joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: Remove obsolete legacy infrastructure files

This commit is contained in:
João Pedro 2026-01-22 13:43:00 -03:00
parent b25114eea7
commit f917ad6f43
46 changed files with 0 additions and 2555 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
legacy/_automation_scripts/etc/proxy-sinc/paths.conf
View File

@ -1,12 +0,0 @@
# Adicione aqui os caminhos completos para os ficheiros e diretórios que deseja versionar, um por linha.
# Linhas que começam com '#' são ignoradas.
/etc/nginx
/etc/fail2ban
/etc/resolv.conf
/etc/nsswitch.conf
/etc/hosts
/etc/ufw
/etc/zabbix
/etc/sudoers.d
/etc/tmpfiles.d
/etc/ssl

6
legacy/_automation_scripts/etc/systemd/system/proxy-sinc.service
View File

@ -1,6 +0,0 @@
[Unit]
Description=Serviço de Sincronização de Configurações do Nginx para o Git
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/commit_configs.sh

8
legacy/_automation_scripts/etc/systemd/system/proxy-sinc.timer
View File

@ -1,8 +0,0 @@
[Unit]
Description=Executa o serviço de sincronização de configurações a cada minuto
[Timer]
OnBootSec=1min
OnUnitActiveSec=1min
Unit=proxy-sinc.service
[Install]
WantedBy=timers.target

60
legacy/_automation_scripts/usr/local/sbin/commit_configs.sh
View File

@ -1,60 +0,0 @@
#!/bin/bash
set -e
REPO_PATH="/opt/config_repo"
CONFIG_DIR="/etc/proxy-sinc"
PATHS_FILE="${CONFIG_DIR}/paths.conf"
AUTOMATION_FILES_SOURCE=("/usr/local/sbin/commit_configs.sh" "/usr/local/sbin/proxy-sinc-update" "/etc/systemd/system/proxy-sinc.service" "/etc/systemd/system/proxy-sinc.timer" "/usr/share/man/man8/proxy-sinc.8.gz" "${PATHS_FILE}")
AUTOMATION_FILES_DEST="$REPO_PATH/_automation_scripts/"
log_info() { echo "[INFO] $1"; }
log_info "--- Iniciando a verificação de sincronização [$(date)] ---"
if [ "$EUID" -ne 0 ]; then echo "[ERRO] O script deve ser executado como root." >&2; exit 1; fi
if [ ! -d "$REPO_PATH/.git" ]; then echo "[ERRO] O diretório do repositório $REPO_PATH não é um repositório Git válido." >&2; exit 1; fi
log_info "Sincronizando ficheiros de configuração definidos em $PATHS_FILE..."
if [ ! -f "$PATHS_FILE" ]; then
echo "[AVISO] O ficheiro de caminhos $PATHS_FILE não foi encontrado. Nenhum ficheiro de configuração foi sincronizado."
else
while IFS= read -r path_to_sync || [ -n "$path_to_sync" ]; do
if [ -z "$path_to_sync" ] || [[ "$path_to_sync" =~ ^# ]]; then
continue
fi
if [ -e "$path_to_sync" ]; then
# Copia para a raiz do repositório
rsync -avz --delete --exclude='*.swp' --exclude='*.bak' --exclude='sites-enabled/' --exclude='modules-enabled/' --exclude='/var/log/' --exclude='/var/run/' --exclude='/var/cache/' "$path_to_sync" "$REPO_PATH/"
else
echo "[AVISO] O caminho '$path_to_sync' definido em $PATHS_FILE não existe. A ignorar."
fi
done < "$PATHS_FILE"
fi
log_info "Sincronizando ficheiros de automação..."
mkdir -p "$AUTOMATION_FILES_DEST"
for file in "${AUTOMATION_FILES_SOURCE[@]}"; do
if [ -f "$file" ]; then
rsync -aR "$file" "$AUTOMATION_FILES_DEST"
fi
done
cd "$REPO_PATH"
log_info "A verificar o status do repositório Git..."
if [ -n "$(git status --porcelain)" ]; then
log_info "Alterações detetadas. A preparar o commit."
log_info "A puxar alterações do repositório remoto para evitar conflitos..."
git pull --ff-only
log_info "A adicionar alterações ao stage..."
git add .
COMMIT_MESSAGE="[Auto-Sync] Atualização das configurações em $(hostname -f) - $(date +'%Y-%m-%d %H:%M:%S')"
log_info "A fazer o commit com a mensagem: $COMMIT_MESSAGE"
git commit -m "$COMMIT_MESSAGE"
log_info "A enviar as alterações para o Gitea (git push)..."
git push origin main
echo "[SUCESSO] As alterações foram enviadas para o repositório remoto!"
else
log_info "Nenhuma alteração de configuração detetada. O repositório está atualizado."
fi
log_info "--- Verificação de sincronização concluída [$(date)] ---"
exit 0

27
legacy/_automation_scripts/usr/local/sbin/proxy-sinc-update
View File

@ -1,27 +0,0 @@
#!/bin/bash
set -e
echo "A procurar por atualizações para o serviço Proxy-Sinc..."
UPDATE_SCRIPT_URL="https://git.itguys.com.br/joao.goncalves/NgixProxy_Pathfinder/raw/branch/main/Instal-Proxy-Sinc.sh"
TEMP_SCRIPT="/tmp/setup_latest.sh"
echo "A baixar a versão mais recente do instalador de: $UPDATE_SCRIPT_URL"
SSL_VERIFY_FLAG=""
if [ -d "/opt/config_repo/.git" ]; then
if [ "$(cd /opt/config_repo && git config --get http.sslVerify)" == "false" ]; then
SSL_VERIFY_FLAG="--insecure"
echo "[AVISO] A usar o modo inseguro para baixar a atualização devido à configuração do repositório."
fi
fi
if curl $SSL_VERIFY_FLAG -L "$UPDATE_SCRIPT_URL" -o "$TEMP_SCRIPT"; then
chmod +x "$TEMP_SCRIPT"
echo "Instalador baixado com sucesso. A executar a atualização..."
sudo "$TEMP_SCRIPT"
rm "$TEMP_SCRIPT"
echo "Atualização concluída!"
else
echo "ERRO: Falha ao baixar o script de atualização." >&2
exit 1
fi
exit 0

BIN
legacy/_automation_scripts/usr/share/man/man8/proxy-sinc.8.gz
View File

Binary file not shown.

30
legacy/_deployment_logs/srvproxy001.itguys.com.br.md
View File

@ -1,30 +0,0 @@
# Registo de Deploy do Proxy-Sinc
**Servidor:** srvproxy001.itguys.com.br
**Instalado por:** joao.goncalves
**Data de Instalação:** ter 16 set 2025 19:03:23 -03
---
**Tipo de Ação:** Instalação Manual Inicial
**Executado por:** joao.goncalves@itguys.com.br
**Data:** ter 16 set 2025 20:13:37 -03
---
**Tipo de Ação:** Atualização Manual
**Executado por:** joao.goncalves@itguys.com.br
**Data:** ter 16 set 2025 20:16:56 -03
---
**Tipo de Ação:** Atualização Manual
**Executado por:** joao.goncalves@itguys.com.br
**Data:** ter 16 set 2025 20:29:19 -03
---
**Tipo de Ação:** Atualização Manual
**Executado por:** joao.goncalves@itguys.com.br
**Data:** ter 16 set 2025 20:35:37 -03
---
**Tipo de Ação:** Atualização Manual
**Executado por:** joao.goncalves@itguys.com.br
**Data:** ter 16 set 2025 20:41:37 -03

24
legacy/sudoers.d/README
View File

@ -1,24 +0,0 @@
#
# The default /etc/sudoers file created on installation of the
# sudo package now includes the directive:
#
# @includedir /etc/sudoers.d
#
# This will cause sudo to read and parse any files in the /etc/sudoers.d
# directory that do not end in '~' or contain a '.' character.
#
# Note that there must be at least one file in the sudoers.d directory (this
# one will do).
#
# Note also, that because sudoers contents can vary widely, no attempt is
# made to add this directive to existing sudoers files on upgrade. Feel free
# to add the above directive to the end of your /etc/sudoers file to enable
# this functionality for existing installations if you wish! Sudo
# versions older than the one in Debian 11 (bullseye) require the
# directive will only support the old syntax #includedir, and the current
# sudo will happily accept both @includedir and #includedir
#
# Finally, please note that using the visudo command is the recommended way
# to update sudoers content, since it protects against many failure modes.
# See the man page for visudo and sudoers for more information.
#

