificate chain and host name.
 #	If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name
 #	in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.
 #	This should be used only for testing.
 #
 # Mandatory: no
 # Range: false | true
 # Default:
 # Plugins.Ceph.InsecureSkipVerify=false
 ### Option: Plugins.Ceph.KeepAlive
 #	The amount of time a connection can remain idle before it is closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.Ceph.KeepAlive=300
 ### Option: Plugins.Ceph.Timeout
 #	The maximum amount of time in seconds to wait for a request to be done.
 #	The timeout includes connection time, any redirects, and reading the response body.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Ceph.Timeout=<Global timeout>
 ### Option: Plugins.Ceph.Sessions.*.ApiKey
 #	ApiKey to be used for connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Ceph.Sessions.*.ApiKey=
 ### Option: Plugins.Ceph.Sessions.*.User
 #	Username to be used for connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Ceph.Sessions.*.User=
 ### Option: Plugins.Ceph.Sessions.*.Uri
 #	Uri to connect. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "https".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Ceph.Sessions.*.Uri=
 ### Option: Plugins.Ceph.Default.ApiKey
 #	ApiKey to be used for connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Ceph.Default.ApiKey=
 ### Option: Plugins.Ceph.Default.User
 #	Username to be used for connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Ceph.Default.User=
 ### Option: Plugins.Ceph.Default.Uri
 #	Uri to connect. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "https".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Ceph.Default.Uri=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/docker.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/docker.conf
@ -1,14 +0,0 @@
 ### Option: Plugins.Docker.Endpoint
 #	Docker API endpoint.
 #
 # Mandatory: no
 # Default: unix:///var/run/docker.sock
 # Plugins.Docker.Endpoint=unix:///var/run/docker.sock
 ### Option: Plugins.Docker.Timeout
 #	The maximum time (in seconds) for waiting when a request has to be done.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Docker.Timeout=<Global timeout>
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/memcached.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/memcached.conf
@ -1,65 +0,0 @@
 ### Option: Plugins.Memcached.Timeout
 #	The maximum time (in seconds) for waiting when a request has to be done.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Memcached.Timeout=<Global timeout>
 ### Option: Plugins.Memcached.KeepAlive
 #	Time in seconds for waiting before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.Memcached.KeepAlive=300
 ### Option: Plugins.Memcached.Sessions.*.Uri
 #	Uri to connect. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   Supported schemas: "tcp" and "unix".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Memcached.Sessions.*.Uri=
 ### Option: Plugins.Memcached.Sessions.*.User
 #	Username to send to protected Memcached server. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Memcached.Sessions.*.User=
 ### Option: Plugins.Memcached.Sessions.*.Password
 #	Password to send to protected Memcached server. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Memcached.Sessions.*.Password=
 ### Option: Plugins.Memcached.Default.Uri
 #	Uri to connect. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   Supported schemas: "tcp" and "unix".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Memcached.Default.Uri=
 ### Option: Plugins.Memcached.Default.User
 #	Username to send to protected Memcached server. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Memcached.Default.User=
 ### Option: Plugins.Memcached.Default.Password
 #	Password to send to protected Memcached server. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Memcached.Default.Password=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/modbus.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/modbus.conf
@ -1,23 +0,0 @@
 ### Option: Plugins.Modbus.Timeout
 #	The maximum time (in seconds) for connections.
 #
 # Mandatory: no
 # Range: 1-30
 # Default: global timeout
 ### Option: Plugins.Modbus.Sessions.*.Endpoint
 #	Endpoint is a connection string consisting of a protocol scheme, a host address and a port or seral port name and attributes.
