Difference between revisions of "Zabbix encryption"
Jump to navigation
Jump to search
| Line 47: | Line 47: | ||
# | sed 's/\//\\\//g'A | # | sed 's/\//\\\//g'A | ||
dir_zabbix_agent_certs_esc=$(echo $dir_zabbix_agent_certs | sed 's_/_\\/_g') | dir_zabbix_agent_certs_esc=$(echo $dir_zabbix_agent_certs | sed 's_/_\\/_g') | ||
| − | sudo sed -i "s/^(# |)TLSAccept=.*/TLSAccept=cert/g" $zabbix_agent_config_file | + | sudo sed -i "s/^\(# \|\)TLSAccept=.*/TLSAccept=cert/g" $zabbix_agent_config_file |
| − | sudo sed -i "s/^(# |)TLSConnect=.*/TLSConnect=unencrypted/g" $zabbix_agent_config_file | + | sudo sed -i "s/^\(# \|\)TLSConnect=.*/TLSConnect=unencrypted/g" $zabbix_agent_config_file |
# sudo sed -i "s/^(# |)TLSCAFile=.*/TLSCAFile=$dir_zabbix_agent_certs\/zabbix_ca.crt/g" $zabbix_agent_config_file | # sudo sed -i "s/^(# |)TLSCAFile=.*/TLSCAFile=$dir_zabbix_agent_certs\/zabbix_ca.crt/g" $zabbix_agent_config_file | ||
| − | sudo sed -i "s/^(# |)TLSCAFile=.*/TLSCAFile=$dir_zabbix_agent_certs_esc\/zabbix_ca.crt/g" $zabbix_agent_config_file | + | sudo sed -i "s/^\(# \|\)TLSCAFile=.*/TLSCAFile=$dir_zabbix_agent_certs_esc\/zabbix_ca.crt/g" $zabbix_agent_config_file |
| − | sudo sed -i "s/^(# |)TLSCertFile=.*/TLSCertFile=$dir_zabbix_agent_certs_esc\/zabbix_agent.crt/g" $zabbix_agent_config_file | + | ^\(# \|\) |
| − | sudo sed -i "s/^(# |)TLSKeyFile=.*/TLSKeyFile=$dir_zabbix_agent_certs_esc\/zabbix_agent.key/g" $zabbix_agent_config_file | + | sudo sed -i "s/^\(# \|\)TLSCertFile=.*/TLSCertFile=$dir_zabbix_agent_certs_esc\/zabbix_agent.crt/g" $zabbix_agent_config_file |
| + | sudo sed -i "s/^\(# \|\)TLSKeyFile=.*/TLSKeyFile=$dir_zabbix_agent_certs_esc\/zabbix_agent.key/g" $zabbix_agent_config_file | ||
exit | exit | ||
| Line 59: | Line 60: | ||
dir_zabbix_server_certs_esc=$(echo $dir_zabbix_server_certs | sed 's_/_\\/_g') | dir_zabbix_server_certs_esc=$(echo $dir_zabbix_server_certs | sed 's_/_\\/_g') | ||
cp $zabbix_server_config_file $zabbix_server_config_file.$ts | cp $zabbix_server_config_file $zabbix_server_config_file.$ts | ||
| − | sudo sed -i "s/^(# |)TLSCAFile=.*/TLSCAFile=$dir_zabbix_server_certs_esc\/zabbix_ca.crt/g" $zabbix_server_config_file | + | sudo sed -i "s/^\(# \|\)TLSCAFile=.*/TLSCAFile=$dir_zabbix_server_certs_esc\/zabbix_ca.crt/g" $zabbix_server_config_file |
| − | sudo sed -i "s/^(# |)TLSCertFile=.*/TLSCertFile=$dir_zabbix_server_certs_esc\/zabbix_server.crt/g" $zabbix_server_config_file | + | sudo sed -i "s/^\(# \|)\TLSCertFile=.*/TLSCertFile=$dir_zabbix_server_certs_esc\/zabbix_server.crt/g" $zabbix_server_config_file |
| − | sudo sed -i "s/^(# |)TLSKeyFile=.*/TLSKeyFile=$dir_zabbix_server_certs_esc\/zabbix_server.key/g" $zabbix_server_config_file | + | sudo sed -i "s/^\(# \|\)TLSKeyFile=.*/TLSKeyFile=$dir_zabbix_server_certs_esc\/zabbix_server.key/g" $zabbix_server_config_file |
# # TLSAccept=cert, unencrypted | # # TLSAccept=cert, unencrypted | ||
Revision as of 00:38, 9 November 2020
Script to gen server agent and update
#!/usr/bin/env bash
set -ex
ts=$(date "+%Y%m%d-%H%M%S")
dir_zabbix_agent_certs=/etc/ssl/zabbix_agent_certs
dir_zabbix_server_certs=/etc/ssl/zabbix_server_certs
zabbix_agent_config_file=/etc/zabbix/zabbix_agentd.conf
zabbix_server_config_file=/etc/zabbix/zabbix_server.conf