1
legacy/sudoers.d/zabbix-fail2ban
View File

@ -1 +0,0 @@
zabbix ALL=NOPASSWD: /usr/bin/fail2ban-client

40
legacy/ufw/after.init
View File

@ -1,40 +0,0 @@
#!/bin/sh
#
# after.init: if executable, called by ufw-init. See 'man ufw-framework' for
# details. Note that output from these scripts is not seen via the
# the ufw command, but instead via ufw-init.
#
# Copyright 2013 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
case "$1" in
start)
# typically required
;;
stop)
# typically required
;;
status)
# optional
;;
flush-all)
# optional
;;
*)
echo "'$1' not supported"
echo "Usage: after.init {start|stop|flush-all|status}"
;;
esac

30
legacy/ufw/after.rules
View File

@ -1,30 +0,0 @@
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-after-input
# ufw-after-output
# ufw-after-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-after-input - [0:0]
:ufw-after-output - [0:0]
:ufw-after-forward - [0:0]
# End required lines
# don't log noisy services by default
-A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input
# don't log noisy broadcast
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

27
legacy/ufw/after6.rules
View File

@ -1,27 +0,0 @@
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw6-after-input
# ufw6-after-output
# ufw6-after-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw6-after-input - [0:0]
:ufw6-after-output - [0:0]
:ufw6-after-forward - [0:0]
# End required lines
# don't log noisy services by default
-A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

14
legacy/ufw/applications.d/nginx
View File

@ -1,14 +0,0 @@
[Nginx HTTP]
title=Web Server (Nginx, HTTP)
description=Small, but very powerful and efficient web server
ports=80/tcp
[Nginx HTTPS]
title=Web Server (Nginx, HTTPS)
description=Small, but very powerful and efficient web server
ports=443/tcp
[Nginx Full]
title=Web Server (Nginx, HTTP + HTTPS)
description=Small, but very powerful and efficient web server
ports=80,443/tcp

4
legacy/ufw/applications.d/openssh-server
View File

@ -1,4 +0,0 @@
[OpenSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=22/tcp

19
legacy/ufw/applications.d/ufw-bittorent
View File

@ -1,19 +0,0 @@
[Transmission]
title=Transmission
description=Transmission BitTorrent client
ports=51413
[Deluge]
title=Deluge
description=Deluge BitTorrent client
ports=6881:6891/tcp
[KTorrent]
title=KTorrent
description=KTorrent BitTorrent client
ports=6881/tcp|4444/udp
[qBittorrent]
title=qBittorrent
description=qBittorrent BitTorrent client
ports=6881/tcp

35
legacy/ufw/applications.d/ufw-chat
View File

@ -1,35 +0,0 @@
[PeopleNearby]
title=People Nearby
description=People Nearby (Bonjour/Salut) functionality in Empathy
ports=5353/udp|5298
[Bonjour]
title=Bonjour
description=Bonjour protocol
ports=5353/udp|5298
[MSN]
title=MSN Chat
description=MSN chat protocol (with file transfer and voice)
ports=1863|6891:6900/tcp|6901
[MSN SSL]
title=MSN Chat (SSL)
description=MSN chat protocol (SSL)
ports=443/tcp
[AIM]
title=AIM Talk
description=AIM talk protocol
ports=5190/tcp
[Yahoo]
title=Yahoo Chat
description=Yahoo chat protocol
ports=5050
[XMPP]
title=XMPP Chat
description=XMPP protocol (Jabber and Google Talk)
ports=5222/tcp|5269/tcp

29
legacy/ufw/applications.d/ufw-directoryserver
View File

@ -1,29 +0,0 @@
[Kerberos KDC]
title=Kerberos v5 KDC server
description=Kerberos v5 KDC server
ports=88
[Kerberos Admin]
title=Kerberos v5 admin
description=Kerberos v5 server
ports=749/tcp
[Kerberos Password]
title=Kerberos v5 password
description=Kerberos v5 password
ports=464/udp
[Kerberos Full]
title=Kerberos v5 server
description=Kerberos v5 server
ports=88,749/tcp|464/udp
[LDAP]
title=LDAP server
description=LDAP server
ports=389/tcp
[LDAPS]
title=LDAP server (LDAPS)
description=LDAP server (LDAPS)
ports=636/tcp

4
legacy/ufw/applications.d/ufw-dnsserver
View File

@ -1,4 +0,0 @@
[DNS]
title=Internet Domain Name Server
description=Internet Domain Name Server
ports=53

14
legacy/ufw/applications.d/ufw-fileserver
View File

@ -1,14 +0,0 @@
[CIFS]
title=SMB/CIFS server
description=SMB/CIFS server
ports=137,138/udp|139,445/tcp
[NFS]
title=NFS server
description=NFS and portmap server. Will also need access to mountd, statd and possibly others
ports=2049,111/tcp|2049,111/udp
[svnserve]
title=Subversion server
description=Subversion server for access to Subversion repositories.
ports=3690/tcp

14
legacy/ufw/applications.d/ufw-loginserver
View File

@ -1,14 +0,0 @@
[Telnet]
title=Telnet server (insecure)
description=Telnet server (insecure)
ports=23/tcp
[SSH]
title=SSH server
description=SSH server
ports=22/tcp
[VNC]
title=VNC server
description=VNC server
ports=5900/tcp

30
legacy/ufw/applications.d/ufw-mailserver
View File

@ -1,30 +0,0 @@
[POP3]
title=Mail server (POP3)
description=Mail server (POP3)
ports=110/tcp
[POP3S]
title=Secure mail server (POP3S)
description=Secure mail server (POP3S)
ports=995/tcp
[IMAP]
title=Mail server (IMAP)
description=Mail server (IMAP)
ports=143/tcp
[IMAPS]
title=Secure mail server (IMAPS)
description=Secure mail server (IMAPS)
ports=993/tcp
[SMTP]
title=Mail server (SMTP)
description=Mail server (SMTP)
ports=25/tcp
[Mail submission]
title=Mail server (Submission)
description=Mail server (Submission)
ports=587/tcp

9
legacy/ufw/applications.d/ufw-printserver
View File

@ -1,9 +0,0 @@
[IPP]
title=Cups server (IPP)
description=Cups server (IPP)
ports=631
[LPD]
title=LPD server
description=LPD server
ports=515/tcp

9
legacy/ufw/applications.d/ufw-proxyserver
View File

@ -1,9 +0,0 @@
[Socks]
title=Socks proxy
description=Socks proxy
ports=1080/tcp
[Transparent Proxy]
title=Transparent proxy
description=Transparent proxy
ports=8081/tcp

19
legacy/ufw/applications.d/ufw-webserver
View File

@ -1,19 +0,0 @@
[WWW]
title=Web Server
description=Web server
ports=80/tcp
[WWW Secure]
title=Web Server (HTTPS)
description=Web Server (HTTPS)
ports=443/tcp
[WWW Full]
title=Web Server (HTTP,HTTPS)
description=Web Server (HTTP,HTTPS)
ports=80,443/tcp
[WWW Cache]
title=Web Server (8080)
description=Web Server (8080)
ports=8080/tcp

40
legacy/ufw/before.init
View File

@ -1,40 +0,0 @@
#!/bin/sh
#
# before.init: if executable, called by ufw-init. See 'man ufw-framework' for
# details. Note that output from these scripts is not seen via the
# the ufw command, but instead via ufw-init.
#
# Copyright 2013 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
case "$1" in
start)
# typically required
;;
stop)
# typically required
;;
status)
# optional
;;
flush-all)
# optional
;;
*)
echo "'$1' not supported"
echo "Usage: before.init {start|stop|flush-all|status}"
;;
esac

75
legacy/ufw/before.rules
View File

@ -1,75 +0,0 @@
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local
# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