 #
 # Mandatory: no
 ### Option: Plugins.Modbus.Sessions.*.SlaveID
 #	Slave ID of modbus devices.
 #
 # Mandatory: no
 ### Option: Plugins.Modbus.Sessions.*.Timeout
 #	The maximum time (in seconds) for connections.
 #
 # Mandatory: no
 # Range: 1-30
 # Default: plugin modbus timeout
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf
@ -1,104 +0,0 @@
 ### Option:Plugins.MongoDB.System.Path
 #	Path to external plugin executable.
 #
 # Mandatory: yes
 # Default:
 # Plugins.MongoDB.System.Path=
 Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb
 ### Option: Plugins.MongoDB.Timeout
 #	Amount of time to wait for a server to respond when first connecting and on
 #   follow up operations in the session.
 #	Global item-type timeout (or individual item timeout) will override this value if it is greater.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.MongoDB.Timeout=<Global timeout from Zabbix agent 2 configuration file>
 ### Option: Plugins.MongoDB.KeepAlive
 #	Time in seconds for waiting before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.MongoDB.KeepAlive=300
 ### Option: Plugins.MongoDB.Sessions.*.Uri
 #	Uri to connect. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "tcp".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.MongoDB.Sessions.*.Uri=
 ### Option: Plugins.MongoDB.Sessions.*.User
 #	Username to send to protected MongoDB server. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MongoDB.Sessions.*.User=
 ### Option: Plugins.MongoDB.Sessions.*.Password
 #	Password to send to protected MongoDB server. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MongoDB.Sessions.*.Password=
 ### Option: Plugins.MongoDB.Sessions.*.TLSConnect
 #Encryption type for MongoDB connection. "*" should be replaced with a session name.
 #       tls connection required     - required
 #       verifies certificates       - verify_ca
 #       verify certificates and ip  - verify_full
 ## Mandatory: no
 # Default: 
 # Plugins.MongoDB.Sessions.*.TLSConnect=
 ### Option: Plugins.MongoDB.Sessions.*.TLSCAFile
 #   Full path-name of a file containing the top-level CA(s) certificates for MongoDB 
 #   peer certificate verification.
 ## Mandatory: no
 # Default: 
 # Plugins.MongoDB.Sessions.*.TLSCAFile=
 ### Option: Plugins.MongoDB.Sessions.*.TLSCertFile
 #   Full path-name of a file containing the MongoDB certificate or certificate chain.
 ## Mandatory: no
 # Default: 
 # Plugins.MongoDB.Sessions.*.TLSCertFile=
 ### Option: Plugins.MongoDB.Sessions.*.TLSKeyFile
 #   Full path-name of a file containing the MongoDB private key.
 ## Mandatory: no
 # Default: 
 # Plugins.MongoDB.Sessions.*.TLSKeyFile=
 ### Option: Plugins.MongoDB.Default.Uri
 #	Uri to connect. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "tcp".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.MongoDB.Default.Uri=
 ### Option: Plugins.MongoDB.Default.User
 #	Username to send to protected MongoDB server. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MongoDB.Default.User=
 ### Option: Plugins.MongoDB.Default.Password
 #	Password to send to protected MongoDB server. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MongoDB.Default.Password=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/mqtt.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/mqtt.conf
