diff --git a/admin/zabbix/Makefile b/admin/zabbix/Makefile index 80346b2b08..37b4029f06 100644 --- a/admin/zabbix/Makefile +++ b/admin/zabbix/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zabbix PKG_VERSION:=7.0.22 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cdn.zabbix.com/zabbix/sources/stable/$(basename $(PKG_VERSION))/ \ @@ -91,21 +91,21 @@ define Package/zabbix-extra-mac80211 $(call Package/zabbix/Default) TITLE+= discovery/userparameters for mac80211 DEPENDS = +zabbix-agentd @PACKAGE_MAC80211_DEBUGFS @KERNEL_DEBUG_FS - BUILD_VARIANT:=no-configure + VARIANT:=no-configure endef define Package/zabbix-extra-network $(call Package/zabbix/Default) TITLE+= discovery/userparameters for network DEPENDS = +zabbix-agentd +libubus-lua +lua - BUILD_VARIANT:=no-configure + VARIANT:=no-configure endef define Package/zabbix-extra-wifi $(call Package/zabbix/Default) TITLE+= discovery/userparameters for wifi DEPENDS = +zabbix-agentd +libiwinfo-lua +libubus-lua +lua - BUILD_VARIANT:=no-configure + VARIANT:=no-configure endef define Package/zabbix-sender diff --git a/admin/zabbix/patches/010-change-agentd-config.patch b/admin/zabbix/patches/010-change-agentd-config.patch index 894b224119..9215ddc234 100644 --- a/admin/zabbix/patches/010-change-agentd-config.patch +++ b/admin/zabbix/patches/010-change-agentd-config.patch @@ -4,7 +4,7 @@ Date: Wed, 17 Dec 2025 18:28:37 -0500 Subject: [PATCH] zabbix_agentd: Tweak config file for OpenWrt Note: original patch had no header, header added 2025-12-16, while -bumping package version. Modified 2025-12-25. +bumping package version. Modified 2025-12-25. Modified 2026-01-21. 1. Use syslog not a file for logging 2. Place PidFile under /var/run/zabbix @@ -12,6 +12,7 @@ bumping package version. Modified 2025-12-25. 4. Do not do active checks by default 5. Use the system hostname as hostname (except on zabbix server) 6. Include configurations under /etc/zabbix_agentd.conf.d/ +7. Drop privileges to the zabbix-agent user (instead of zabbix) Signed-off-by: Daniel F. Dickinson --- @@ -73,6 +74,15 @@ Signed-off-by: Daniel F. Dickinson ### Option: HostnameItem # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined. # Does not support UserParameters or aliases. +@@ -315,7 +309,7 @@ Hostname=Zabbix server + # + # Mandatory: no + # Default: +-# User=zabbix ++User=zabbix-agent + + ####### USER-DEFINED MONITORED PARAMETERS ####### + @@ -545,5 +539,5 @@ Hostname=Zabbix server # Include= diff --git a/admin/zabbix/patches/020-change-server-config.patch b/admin/zabbix/patches/020-change-server-config.patch index bdd6f1764d..ece3817cd9 100644 --- a/admin/zabbix/patches/020-change-server-config.patch +++ b/admin/zabbix/patches/020-change-server-config.patch @@ -5,7 +5,9 @@ Subject: [PATCH] Make zabbix_server config suitable for OpenWrt 1. Log to (default ephemeral) syslog, not a file (and don't rotate) 2. Update PidFile path so correct permissions can be set for access by - Zabbix server running without privileges. + Zabbix server running without privileges +3. If started as root, drop privileges to zabbix-server user (instead of + zabbix) Signed-off-by: Daniel F. Dickinson --- @@ -50,3 +52,12 @@ Signed-off-by: Daniel F. Dickinson ### Option: SocketDir # IPC socket directory. # Directory to store IPC sockets used by internal Zabbix services. +@@ -698,7 +704,7 @@ LogSlowQueries=3000 + # + # Mandatory: no + # Default: +-# User=zabbix ++User=zabbix-server + + ### Option: SSLCertLocation + # Location of SSL client certificates.