142
legacy/ufw/before6.rules
View File

@ -1,142 +0,0 @@
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw6-before-input
# ufw6-before-output
# ufw6-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw6-before-input - [0:0]
:ufw6-before-output - [0:0]
:ufw6-before-forward - [0:0]
# End required lines
# allow all on loopback
-A ufw6-before-input -i lo -j ACCEPT
-A ufw6-before-output -o lo -j ACCEPT
# drop packets with RH0 headers
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
# quickly process packets for which we already have a connection
-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# multicast ping replies are part of the ok icmp codes for INPUT (rfc4890,
# 4.4.1 and 4.4.2), but don't have an associated connection and are otherwise
# be marked INVALID, so allow here instead.
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2)
-A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2 (echo-reply needs to be before INVALID, see above)
-A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
# IND solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
# IND advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
# MLD query
-A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
# MLD report
-A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
# MLD done
-A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
# MLD report v2
-A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
# SEND certificate path solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
# SEND certificate path advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
# MR advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR termination
-A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2)
-A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
# IND solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
# IND advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
# MLD query
-A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
# MLD report
-A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
# MLD done
-A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
# MLD report v2
-A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
# SEND certificate path solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
# SEND certificate path advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
# MR advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR termination
-A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# ok icmp codes for FORWARD (rfc4890, 4.3.1)
-A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
# ok icmp codes for FORWARD (rfc4890, 4.3.2)
# Home Agent Address Discovery Reques
-A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT
# Home Agent Address Discovery Reply
-A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT
# Mobile Prefix Solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT
# Mobile Prefix Advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT
# allow dhcp client to work
-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT
# allow MULTICAST mDNS for service discovery
-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery
-A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

41
legacy/ufw/sysctl.conf
View File

@ -1,41 +0,0 @@
#
# Configuration file for setting network variables. Please note these settings
# override /etc/sysctl.conf and /etc/sysctl.d. If you prefer to use
# /etc/sysctl.conf, please adjust IPT_SYSCTL in /etc/default/ufw. See
# Documentation/networking/ip-sysctl.txt in the kernel source code for more
# information.
#
# Uncomment this to allow this host to route packets between interfaces
#net/ipv4/ip_forward=1
#net/ipv6/conf/default/forwarding=1
#net/ipv6/conf/all/forwarding=1
# Disable ICMP redirects. ICMP redirects are rarely used but can be used in
# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
# traffic to those sites.
net/ipv4/conf/all/accept_redirects=0
net/ipv4/conf/default/accept_redirects=0
net/ipv6/conf/all/accept_redirects=0
net/ipv6/conf/default/accept_redirects=0
# Ignore bogus ICMP errors
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/icmp_ignore_bogus_error_responses=1
net/ipv4/icmp_echo_ignore_all=0
# Don't log Martian Packets (impossible addresses)
# packets
net/ipv4/conf/all/log_martians=0
net/ipv4/conf/default/log_martians=0
#net/ipv4/tcp_fin_timeout=30
#net/ipv4/tcp_keepalive_intvl=1800
# Uncomment this to turn off ipv6 autoconfiguration
#net/ipv6/conf/default/autoconf=1
#net/ipv6/conf/all/autoconf=1
# Uncomment this to enable ipv6 privacy addressing
#net/ipv6/conf/default/use_tempaddr=2
#net/ipv6/conf/all/use_tempaddr=2

10
legacy/ufw/ufw.conf
View File

@ -1,10 +0,0 @@
# /etc/ufw/ufw.conf
#
# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=yes
# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=low

65
legacy/ufw/user.rules
View File

@ -1,65 +0,0 @@
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 80 -j ACCEPT
### tuple ### allow any 443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp --dport 443 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 any 172.16.254.11 in
-A ufw-user-input -s 172.16.254.11 -j ACCEPT
### tuple ### allow any any 0.0.0.0/0 any 172.16.254.125 in
-A ufw-user-input -s 172.16.254.125 -j ACCEPT
### tuple ### allow udp 443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p udp --dport 443 -j ACCEPT
### tuple ### allow udp 80 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p udp --dport 80 -j ACCEPT
### tuple ### allow tcp 10051 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 10051 -j ACCEPT
### tuple ### allow tcp 6160 0.0.0.0/0 any 0.0.0.0/0 in comment=566565616d206465706c6f796d656e742072756c65
-A ufw-user-input -p tcp --dport 6160 -j ACCEPT
### tuple ### allow tcp 6162 0.0.0.0/0 any 0.0.0.0/0 in comment=566565616d207472616e73706f72742072756c65
-A ufw-user-input -p tcp --dport 6162 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

59
legacy/ufw/user6.rules
View File

@ -1,59 +0,0 @@
*filter
:ufw6-user-input - [0:0]
:ufw6-user-output - [0:0]
:ufw6-user-forward - [0:0]
:ufw6-before-logging-input - [0:0]
:ufw6-before-logging-output - [0:0]
:ufw6-before-logging-forward - [0:0]
:ufw6-user-logging-input - [0:0]
:ufw6-user-logging-output - [0:0]
:ufw6-user-logging-forward - [0:0]
:ufw6-after-logging-input - [0:0]
:ufw6-after-logging-output - [0:0]
:ufw6-after-logging-forward - [0:0]
:ufw6-logging-deny - [0:0]
:ufw6-logging-allow - [0:0]
:ufw6-user-limit - [0:0]
:ufw6-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow tcp 22 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 22 -j ACCEPT
### tuple ### allow tcp 80 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 80 -j ACCEPT
### tuple ### allow any 443 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 443 -j ACCEPT
-A ufw6-user-input -p udp --dport 443 -j ACCEPT
### tuple ### allow udp 443 ::/0 any ::/0 in
-A ufw6-user-input -p udp --dport 443 -j ACCEPT
### tuple ### allow udp 80 ::/0 any ::/0 in
-A ufw6-user-input -p udp --dport 80 -j ACCEPT
### tuple ### allow tcp 10051 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 10051 -j ACCEPT
### tuple ### allow tcp 6160 ::/0 any ::/0 in comment=566565616d206465706c6f796d656e742072756c65
-A ufw6-user-input -p tcp --dport 6160 -j ACCEPT
### tuple ### allow tcp 6162 ::/0 any ::/0 in comment=566565616d207472616e73706f72742072756c65
-A ufw6-user-input -p tcp --dport 6162 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw6-user-limit -j REJECT
-A ufw6-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