@ -1,112 +0,0 @@
 ### Option: Plugins.MQTT.Timeout
 #	The maximum time (in seconds) for connections, disconnections and subscribtions.
 #
 # Mandatory: no
 # Range: 1-30
 # Default: global timeout
 # Plugins.MQTT.Timeout=
 ### Option: Plugins.MQTT.Sessions.*.Url
 #	Broker connection string. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must matches the URL format.
 # Default:
 # Plugins.MQTT.Sessions.*.Url=
 ### Option: Plugins.MQTT.Sessions.*.Topic
 #	Topic to subscribe. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must matches the URL format.
 # Default:
 # Plugins.MQTT.Sessions.*.Topic=
 ### Option: Plugins.MQTT.Sessions.*.User
 #	Username to be used for MQTT authentication. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Sessions.*.User=
 ### Option: Plugins.MQTT.Sessions.*.Password
 #	Password to be used for MQTT authentication. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Sessions.*.Password=
 ### Option: Plugins.MQTT.Sessions.*.TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for MQTT
 #	peer certificate verification.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Sessions.*.TLSCAFile=
 ### Option: Plugins.MQTT.Sessions.*.TLSCertFile
 #	Full pathname of a file containing the MQTT certificate or certificate chain.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Sessions.*.TLSCertFile=
 ### Option: Plugins.MQTT.Sessions.*.TLSKeyFile
 #	Full pathname of a file containing the mysql private key.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Sessions.*.TLSKeyFile=
 ### Option: Plugins.MQTT.Default.*.Url
 #	Broker connection string. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must matches the URL format.
 # Default:
 # Plugins.MQTT.Default.*.Url=
 ### Option: Plugins.MQTT.Default.*.Topic
 #	Topic to subscribe. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must matches the URL format.
 # Default:
 # Plugins.MQTT.Default.*.Topic=
 ### Option: Plugins.MQTT.Default.*.User
 #	Username to be used for MQTT authentication. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Default.*.User=
 ### Option: Plugins.MQTT.Default.*.Password
 #	Password to be used for MQTT authentication. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Default.*.Password=
 ### Option: Plugins.MQTT.Default.TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for mysql
 #	peer certificate verification. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Default.TLSCAFile=
 ### Option: Plugins.MQTT.Default.TLSCertFile
 #	Full pathname of a file containing the MQTT certificate or certificate chain.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Default.TLSCertFile=
 ### Option: Plugins.MQTT.Default.TLSKeyFile
 #	Full pathname of a file containing the MQTT private key. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MQTT.Default.TLSKeyFile=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/mssql.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/mssql.conf
@ -1,184 +0,0 @@
 ### Option:Plugins.MSSQL.System.Path
 #	Path to external plugin executable.
 #
 # Mandatory: yes
 # Default:
 # Plugins.MSSQL.System.Path=
 Plugins.MSSQL.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mssql
 ### Option: Plugins.MSSQL.Timeout
 #	Amount of time to wait for a server to respond when first connecting and on
 #   follow up operations in the session.
 #   Global item-type timeout (or individual item timeout) will override this value if it is greater.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.MSSQL.Timeout=<Global timeout from Zabbix agent 2 configuration file>
 ### Option: Plugins.MSSQL.KeepAlive
 #	Time in seconds for waiting before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.MSSQL.KeepAlive=300
 ### Option: Plugins.MSSQL.CustomQueriesDir
 #	Filepath to a directory containing user defined .sql files with custom
 #	queries that the plugin can execute.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.CustomQueriesDir=
 ### Option: Plugins.MSSQL.Sessions.*.Uri
 #	Uri to connect.
 #	Replace "*" with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "sqlserver".
 #   Embedded credentials will be ignored.
 #   Connection to named instance can be made by specifying instance name in the URI.
 #   Example: sqlserver://localhost/InstanceName
 # Default: sqlserver://localhost:1433
 # Plugins.MSSQL.Sessions.*.Uri=
 ### Option: Plugins.MSSQL.Sessions.*.User
 #	Username to send to protected MSSQL server.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Sessions.*.User=
 ### Option: Plugins.MSSQL.Sessions.*.Password
 #	Password to send to protected MSSQL server.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Sessions.*.Password=
 ### Option: Plugins.MSSQL.Sessions.*.CACertPath
 #	Filepath to the public key certificate of the certificate authority (CA)
 #	that issued the certificate of the MSSQL server.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Sessions.*.CACertPath=
 ### Option: Plugins.MSSQL.Sessions.*.TrustServerCertificate
 #	Boolean value to indicate whether the plugin should trust the server
 #	certificate without validating it.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Range: true, false
 # Default:
 # Plugins.MSSQL.Sessions.*.TrustServerCertificate=
 ### Option: Plugins.MSSQL.Sessions.*.HostNameInCertificate
 #	Common name (CN) of the certificate of the MSSQL server.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Sessions.*.HostNameInCertificate=