subject="/C=US/ST=Utah/L=South Jordan/O=Viabenefits/OU=Monitor/CN=*.extendhealth.com"
# | sed 's/\//\\\//g'A
# dir_zabbix_agent_certs_esc=$(echo $dir_zabbix_agent_certs | sed 's_/_\\/_g')
# exit
rm -rf zabbix_ca
mkdir zabbix_ca
chmod 700 zabbix_ca
cd zabbix_ca
openssl genrsa -aes256 -out zabbix_ca.key 4096
openssl req -x509 -new -key zabbix_ca.key -sha256 -days 3560 -out zabbix_ca.crt -subj "${subject}"
openssl genrsa -out zabbix_server.key 2048
openssl req -new -key zabbix_server.key -out zabbix_server.csr -subj "${subject}"
openssl x509 -req -in zabbix_server.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_server.crt -days 1460 -sha256
openssl genrsa -out zabbix_agent.key 2048
openssl req -new -key zabbix_agent.key -out zabbix_agent.csr -subj "${subject}"
openssl x509 -req -in zabbix_agent.csr -CA zabbix_ca.crt -CAkey zabbix_ca.key -CAcreateserial -out zabbix_agent.crt -days 1460 -sha256
mkdir $dir_zabbix_agent_certs || true
chown zabbix $dir_zabbix_agent_certs
chmod 500 $dir_zabbix_agent_certs
cp zabbix_ca.crt $dir_zabbix_agent_certs/
cp zabbix_agent.crt $dir_zabbix_agent_certs/
cp zabbix_agent.key $dir_zabbix_agent_certs/
mkdir $dir_zabbix_server_certs || true
chown zabbix $dir_zabbix_server_certs
chmod 500 $dir_zabbix_server_certs
cp zabbix_ca.crt $dir_zabbix_server_certs/
cp zabbix_server.crt $dir_zabbix_server_certs/
cp zabbix_server.key $dir_zabbix_server_certs/
# edit zabbix_agent2.conf
cp $zabbix_agent_config_file $zabbix_agent_config_file.$ts
# | sed 's/\//\\\//g'A
dir_zabbix_agent_certs_esc=$(echo $dir_zabbix_agent_certs | sed 's_/_\\/_g')
sudo sed -i "s/^\(# \|\)TLSAccept=.*/TLSAccept=cert/g" $zabbix_agent_config_file
sudo sed -i "s/^\(# \|\)TLSConnect=.*/TLSConnect=unencrypted/g" $zabbix_agent_config_file
# sudo sed -i "s/^(# |)TLSCAFile=.*/TLSCAFile=$dir_zabbix_agent_certs\/zabbix_ca.crt/g" $zabbix_agent_config_file
sudo sed -i "s/^\(# \|\)TLSCAFile=.*/TLSCAFile=$dir_zabbix_agent_certs_esc\/zabbix_ca.crt/g" $zabbix_agent_config_file
^\(# \|\)
sudo sed -i "s/^\(# \|\)TLSCertFile=.*/TLSCertFile=$dir_zabbix_agent_certs_esc\/zabbix_agent.crt/g" $zabbix_agent_config_file
sudo sed -i "s/^\(# \|\)TLSKeyFile=.*/TLSKeyFile=$dir_zabbix_agent_certs_esc\/zabbix_agent.key/g" $zabbix_agent_config_file
exit
# edit zabbix_server.conf
dir_zabbix_server_certs_esc=$(echo $dir_zabbix_server_certs | sed 's_/_\\/_g')
cp $zabbix_server_config_file $zabbix_server_config_file.$ts
sudo sed -i "s/^\(# \|\)TLSCAFile=.*/TLSCAFile=$dir_zabbix_server_certs_esc\/zabbix_ca.crt/g" $zabbix_server_config_file
sudo sed -i "s/^\(# \|)\TLSCertFile=.*/TLSCertFile=$dir_zabbix_server_certs_esc\/zabbix_server.crt/g" $zabbix_server_config_file
sudo sed -i "s/^\(# \|\)TLSKeyFile=.*/TLSKeyFile=$dir_zabbix_server_certs_esc\/zabbix_server.key/g" $zabbix_server_config_file
# # TLSAccept=cert, unencrypted
# TLSAccept=cert
# TLSConnect=unencrypted
# TLSCAFile=/path/to/zabbix_agent_certs/zabbix_ca.crt
# TLSCertFile=/path/to/zabbix_agent_certs/zabbix_agent.crt
# TLSKeyFile=/path/to/zabbix_agent_certs/zabbix_agent.key
# edit zabbix_server.conf
# TLSCAFile=/path/to/zabbix_server_certs/zabbix_ca.crt
# TLSCertFile=/path/to/zabbix_server_certs/zabbix_server.crt
# TLSKeyFile=/path/to/zabbix_server_certs/zabbix_server.ke