564
legacy/zabbix/zabbix_agent2.conf
View File

@ -1,564 +0,0 @@
# This is a configuration file for Zabbix agent 2 (Unix)
# To get more information about Zabbix, visit https://www.zabbix.com
############ GENERAL PARAMETERS #################
### Option: PidFile
# Name of PID file.
#
# Mandatory: no
# Default:
# PidFile=/tmp/zabbix_agent2.pid
PidFile=/run/zabbix/zabbix_agent2.pid
### Option: LogType
# Specifies where log messages are written to:
# system - syslog
# file - file specified with LogFile parameter
# console - standard output
#
# Mandatory: no
# Default:
# LogType=file
### Option: LogFile
# Log file name for LogType 'file' parameter.
#
# Mandatory: yes, if LogType is set to file, otherwise no
# Default:
# LogFile=/tmp/zabbix_agent2.log
LogFile=/var/log/zabbix/zabbix_agent2.log
### Option: LogFileSize
# Maximum size of log file in MB.
# 0 - disable automatic log rotation.
#
# Mandatory: no
# Range: 0-1024
# Default:
# LogFileSize=1
LogFileSize=0
### Option: DebugLevel
# Specifies debug level:
# 0 - basic information about starting and stopping of Zabbix processes
# 1 - critical information
# 2 - error information
# 3 - warnings
# 4 - for debugging (produces lots of information)
# 5 - extended debugging (produces even more information)
#
# Mandatory: no
# Range: 0-5
# Default:
# DebugLevel=3
### Option: SourceIP
# Source IP address for outgoing connections.
#
# Mandatory: no
# Default:
# SourceIP=
##### Passive checks related
### Option: Server
# List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of Zabbix servers and Zabbix proxies.
# Incoming connections will be accepted only from the hosts listed here.
# If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally
# and '::/0' will allow any IPv4 or IPv6 address.
# '0.0.0.0/0' can be used to allow any IPv4 address.
# Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com
#
# If left empty or not set will disable passive checks, and Zabbix agent 2 will not listen on the ListenPort.
#
# Mandatory: no
# Default:
# Server=
Server=172.16.254.11
### Option: ListenPort
# Agent will listen on this port for connections from the server.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# ListenPort=10050
### Option: ListenIP
# List of comma delimited IP addresses that the agent should listen on.
# First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
#
# Mandatory: no
# Default:
# ListenIP=0.0.0.0
### Option: StatusPort
# Agent will listen on this port for HTTP status requests.
#
# Mandatory: no
# Range: 1024-32767
# Default:
# StatusPort=
##### Active checks related
### Option: ServerActive
# Zabbix server/proxy address or cluster configuration to get active checks from.
# Server/proxy address is IP address or DNS name and optional port separated by colon.
# Cluster configuration is one or more server addresses separated by semicolon.
# Multiple Zabbix servers/clusters and Zabbix proxies can be specified, separated by comma.
# More than one Zabbix proxy should not be specified from each Zabbix server/cluster.
# If Zabbix proxy is specified then Zabbix server/cluster for that proxy should not be specified.
# Multiple comma-delimited addresses can be provided to use several independent Zabbix servers in parallel. Spaces are allowed.
# If port is not specified, default port is used.
# IPv6 addresses must be enclosed in square brackets if port for that host is specified.
# If port is not specified, square brackets for IPv6 addresses are optional.
# If this parameter is not specified, active checks are disabled.
# Example for Zabbix proxy:
# ServerActive=127.0.0.1:10051
# Example for multiple servers:
# ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
# Example for high availability:
# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051;zabbix.cluster.node3
# Example for high availability with two clusters and one server:
# ServerActive=zabbix.cluster.node1;zabbix.cluster.node2:20051,zabbix.cluster2.node1;zabbix.cluster2.node2,zabbix.domain
#
# Mandatory: no
# Default:
# ServerActive=
ServerActive=172.16.254.11
### Option: Hostname
# List of comma delimited unique, case sensitive hostnames.
# Required for active checks and must match hostnames as configured on the server.
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
# Default:
# Hostname=
Hostname=srvproxy001
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
# Does not support UserParameters or aliases.
#
# Mandatory: no
# Default:
# HostnameItem=system.hostname
### Option: HostMetadata
# Optional parameter that defines host metadata.
# Host metadata is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 2034 bytes.
# If not defined, value will be acquired from HostMetadataItem.
#
# Mandatory: no
# Range: 0-2034 bytes
# Default:
# HostMetadata=
### Option: HostMetadataItem
# Optional parameter that defines an item used for getting host metadata.
# Host metadata is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 65535 characters.
# This option is only used when HostMetadata is not defined.
#
# Mandatory: no
# Default:
# HostMetadataItem=
### Option: HostInterface
# Optional parameter that defines host interface.
# Host interface is used at host auto-registration process.
# An agent will issue an error and not start if the value is over limit of 255 characters.
# If not defined, value will be acquired from HostInterfaceItem.
#
# Mandatory: no
# Range: 0-255 characters
# Default:
# HostInterface=
### Option: HostInterfaceItem
# Optional parameter that defines an item used for getting host interface.
# Host interface is used at host auto-registration process.
# During an auto-registration request an agent will log a warning message if
# the value returned by specified item is over limit of 255 characters.
# This option is only used when HostInterface is not defined.
#
# Mandatory: no
# Default:
# HostInterfaceItem=
### Option: RefreshActiveChecks
# How often list of active checks is refreshed, in seconds.
#
# Mandatory: no
# Range: 1-86400
# Default:
# RefreshActiveChecks=5
### Option: BufferSend
# Do not keep data longer than N seconds in buffer.
#
# Mandatory: no
# Range: 1-3600
# Default:
# BufferSend=5
### Option: BufferSize
# Maximum number of values in a memory buffer. The agent will send
# all collected data to Zabbix Server or Proxy if the buffer is full.
# Option is not valid if EnablePersistentBuffer=1
#
# Mandatory: no
# Range: 2-65535
# Default:
# BufferSize=1000
### Option: EnablePersistentBuffer
# Enable usage of local persistent storage for active items.
# 0 - disabled, in-memory buffer is used (default); 1 - use persistent buffer
# Mandatory: no
# Range: 0-1
# Default:
# EnablePersistentBuffer=0
### Option: PersistentBufferPeriod
# Zabbix Agent2 will keep data for this time period in case of no
# connectivity with Zabbix server or proxy. Older data will be lost. Log data will be preserved.
# Option is valid if EnablePersistentBuffer=1
#
# Mandatory: no
# Range: 1m-365d
# Default:
# PersistentBufferPeriod=1h
### Option: PersistentBufferFile
# Full filename. Zabbix Agent2 will keep SQLite database in this file.
# Option is valid if EnablePersistentBuffer=1
#
# Mandatory: no
# Default:
# PersistentBufferFile=
### Option: HeartbeatFrequency
# Frequency of heartbeat messages in seconds.
# Used for monitoring availability of active checks.
# 0 - heartbeat messages disabled.
#
# Mandatory: no
# Range: 0-3600
# Default: 60
# HeartbeatFrequency=
############ ADVANCED PARAMETERS #################
### Option: Alias
# Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
# Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
# Different Alias keys may reference the same item key.
# For example, to retrieve the ID of user 'zabbix':
# Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
# Now shorthand key zabbix.userid may be used to retrieve data.
# Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
#
# Mandatory: no
# Range:
# Default:
### Option: Timeout
# Specifies how long to wait (in seconds) for establishing connection and exchanging data with Zabbix proxy or server.
#
# Mandatory: no
# Range: 1-30
# Default:
# Timeout=3
### Option:PluginTimeout
# Timeout for connections with external plugins.
#
# Mandatory: no
# Range: 1-30
# Default: <Global timeout>
# PluginTimeout=
### Option:PluginSocket
# Path to unix socket for external plugin communications.
#
# Mandatory: no
# Default:/tmp/agent.plugin.sock
# PluginSocket=
PluginSocket=/run/zabbix/agent.plugin.sock
####### USER-DEFINED MONITORED PARAMETERS #######
### Option: UnsafeUserParameters
# Allow all characters to be passed in arguments to user-defined parameters.
# The following characters are not allowed:
# \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
# Additionally, newline characters are not allowed.
# 0 - do not allow
# 1 - allow
#
# Mandatory: no
# Range: 0-1
# Default:
UnsafeUserParameters=1
### Option: UserParameter
# User-defined parameter to monitor. There can be several user-defined parameters.
# Format: UserParameter=<key>,<shell command>
# See 'zabbix_agentd' directory for examples.
#
# Mandatory: no
# Default:
# UserParameter=
### Option: UserParameterDir
# Directory to execute UserParameter commands from. Only one entry is allowed.
# When executing UserParameter commands the agent will change the working directory to the one
# specified in the UserParameterDir option.
# This way UserParameter commands can be specified using the relative ./ prefix.
#
# Mandatory: no
# Default:
# UserParameterDir=
### Option: ControlSocket
# The control socket, used to send runtime commands with '-R' option.
#
# Mandatory: no
# Default:
# ControlSocket=
ControlSocket=/run/zabbix/agent.sock
####### TLS-RELATED PARAMETERS #######
### Option: TLSConnect
# How the agent should connect to server or proxy. Used for active checks.
# Only one value can be specified:
# unencrypted - connect without encryption
# psk - connect using TLS and a pre-shared key
# cert - connect using TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSConnect=unencrypted
### Option: TLSAccept
# What incoming connections to accept.
# Multiple values can be specified, separated by comma:
# unencrypted - accept connections without encryption
# psk - accept connections secured with TLS and a pre-shared key
# cert - accept connections secured with TLS and a certificate
#
# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
# Default:
# TLSAccept=unencrypted
### Option: TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for
# peer certificate verification.
#
# Mandatory: no
# Default:
# TLSCAFile=
### Option: TLSCRLFile
# Full pathname of a file containing revoked certificates.
#
# Mandatory: no
# Default:
# TLSCRLFile=
### Option: TLSServerCertIssuer
# Allowed server certificate issuer.
#
# Mandatory: no
# Default:
# TLSServerCertIssuer=
### Option: TLSServerCertSubject
# Allowed server certificate subject.
#
# Mandatory: no
# Default:
# TLSServerCertSubject=
### Option: TLSCertFile
# Full pathname of a file containing the agent certificate or certificate chain.
#
# Mandatory: no
# Default:
# TLSCertFile=
### Option: TLSKeyFile
# Full pathname of a file containing the agent private key.
#
# Mandatory: no
# Default:
# TLSKeyFile=
### Option: TLSPSKIdentity
# Unique, case sensitive string used to identify the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKIdentity=
### Option: TLSPSKFile
# Full pathname of a file containing the pre-shared key.
#
# Mandatory: no
# Default:
# TLSPSKFile=
####### PLUGIN-SPECIFIC PARAMETERS #######
### Option: Plugins
# A plugin can have one or more plugin specific configuration parameters in format:
# Plugins.<PluginName>.<Parameter1>=<value1>
# Plugins.<PluginName>.<Parameter2>=<value2>
#
# Mandatory: no
# Range:
# Default:
### Option: Plugins.Log.MaxLinesPerSecond
# Maximum number of new lines the agent will send per second to Zabbix Server
# or Proxy processing 'log' and 'logrt' active checks.
# The provided value will be overridden by the parameter 'maxlines',
# provided in 'log' or 'logrt' item keys.
#
# Mandatory: no
# Range: 1-1000
# Default:
# Plugins.Log.MaxLinesPerSecond=20
### Option: AllowKey
# Allow execution of item keys matching pattern.
# Multiple keys matching rules may be defined in combination with DenyKey.
# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
# Parameters are processed one by one according their appearance order.
# If no AllowKey or DenyKey rules defined, all keys are allowed.
#
# Mandatory: no
### Option: DenyKey
# Deny execution of items keys matching pattern.
# Multiple keys matching rules may be defined in combination with AllowKey.
# Key pattern is wildcard expression, which support "*" character to match any number of any characters in certain position. It might be used in both key name and key arguments.
# Parameters are processed one by one according their appearance order.
# If no AllowKey or DenyKey rules defined, all keys are allowed.
# Unless another system.run[*] rule is specified DenyKey=system.run[*] is added by default.
#
# Mandatory: no
# Default:
# DenyKey=system.run[*]
### Option: Plugins.SystemRun.LogRemoteCommands
# Enable logging of executed shell commands as warnings.
# 0 - disabled
# 1 - enabled
#
# Mandatory: no
# Default:
# Plugins.SystemRun.LogRemoteCommands=0
### Option: ForceActiveChecksOnStart
# Perform active checks immediately after restart for first received configuration.
# Also available as per plugin configuration, example: Plugins.Uptime.System.ForceActiveChecksOnStart=1
#
# Mandatory: no
# Range: 0-1
# Default:
ForceActiveChecksOnStart=1
# Include configuration files for plugins
Include=/etc/zabbix/zabbix_agent2.d/plugins.d/*.conf
####### For advanced users - TLS ciphersuite selection criteria #######
### Option: TLSCipherCert13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate-based encryption.
#
# Mandatory: no
# Default:
# TLSCipherCert13=
### Option: TLSCipherCert
# OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate-based encryption.
# Example:
# EECDH+aRSA+AES128:RSA+aRSA+AES128
#
# Mandatory: no
# Default:
# TLSCipherCert=
### Option: TLSCipherPSK13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherPSK13=
### Option: TLSCipherPSK
# OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for PSK-based encryption.
# Example:
# kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherPSK=
### Option: TLSCipherAll13
# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
#
# Mandatory: no
# Default:
# TLSCipherAll13=
### Option: TLSCipherAll
# OpenSSL (TLS 1.2) cipher string.
# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
# Example:
# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
#
# Mandatory: no
# Default:
# TLSCipherAll=
####### Additional configuration files #######
### Option: Include
# You may include individual files or all files in a directory in the configuration file.
# Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
#
# Mandatory: no
# Default:
# Include=
Include=/etc/zabbix/zabbix_agent2.d/*.conf
# Include=/usr/local/etc/zabbix_agent2.userparams.conf
# Include=/usr/local/etc/zabbix_agent2.conf.d/
# Include=/usr/local/etc/zabbix_agent2.conf.d/*.conf