 ### Option: Plugins.MSSQL.Sessions.*.Encrypt
 #	Connection encription type.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Default:
 # Range: true, false, strict, disable
 # Plugins.MSSQL.Sessions.*.Encrypt=
 ### Option: Plugins.MSSQL.Sessions.*.TLSMinVersion
 #	Minimum TLS version to use.
 #   Replace "*" with a session name.
 #
 # Mandatory: no
 # Default:
 # Range: 1.0, 1.1, 1.2, 1.3
 # Plugins.MSSQL.Sessions.*.TLSMinVersion=
 ### Option: Plugins.MSSQL.Default.Uri
 #	Uri to connect.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "sqlserver".
 #   Embedded credentials will be ignored.
 #   Connection to named instance can be made by specifying instance name in the URI.
 #   Example: sqlserver://localhost/InstanceName
 # Default: sqlserver://localhost:1433
 # Plugins.MSSQL.Default.Uri=
 ### Option: Plugins.MSSQL.Default.User
 #	Username to send to protected MSSQL server.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Default.User=
 ### Option: Plugins.MSSQL.Default.Password
 #	Password to send to protected MSSQL server.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Default.Password=
 ### Option: Plugins.MSSQL.Default.CACertPath
 #	Filepath to the public key certificate of the certificate authority (CA)
 #	that issued the certificate of the MSSQL server.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Default.CACertPath=
 ### Option: Plugins.MSSQL.Default.TrustServerCertificate
 #	Boolean value to indicate whether the plugin should trust the server
 #	certificate without validating it.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Range: true, false
 # Default:
 # Plugins.MSSQL.Default.TrustServerCertificate=
 ### Option: Plugins.MSSQL.Default.HostNameInCertificate
 #	Common name (CN) of the certificate of the MSSQL server.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.MSSQL.Default.HostNameInCertificate=
 ### Option: Plugins.MSSQL.Default.Encrypt
 #	Connection encryption type.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Range: true, false, strict, disable
 # Plugins.MSSQL.Default.Encrypt=
 ### Option: Plugins.MSSQL.Default.TLSMinVersion
 #	Minimum TLS version to use.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Range: 1.0, 1.1, 1.2, 1.3
 # Plugins.MSSQL.Default.TLSMinVersion=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/mysql.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/mysql.conf
@ -1,138 +0,0 @@
 ### Option: Plugins.Mysql.CallTimeout
 #	The maximum time in seconds for waiting when a request has to be done.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Mysql.CallTimeout=<Global timeout>
 ### Option: Plugins.Mysql.Timeout
 #	The maximum time in seconds for waiting when a connection has to be established.
 #
 # Mandatory: no
 # Range: 1-30
 # Default: global timeout
 ### Option: Plugins.Mysql.CustomQueriesPath
 #	Full pathname of a directory containing *.sql* files with custom queries.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.CustomQueriesPath=
 ### Option: Plugins.Mysql.KeepAlive
 #	Time (in seconds) to wait before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.Mysql.KeepAlive=300
 ### Option: Plugins.Mysql.Sessions.*.Uri
 #	Connection string. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must matches the URI format.
 # Default:
 # Plugins.Mysql.Sessions.*.Uri=
 ### Option: Plugins.Mysql.Sessions.*.User
 #	Username to be used for MySQL authentication. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Sessions.*.User=
 ### Option: Plugins.Mysql.Sessions.*.Password
 #	Password to be used for MySQL authentication. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Sessions.*.Password=
 ### Option: Plugins.Mysql.Sessions.*.TLSConnect
 #	Encryption type for MySQL connection. "*" should be replaced with a session name.
 #		tls connection required     - required
 #		verifies certificates       - verify_ca
 #		verify certificates and ip  - verify_full
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Sessions.*.TLSConnect=
 ### Option: Plugins.Mysql.Sessions.*.TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for mysql
 #	peer certificate verification.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Sessions.*.TLSCAFile=
 ### Option: Plugins.Mysql.Sessions.*.TLSCertFile
 #	Full pathname of a file containing the mysql certificate or certificate chain.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Sessions.*.TLSCertFile=
 ### Option: Plugins.Mysql.Sessions.*.TLSKeyFile
 #	Full pathname of a file containing the mysql private key.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Sessions.*.TLSKeyFile=