2
legacy/zabbix/zabbix_agent2.d/Fail2ban.conf
View File

@ -1,2 +0,0 @@
UserParameter=fail2ban.status[*],sudo /usr/bin/fail2ban-client status '$1'
UserParameter=fail2ban.discovery,sudo /usr/bin/fail2ban-client status | grep 'Jail list:' | sed -e 's/^.*:\W\+//' -e 's/ //g' -e 's/,/ /g' | xargs -n1 | sed -e 's/\(.*\)/{"{#JAIL}":"\1"}/' | tr '\n' ',' | sed -e 's/,$//' -e 's/.*/{"data":[&]}/'

5
legacy/zabbix/zabbix_agent2.d/nginx_custom.conf
View File

@ -1,5 +0,0 @@
# UserParameter para monitoramento customizado do Nginx
# Data: 2025-09-27
# Contexto: Listar todos os arquivos de log (.log) no diretório /var/log/nginx/
UserParameter=nginx.access.logs.list,ls -m /var/log/nginx/*.access.log

77
legacy/zabbix/zabbix_agent2.d/plugins.d/ceph.conf
View File

@ -1,77 +0,0 @@
### Option: Plugins.Ceph.InsecureSkipVerify
# InsecureSkipVerify controls whether an HTTP client verifies the server's certificate chain and host name.
# If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name
# in that certificate. In this mode, TLS is susceptible to man-in-the-middle attacks.
# This should be used only for testing.
#
# Mandatory: no
# Range: false | true
# Default:
# Plugins.Ceph.InsecureSkipVerify=false
### Option: Plugins.Ceph.KeepAlive
# The amount of time a connection can remain idle before it is closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.Ceph.KeepAlive=300
### Option: Plugins.Ceph.Timeout
# The maximum amount of time in seconds to wait for a request to be done.
# The timeout includes connection time, any redirects, and reading the response body.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Ceph.Timeout=<Global timeout>
### Option: Plugins.Ceph.Sessions.*.ApiKey
# ApiKey to be used for connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Ceph.Sessions.*.ApiKey=
### Option: Plugins.Ceph.Sessions.*.User
# Username to be used for connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Ceph.Sessions.*.User=
### Option: Plugins.Ceph.Sessions.*.Uri
# Uri to connect. "*" should be replaced with a session name.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "https".
# Embedded credentials will be ignored.
# Default:
# Plugins.Ceph.Sessions.*.Uri=
### Option: Plugins.Ceph.Default.ApiKey
# ApiKey to be used for connection. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Ceph.Default.ApiKey=
### Option: Plugins.Ceph.Default.User
# Username to be used for connection. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Ceph.Default.User=
### Option: Plugins.Ceph.Default.Uri
# Uri to connect. Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "https".
# Embedded credentials will be ignored.
# Default:
# Plugins.Ceph.Default.Uri=

14
legacy/zabbix/zabbix_agent2.d/plugins.d/docker.conf
View File

@ -1,14 +0,0 @@
### Option: Plugins.Docker.Endpoint
# Docker API endpoint.
#
# Mandatory: no
# Default: unix:///var/run/docker.sock
# Plugins.Docker.Endpoint=unix:///var/run/docker.sock
### Option: Plugins.Docker.Timeout
# The maximum time (in seconds) for waiting when a request has to be done.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Docker.Timeout=<Global timeout>

65
legacy/zabbix/zabbix_agent2.d/plugins.d/memcached.conf
View File

@ -1,65 +0,0 @@
### Option: Plugins.Memcached.Timeout
# The maximum time (in seconds) for waiting when a request has to be done.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Memcached.Timeout=<Global timeout>
### Option: Plugins.Memcached.KeepAlive
# Time in seconds for waiting before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.Memcached.KeepAlive=300
### Option: Plugins.Memcached.Sessions.*.Uri
# Uri to connect. "*" should be replaced with a session name.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# Supported schemas: "tcp" and "unix".
# Embedded credentials will be ignored.
# Default:
# Plugins.Memcached.Sessions.*.Uri=
### Option: Plugins.Memcached.Sessions.*.User
# Username to send to protected Memcached server. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Memcached.Sessions.*.User=
### Option: Plugins.Memcached.Sessions.*.Password
# Password to send to protected Memcached server. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Memcached.Sessions.*.Password=
### Option: Plugins.Memcached.Default.Uri
# Uri to connect. Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# Supported schemas: "tcp" and "unix".
# Embedded credentials will be ignored.
# Default:
# Plugins.Memcached.Default.Uri=
### Option: Plugins.Memcached.Default.User
# Username to send to protected Memcached server. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Memcached.Default.User=
### Option: Plugins.Memcached.Default.Password
# Password to send to protected Memcached server. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Memcached.Default.Password=

23
legacy/zabbix/zabbix_agent2.d/plugins.d/modbus.conf
View File

@ -1,23 +0,0 @@
### Option: Plugins.Modbus.Timeout
# The maximum time (in seconds) for connections.
#
# Mandatory: no
# Range: 1-30
# Default: global timeout
### Option: Plugins.Modbus.Sessions.*.Endpoint
# Endpoint is a connection string consisting of a protocol scheme, a host address and a port or seral port name and attributes.
#
# Mandatory: no
### Option: Plugins.Modbus.Sessions.*.SlaveID
# Slave ID of modbus devices.
#
# Mandatory: no
### Option: Plugins.Modbus.Sessions.*.Timeout
# The maximum time (in seconds) for connections.
#
# Mandatory: no
# Range: 1-30
# Default: plugin modbus timeout

104
legacy/zabbix/zabbix_agent2.d/plugins.d/mongodb.conf
View File

@ -1,104 +0,0 @@
### Option:Plugins.MongoDB.System.Path
# Path to external plugin executable.
#
# Mandatory: yes
# Default:
# Plugins.MongoDB.System.Path=
Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb
### Option: Plugins.MongoDB.Timeout
# Amount of time to wait for a server to respond when first connecting and on
# follow up operations in the session.
# Global item-type timeout (or individual item timeout) will override this value if it is greater.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.MongoDB.Timeout=<Global timeout from Zabbix agent 2 configuration file>
### Option: Plugins.MongoDB.KeepAlive
# Time in seconds for waiting before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.MongoDB.KeepAlive=300
### Option: Plugins.MongoDB.Sessions.*.Uri
# Uri to connect. "*" should be replaced with a session name.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "tcp".
# Embedded credentials will be ignored.
# Default:
# Plugins.MongoDB.Sessions.*.Uri=
### Option: Plugins.MongoDB.Sessions.*.User
# Username to send to protected MongoDB server. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.User=
### Option: Plugins.MongoDB.Sessions.*.Password
# Password to send to protected MongoDB server. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.Password=
### Option: Plugins.MongoDB.Sessions.*.TLSConnect
#Encryption type for MongoDB connection. "*" should be replaced with a session name.
# tls connection required - required
# verifies certificates - verify_ca
# verify certificates and ip - verify_full
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSConnect=
### Option: Plugins.MongoDB.Sessions.*.TLSCAFile
# Full path-name of a file containing the top-level CA(s) certificates for MongoDB
# peer certificate verification.
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSCAFile=
### Option: Plugins.MongoDB.Sessions.*.TLSCertFile
# Full path-name of a file containing the MongoDB certificate or certificate chain.
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSCertFile=
### Option: Plugins.MongoDB.Sessions.*.TLSKeyFile
# Full path-name of a file containing the MongoDB private key.
## Mandatory: no
# Default:
# Plugins.MongoDB.Sessions.*.TLSKeyFile=
### Option: Plugins.MongoDB.Default.Uri
# Uri to connect. Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "tcp".
# Embedded credentials will be ignored.
# Default:
# Plugins.MongoDB.Default.Uri=
### Option: Plugins.MongoDB.Default.User
# Username to send to protected MongoDB server. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MongoDB.Default.User=
### Option: Plugins.MongoDB.Default.Password
# Password to send to protected MongoDB server. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MongoDB.Default.Password=

112
legacy/zabbix/zabbix_agent2.d/plugins.d/mqtt.conf
View File

@ -1,112 +0,0 @@
### Option: Plugins.MQTT.Timeout
# The maximum time (in seconds) for connections, disconnections and subscribtions.
#
# Mandatory: no
# Range: 1-30
# Default: global timeout
# Plugins.MQTT.Timeout=
### Option: Plugins.MQTT.Sessions.*.Url
# Broker connection string. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must matches the URL format.
# Default:
# Plugins.MQTT.Sessions.*.Url=
### Option: Plugins.MQTT.Sessions.*.Topic
# Topic to subscribe. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must matches the URL format.
# Default:
# Plugins.MQTT.Sessions.*.Topic=
### Option: Plugins.MQTT.Sessions.*.User
# Username to be used for MQTT authentication. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Sessions.*.User=
### Option: Plugins.MQTT.Sessions.*.Password
# Password to be used for MQTT authentication. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Sessions.*.Password=
### Option: Plugins.MQTT.Sessions.*.TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for MQTT
# peer certificate verification.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Sessions.*.TLSCAFile=
### Option: Plugins.MQTT.Sessions.*.TLSCertFile
# Full pathname of a file containing the MQTT certificate or certificate chain.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Sessions.*.TLSCertFile=
### Option: Plugins.MQTT.Sessions.*.TLSKeyFile
# Full pathname of a file containing the mysql private key.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Sessions.*.TLSKeyFile=
### Option: Plugins.MQTT.Default.*.Url
# Broker connection string. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must matches the URL format.
# Default:
# Plugins.MQTT.Default.*.Url=
### Option: Plugins.MQTT.Default.*.Topic
# Topic to subscribe. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must matches the URL format.
# Default:
# Plugins.MQTT.Default.*.Topic=
### Option: Plugins.MQTT.Default.*.User
# Username to be used for MQTT authentication. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Default.*.User=
### Option: Plugins.MQTT.Default.*.Password
# Password to be used for MQTT authentication. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Default.*.Password=
### Option: Plugins.MQTT.Default.TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for mysql
# peer certificate verification. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Default.TLSCAFile=
### Option: Plugins.MQTT.Default.TLSCertFile
# Full pathname of a file containing the MQTT certificate or certificate chain.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Default.TLSCertFile=
### Option: Plugins.MQTT.Default.TLSKeyFile
# Full pathname of a file containing the MQTT private key. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MQTT.Default.TLSKeyFile=