 ### Option: Plugins.Mysql.Default.Uri
 #	Connection string. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range: Must matches the URI format.
 # Default:
 # Plugins.Mysql.Default.Uri=
 ### Option: Plugins.Mysql.Default.User
 #	Username to be used for MySQL authentication. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Default.User=
 ### Option: Plugins.Mysql.Default.Password
 #	Password to be used for MySQL authentication. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Default.Password=
 ### Option: Plugins.Mysql.Default.TLSConnect
 #	Encryption type for MySQL connection. Default value used if no other is specified.
 #		tls connection required     - required
 #		verifies certificates       - verify_ca
 #		verify certificates and ip  - verify_full
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Default.TLSConnect=
 ### Option: Plugins.Mysql.Default.TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificates for mysql
 #	peer certificate verification. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Default.TLSCAFile=
 ### Option: Plugins.Mysql.Default.TLSCertFile
 #	Full pathname of a file containing the mysql certificate or certificate chain.
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Default.TLSCertFile=
 ### Option: Plugins.Mysql.Default.TLSKeyFile
 #	Full pathname of a file containing the mysql private key. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Mysql.Default.TLSKeyFile=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/oracle.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/oracle.conf
@ -1,96 +0,0 @@
 ### Option: Plugins.Oracle.CallTimeout
 #	The maximum time in seconds for waiting when a request has to be done.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Oracle.CallTimeout=<Global timeout>
 ### Option: Plugins.Oracle.ConnectTimeout
 #	The maximum time in seconds for waiting when a connection has to be established.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Oracle.ConnectTimeout=<Global timeout>
 ### Option: Plugins.Oracle.CustomQueriesPath
 #	Full pathname of a directory containing *.sql* files with custom queries.
 #
 # Mandatory: no
 # Default:
 # Plugins.Oracle.CustomQueriesPath=
 ### Option: Plugins.Oracle.KeepAlive
 #	Time in seconds for waiting before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.Oracle.KeepAlive=300
 ### Option: Plugins.Oracle.Sessions.*.Uri
 #	Uri to connect. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "tcp".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Oracle.Sessions.*.Uri=
 ### Option: Plugins.Oracle.Sessions.*.Service
 #	Service name to be used for connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: SID is not supported.
 # Default:
 # Plugins.Oracle.Sessions.*.Service=
 ### Option: Plugins.Oracle.Sessions.*.User
 #	Username to be used for connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Oracle.Sessions.*.User=
 ### Option: Plugins.Oracle.Sessions.*.Password
 #	Password to be used for connectione. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Oracle.Sessions.*.Password=
 ### Option: Plugins.Oracle.Default.Uri
 #	Uri to connect. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   The only supported schema is "tcp".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Oracle.Default.Uri=
 ### Option: Plugins.Oracle.Default.Service
 #	Service name to be used for connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range: SID is not supported.
 # Default:
 # Plugins.Oracle.Default.Service=
 ### Option: Plugins.Oracle.Default.User
 #	Username to be used for connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Oracle.Default.User=
 ### Option: Plugins.Oracle.Default.Password
 #	Password to be used for connectione. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Oracle.Default.Password=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf
@ -1,194 +0,0 @@
 ### Option:Plugins.PostgreSQL.System.Path
 #	Path to external plugin executable.
 #
 # Mandatory: yes
 # Default:
 Plugins.PostgreSQL.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql
 ### Option: Plugins.PostgreSQL.CallTimeout
 #	The maximum time in seconds for waiting when a request has to be done.
 #   Global item-type timeout (or individual item timeout) will override this value if it is greater.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.PostgreSQL.CallTimeout=<Global timeout from Zabbix agent 2 configuration file>
 ### Option: Plugins.PostgreSQL.Timeout
 #	The maximum time in seconds for waiting when a connection has to be established.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.PostgreSQL.Timeout=<Global timeout from Zabbix agent 2 configuration file>
 ### Option: Plugins.PostgreSQL.KeepAlive
 #   Time in seconds for waiting before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.PostgreSQL.KeepAlive=300
 ### Option: Plugins.PostgreSQL.CustomQueriesPath
 #	Full pathname of a directory containing *.sql* files with custom queries.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.CustomQueriesPath=
 ### Option: Plugins.PostgreSQL.Sessions.*.Uri
 #	Uri to connect. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must match the URI format.
 #   Supported schemas: "tcp" and "unix".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.PostgreSQL.Sessions.*.Uri=
 ### Option: Plugins.PostgreSQL.Sessions.*.User
 #	Username for session connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must match the PostgreSQL user name.
 # Default:
 # Plugins.PostgreSQL.Sessions.*.User=
 ### Option: Plugins.PostgreSQL.Sessions.*.Password
 #	Password for session connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range: Must match the Password format.
 # Default:
 # Plugins.PostgreSQL.Sessions.*.Password=
 ### Option: Plugins.PostgreSQL.Sessions.*.Database
 #	Database for session connection. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Sessions.*.Database=
 ### Option: Plugins.PostgreSQL.Sessions.*.TLSConnect
 #	Encryption type for PostgreSQL connection. "*" should be replaced with a session name.
 #		require/required        - connect using TLS as transport mode without identity checks, acts like verify-ca if ca 
 #               file is provided;
 #		verify-ca/verify_ca     - connect using TLS and verify certificate;
 #		verify-full/verify_full - connect using TLS, verify certificate and verify that database identity (CN) specified
 #				by DBHost matches its certificate;
 #	Undefined encryption type means unencrypted connection.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Sessions.*.TLSConnect=
 ### Option: Plugins.PostgreSQL.Sessions.*.TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificate
 #	peer certificate verification.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Sessions.*.TLSCAFile=
 ### Option: Plugins.PostgreSQL.Sessions.*.TLSCertFile
 #	Full pathname of a file containing the PostgreSQL certificate or certificate chain.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Sessions.*.TLSCertFile=
 ### Option: Plugins.PostgreSQL.Sessions.*.TLSKeyFile
 #	Full pathname of a file containing the PostgreSQL private key.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Sessions.*.TLSKeyFile=
 ### Option: Plugins.PostgreSQL.Sessions.*.CacheMode
 #   Cache mode for PostgreSQL connection. "*" should be replaced with a session name.
 #		prepare - will create prepared statements on the PostgreSQL server.;
 #		describe - will use the anonymous prepared statement to describe a statement without creating a statement on the
 #       server.
 #
 # Mandatory: no
 # Default: prepare
 # Plugins.PostgreSQL.Sessions.*.CacheMode=
 ### Option: Plugins.PostgreSQL.Default.Uri
 #	Uri to connect. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   Supported schemas: "tcp" and "unix".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.PostgreSQL.Default.Uri=
 ### Option: Plugins.PostgreSQL.Default.User
 #	Username for session connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range: Must matches PostgreSQL user name.