184
legacy/zabbix/zabbix_agent2.d/plugins.d/mssql.conf
View File

@ -1,184 +0,0 @@
### Option:Plugins.MSSQL.System.Path
# Path to external plugin executable.
#
# Mandatory: yes
# Default:
# Plugins.MSSQL.System.Path=
Plugins.MSSQL.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mssql
### Option: Plugins.MSSQL.Timeout
# Amount of time to wait for a server to respond when first connecting and on
# follow up operations in the session.
# Global item-type timeout (or individual item timeout) will override this value if it is greater.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.MSSQL.Timeout=<Global timeout from Zabbix agent 2 configuration file>
### Option: Plugins.MSSQL.KeepAlive
# Time in seconds for waiting before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.MSSQL.KeepAlive=300
### Option: Plugins.MSSQL.CustomQueriesDir
# Filepath to a directory containing user defined .sql files with custom
# queries that the plugin can execute.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.CustomQueriesDir=
### Option: Plugins.MSSQL.Sessions.*.Uri
# Uri to connect.
# Replace "*" with a session name.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "sqlserver".
# Embedded credentials will be ignored.
# Connection to named instance can be made by specifying instance name in the URI.
# Example: sqlserver://localhost/InstanceName
# Default: sqlserver://localhost:1433
# Plugins.MSSQL.Sessions.*.Uri=
### Option: Plugins.MSSQL.Sessions.*.User
# Username to send to protected MSSQL server.
# Replace "*" with a session name.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Sessions.*.User=
### Option: Plugins.MSSQL.Sessions.*.Password
# Password to send to protected MSSQL server.
# Replace "*" with a session name.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Sessions.*.Password=
### Option: Plugins.MSSQL.Sessions.*.CACertPath
# Filepath to the public key certificate of the certificate authority (CA)
# that issued the certificate of the MSSQL server.
# Replace "*" with a session name.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Sessions.*.CACertPath=
### Option: Plugins.MSSQL.Sessions.*.TrustServerCertificate
# Boolean value to indicate whether the plugin should trust the server
# certificate without validating it.
# Replace "*" with a session name.
#
# Mandatory: no
# Range: true, false
# Default:
# Plugins.MSSQL.Sessions.*.TrustServerCertificate=
### Option: Plugins.MSSQL.Sessions.*.HostNameInCertificate
# Common name (CN) of the certificate of the MSSQL server.
# Replace "*" with a session name.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Sessions.*.HostNameInCertificate=
### Option: Plugins.MSSQL.Sessions.*.Encrypt
# Connection encription type.
# Replace "*" with a session name.
#
# Mandatory: no
# Default:
# Range: true, false, strict, disable
# Plugins.MSSQL.Sessions.*.Encrypt=
### Option: Plugins.MSSQL.Sessions.*.TLSMinVersion
# Minimum TLS version to use.
# Replace "*" with a session name.
#
# Mandatory: no
# Default:
# Range: 1.0, 1.1, 1.2, 1.3
# Plugins.MSSQL.Sessions.*.TLSMinVersion=
### Option: Plugins.MSSQL.Default.Uri
# Uri to connect.
# Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "sqlserver".
# Embedded credentials will be ignored.
# Connection to named instance can be made by specifying instance name in the URI.
# Example: sqlserver://localhost/InstanceName
# Default: sqlserver://localhost:1433
# Plugins.MSSQL.Default.Uri=
### Option: Plugins.MSSQL.Default.User
# Username to send to protected MSSQL server.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Default.User=
### Option: Plugins.MSSQL.Default.Password
# Password to send to protected MSSQL server.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Default.Password=
### Option: Plugins.MSSQL.Default.CACertPath
# Filepath to the public key certificate of the certificate authority (CA)
# that issued the certificate of the MSSQL server.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Default.CACertPath=
### Option: Plugins.MSSQL.Default.TrustServerCertificate
# Boolean value to indicate whether the plugin should trust the server
# certificate without validating it.
# Default value used if no other is specified.
#
# Mandatory: no
# Range: true, false
# Default:
# Plugins.MSSQL.Default.TrustServerCertificate=
### Option: Plugins.MSSQL.Default.HostNameInCertificate
# Common name (CN) of the certificate of the MSSQL server.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.MSSQL.Default.HostNameInCertificate=
### Option: Plugins.MSSQL.Default.Encrypt
# Connection encryption type.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Range: true, false, strict, disable
# Plugins.MSSQL.Default.Encrypt=
### Option: Plugins.MSSQL.Default.TLSMinVersion
# Minimum TLS version to use.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Range: 1.0, 1.1, 1.2, 1.3
# Plugins.MSSQL.Default.TLSMinVersion=

138
legacy/zabbix/zabbix_agent2.d/plugins.d/mysql.conf
View File

@ -1,138 +0,0 @@
### Option: Plugins.Mysql.CallTimeout
# The maximum time in seconds for waiting when a request has to be done.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Mysql.CallTimeout=<Global timeout>
### Option: Plugins.Mysql.Timeout
# The maximum time in seconds for waiting when a connection has to be established.
#
# Mandatory: no
# Range: 1-30
# Default: global timeout
### Option: Plugins.Mysql.CustomQueriesPath
# Full pathname of a directory containing *.sql* files with custom queries.
#
# Mandatory: no
# Default:
# Plugins.Mysql.CustomQueriesPath=
### Option: Plugins.Mysql.KeepAlive
# Time (in seconds) to wait before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.Mysql.KeepAlive=300
### Option: Plugins.Mysql.Sessions.*.Uri
# Connection string. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must matches the URI format.
# Default:
# Plugins.Mysql.Sessions.*.Uri=
### Option: Plugins.Mysql.Sessions.*.User
# Username to be used for MySQL authentication. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Sessions.*.User=
### Option: Plugins.Mysql.Sessions.*.Password
# Password to be used for MySQL authentication. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Sessions.*.Password=
### Option: Plugins.Mysql.Sessions.*.TLSConnect
# Encryption type for MySQL connection. "*" should be replaced with a session name.
# tls connection required - required
# verifies certificates - verify_ca
# verify certificates and ip - verify_full
#
# Mandatory: no
# Default:
# Plugins.Mysql.Sessions.*.TLSConnect=
### Option: Plugins.Mysql.Sessions.*.TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for mysql
# peer certificate verification.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Sessions.*.TLSCAFile=
### Option: Plugins.Mysql.Sessions.*.TLSCertFile
# Full pathname of a file containing the mysql certificate or certificate chain.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Sessions.*.TLSCertFile=
### Option: Plugins.Mysql.Sessions.*.TLSKeyFile
# Full pathname of a file containing the mysql private key.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Sessions.*.TLSKeyFile=
### Option: Plugins.Mysql.Default.Uri
# Connection string. Default value used if no other is specified.
#
# Mandatory: no
# Range: Must matches the URI format.
# Default:
# Plugins.Mysql.Default.Uri=
### Option: Plugins.Mysql.Default.User
# Username to be used for MySQL authentication. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Default.User=
### Option: Plugins.Mysql.Default.Password
# Password to be used for MySQL authentication. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Default.Password=
### Option: Plugins.Mysql.Default.TLSConnect
# Encryption type for MySQL connection. Default value used if no other is specified.
# tls connection required - required
# verifies certificates - verify_ca
# verify certificates and ip - verify_full
#
# Mandatory: no
# Default:
# Plugins.Mysql.Default.TLSConnect=
### Option: Plugins.Mysql.Default.TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificates for mysql
# peer certificate verification. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Default.TLSCAFile=
### Option: Plugins.Mysql.Default.TLSCertFile
# Full pathname of a file containing the mysql certificate or certificate chain.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Default.TLSCertFile=
### Option: Plugins.Mysql.Default.TLSKeyFile
# Full pathname of a file containing the mysql private key. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Mysql.Default.TLSKeyFile=

96
legacy/zabbix/zabbix_agent2.d/plugins.d/oracle.conf
View File

@ -1,96 +0,0 @@
### Option: Plugins.Oracle.CallTimeout
# The maximum time in seconds for waiting when a request has to be done.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Oracle.CallTimeout=<Global timeout>
### Option: Plugins.Oracle.ConnectTimeout
# The maximum time in seconds for waiting when a connection has to be established.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Oracle.ConnectTimeout=<Global timeout>
### Option: Plugins.Oracle.CustomQueriesPath
# Full pathname of a directory containing *.sql* files with custom queries.
#
# Mandatory: no
# Default:
# Plugins.Oracle.CustomQueriesPath=
### Option: Plugins.Oracle.KeepAlive
# Time in seconds for waiting before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.Oracle.KeepAlive=300
### Option: Plugins.Oracle.Sessions.*.Uri
# Uri to connect. "*" should be replaced with a session name.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "tcp".
# Embedded credentials will be ignored.
# Default:
# Plugins.Oracle.Sessions.*.Uri=
### Option: Plugins.Oracle.Sessions.*.Service
# Service name to be used for connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: SID is not supported.
# Default:
# Plugins.Oracle.Sessions.*.Service=
### Option: Plugins.Oracle.Sessions.*.User
# Username to be used for connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Oracle.Sessions.*.User=
### Option: Plugins.Oracle.Sessions.*.Password
# Password to be used for connectione. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Oracle.Sessions.*.Password=
### Option: Plugins.Oracle.Default.Uri
# Uri to connect. Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# The only supported schema is "tcp".
# Embedded credentials will be ignored.
# Default:
# Plugins.Oracle.Default.Uri=
### Option: Plugins.Oracle.Default.Service
# Service name to be used for connection. Default value used if no other is specified.
#
# Mandatory: no
# Range: SID is not supported.
# Default:
# Plugins.Oracle.Default.Service=
### Option: Plugins.Oracle.Default.User
# Username to be used for connection. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Oracle.Default.User=
### Option: Plugins.Oracle.Default.Password
# Password to be used for connectione. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Oracle.Default.Password=

194
legacy/zabbix/zabbix_agent2.d/plugins.d/postgresql.conf
View File

@ -1,194 +0,0 @@
### Option:Plugins.PostgreSQL.System.Path
# Path to external plugin executable.
#
# Mandatory: yes
# Default:
Plugins.PostgreSQL.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-postgresql
### Option: Plugins.PostgreSQL.CallTimeout
# The maximum time in seconds for waiting when a request has to be done.
# Global item-type timeout (or individual item timeout) will override this value if it is greater.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.PostgreSQL.CallTimeout=<Global timeout from Zabbix agent 2 configuration file>
### Option: Plugins.PostgreSQL.Timeout
# The maximum time in seconds for waiting when a connection has to be established.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.PostgreSQL.Timeout=<Global timeout from Zabbix agent 2 configuration file>
### Option: Plugins.PostgreSQL.KeepAlive
# Time in seconds for waiting before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.PostgreSQL.KeepAlive=300
### Option: Plugins.PostgreSQL.CustomQueriesPath
# Full pathname of a directory containing *.sql* files with custom queries.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.CustomQueriesPath=
### Option: Plugins.PostgreSQL.Sessions.*.Uri
# Uri to connect. "*" should be replaced with a session name.
#
# Mandatory: no
# Range:
# Must match the URI format.
# Supported schemas: "tcp" and "unix".
# Embedded credentials will be ignored.
# Default:
# Plugins.PostgreSQL.Sessions.*.Uri=
### Option: Plugins.PostgreSQL.Sessions.*.User
# Username for session connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must match the PostgreSQL user name.
# Default:
# Plugins.PostgreSQL.Sessions.*.User=
### Option: Plugins.PostgreSQL.Sessions.*.Password
# Password for session connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Range: Must match the Password format.
# Default:
# Plugins.PostgreSQL.Sessions.*.Password=
### Option: Plugins.PostgreSQL.Sessions.*.Database
# Database for session connection. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Sessions.*.Database=
### Option: Plugins.PostgreSQL.Sessions.*.TLSConnect
# Encryption type for PostgreSQL connection. "*" should be replaced with a session name.
# require/required - connect using TLS as transport mode without identity checks, acts like verify-ca if ca
# file is provided;
# verify-ca/verify_ca - connect using TLS and verify certificate;
# verify-full/verify_full - connect using TLS, verify certificate and verify that database identity (CN) specified
# by DBHost matches its certificate;
# Undefined encryption type means unencrypted connection.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Sessions.*.TLSConnect=
### Option: Plugins.PostgreSQL.Sessions.*.TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificate
# peer certificate verification.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Sessions.*.TLSCAFile=
### Option: Plugins.PostgreSQL.Sessions.*.TLSCertFile
# Full pathname of a file containing the PostgreSQL certificate or certificate chain.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Sessions.*.TLSCertFile=
### Option: Plugins.PostgreSQL.Sessions.*.TLSKeyFile
# Full pathname of a file containing the PostgreSQL private key.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Sessions.*.TLSKeyFile=
### Option: Plugins.PostgreSQL.Sessions.*.CacheMode
# Cache mode for PostgreSQL connection. "*" should be replaced with a session name.
# prepare - will create prepared statements on the PostgreSQL server.;
# describe - will use the anonymous prepared statement to describe a statement without creating a statement on the
# server.
#
# Mandatory: no
# Default: prepare
# Plugins.PostgreSQL.Sessions.*.CacheMode=
### Option: Plugins.PostgreSQL.Default.Uri
# Uri to connect. Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# Supported schemas: "tcp" and "unix".
# Embedded credentials will be ignored.
# Default:
# Plugins.PostgreSQL.Default.Uri=
### Option: Plugins.PostgreSQL.Default.User
# Username for session connection. Default value used if no other is specified.
#
# Mandatory: no
# Range: Must matches PostgreSQL user name.
# Default:
# Plugins.PostgreSQL.Default.User=
### Option: Plugins.PostgreSQL.Default.Password
# Password for session connection. Default value used if no other is specified.
#
# Mandatory: no
# Range: Must matches the Password format.
# Default:
# Plugins.PostgreSQL.Default.Password=
### Option: Plugins.PostgreSQL.Default.Database
# Database for session connection. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Default.Database=
### Option: Plugins.PostgreSQL.Default.TLSConnect
# Encryption type for Postgres connection. Default value used if no other is specified.
# tls connection required - required
# verifies certificates - verify_ca
# verify certificates and ip - verify_full
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Default.TLSConnect=
### Option: Plugins.PostgreSQL.Default.TLSCAFile
# Full pathname of a file containing the top-level CA(s) certificate
# peer certificate verification. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Default.TLSCAFile=
### Option: Plugins.PostgreSQL.Default.TLSCertFile
# Full pathname of a file containing the postgres certificate or certificate chain.
# Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Default.TLSCertFile=
### Option: Plugins.PostgreSQL.Default.TLSKeyFile
# Full pathname of a file containing the postgres private key. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.PostgreSQL.Default.TLSKeyFile=
### Option: Plugins.PostgreSQL.Default.CacheMode
# Cache mode for PostgreSQL connection.
# prepare - will create prepared statements on the PostgreSQL server.;
# describe - will use the anonymous prepared statement to describe a statement without creating a statement on the
# server.
#
# Mandatory: no
# Default: prepare
# Plugins.PostgreSQL.Default.CacheMode=

65
legacy/zabbix/zabbix_agent2.d/plugins.d/redis.conf
View File

@ -1,65 +0,0 @@
### Option: Plugins.Redis.Timeout
# The maximum time (in seconds) for waiting when a request has to be done.
#
# Mandatory: no
# Range: 1-30
# Default:
# Plugins.Redis.Timeout=<Global timeout>
### Option: Plugins.Redis.KeepAlive
# Time in seconds for waiting before unused connections will be closed.
#
# Mandatory: no
# Range: 60-900
# Default:
# Plugins.Redis.KeepAlive=300
### Option: Plugins.Redis.Sessions.*.Uri
# Uri to connect. "*" should be replaced with a session name.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# Supported schemas: "tcp" and "unix".
# Embedded credentials will be ignored.
# Default:
# Plugins.Redis.Sessions.*.Uri=
### Option: Plugins.Redis.Sessions.*.User
# User to send to protected Redis server. "*" should be replaced with a session name.
#
# Mandatory: no
# Default: default
# Plugins.Redis.Sessions.*.User=
### Option: Plugins.Redis.Sessions.*.Password
# Password to send to protected Redis server. "*" should be replaced with a session name.
#
# Mandatory: no
# Default:
# Plugins.Redis.Sessions.*.Password=
### Option: Plugins.Redis.Default.Uri
# Uri to connect. Default value used if no other is specified.
#
# Mandatory: no
# Range:
# Must matches the URI format.
# Supported schemas: "tcp" and "unix".
# Embedded credentials will be ignored.
# Default:
# Plugins.Redis.Default.Uri=
### Option: Plugins.Redis.Default.User
# User to send to protected Redis server. Default value used if no other is specified.
#
# Mandatory: no
# Default: default
# Plugins.Redis.Default.User=
### Option: Plugins.Redis.Default.Password
# Password to send to protected Redis server. Default value used if no other is specified.
#
# Mandatory: no
# Default:
# Plugins.Redis.Default.Password=

15
legacy/zabbix/zabbix_agent2.d/plugins.d/smart.conf
View File

@ -1,15 +0,0 @@
### Option: Plugins.Smart.Timeout
# The maximum time in seconds for waiting before smartctl execution is terminated.
# The timeout is for a single smartctl command line execution.
#
# Mandatory: no
# Range: 1-30
# Default: <Global timeout>
# Plugins.Smart.Timeout=
### Option: Plugins.Smart.Path
# Path to smartctl executable.
#
# Mandatory: no
# Default: smartctl
# Plugins.Smart.Path=