 # Default:
 # Plugins.PostgreSQL.Default.User=
 ### Option: Plugins.PostgreSQL.Default.Password
 #	Password for session connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range: Must matches the Password format.
 # Default:
 # Plugins.PostgreSQL.Default.Password=
 ### Option: Plugins.PostgreSQL.Default.Database
 #	Database for session connection. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Default.Database=
 ### Option: Plugins.PostgreSQL.Default.TLSConnect
 #	Encryption type for Postgres connection. Default value used if no other is specified.
 #		tls connection required     - required
 #		verifies certificates       - verify_ca
 #		verify certificates and ip  - verify_full
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Default.TLSConnect=
 ### Option: Plugins.PostgreSQL.Default.TLSCAFile
 #	Full pathname of a file containing the top-level CA(s) certificate
 #	peer certificate verification. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Default.TLSCAFile=
 ### Option: Plugins.PostgreSQL.Default.TLSCertFile
 #	Full pathname of a file containing the postgres certificate or certificate chain. 
 #   Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Default.TLSCertFile=
 ### Option: Plugins.PostgreSQL.Default.TLSKeyFile
 #	Full pathname of a file containing the postgres private key. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.PostgreSQL.Default.TLSKeyFile=
 ### Option: Plugins.PostgreSQL.Default.CacheMode
 #   Cache mode for PostgreSQL connection.
 #		prepare - will create prepared statements on the PostgreSQL server.;
 #		describe - will use the anonymous prepared statement to describe a statement without creating a statement on the
 #       server.
 #
 # Mandatory: no
 # Default: prepare
 # Plugins.PostgreSQL.Default.CacheMode=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/redis.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/redis.conf
@ -1,65 +0,0 @@
 ### Option: Plugins.Redis.Timeout
 #	The maximum time (in seconds) for waiting when a request has to be done.
 #
 # Mandatory: no
 # Range: 1-30
 # Default:
 # Plugins.Redis.Timeout=<Global timeout>
 ### Option: Plugins.Redis.KeepAlive
 #	Time in seconds for waiting before unused connections will be closed.
 #
 # Mandatory: no
 # Range: 60-900
 # Default:
 # Plugins.Redis.KeepAlive=300
 ### Option: Plugins.Redis.Sessions.*.Uri
 #	Uri to connect. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   Supported schemas: "tcp" and "unix".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Redis.Sessions.*.Uri=
 ### Option: Plugins.Redis.Sessions.*.User
 #	User to send to protected Redis server. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default: default
 # Plugins.Redis.Sessions.*.User=
 ### Option: Plugins.Redis.Sessions.*.Password
 #	Password to send to protected Redis server. "*" should be replaced with a session name.
 #
 # Mandatory: no
 # Default:
 # Plugins.Redis.Sessions.*.Password=
 ### Option: Plugins.Redis.Default.Uri
 #	Uri to connect. Default value used if no other is specified.
 #
 # Mandatory: no
 # Range:
 #   Must matches the URI format.
 #   Supported schemas: "tcp" and "unix".
 #   Embedded credentials will be ignored.
 # Default:
 # Plugins.Redis.Default.Uri=
 ### Option: Plugins.Redis.Default.User
 #	User to send to protected Redis server. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default: default
 # Plugins.Redis.Default.User=
 ### Option: Plugins.Redis.Default.Password
 #	Password to send to protected Redis server. Default value used if no other is specified.
 #
 # Mandatory: no
 # Default:
 # Plugins.Redis.Default.Password=
--- a/legacy/zabbix/zabbix_agent2.d/plugins.d/smart.conf
+++ b/legacy/zabbix/zabbix_agent2.d/plugins.d/smart.conf
@ -1,15 +0,0 @@
 ### Option: Plugins.Smart.Timeout
 #	The maximum time in seconds for waiting before smartctl execution is terminated.
 #	The timeout is for a single smartctl command line execution.
 #
 # Mandatory: no
 # Range: 1-30
 # Default: <Global timeout>
 # Plugins.Smart.Timeout=
 ### Option: Plugins.Smart.Path
 #	Path to smartctl executable.
 #
 # Mandatory: no
 # Default: smartctl
 # Plugins.Smart.Path=
		`@ -1 +0,0 @@`
			`zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client`
		`@ -1,2 +0,0 @@`
			`UserParameter=fail2ban.status[*],sudo /usr/bin/fail2ban-client status '$1'`
			`UserParameter=fail2ban.discovery,sudo /usr/bin/fail2ban-client status \| grep 'Jail list:' \| sed -e 's/^.:\W\+//' -e 's/ //g' -e 's/,/ /g' \| xargs -n1 \| sed -e 's/\(.\)/{"{#JAIL}":"\1"}/' \| tr '\n' ',' \| sed -e 's/,$//' -e 's/.*/{"data":[&]}/'`