Shulou(Shulou.com)06/02 Report--

After Zabbix version 3.0, the encryption of communication between Zabbix server, Zabbix proxy, Zabbix agent and zabbix_sender and zabbix_get is supported. The encryption methods include pre-shared key (PSK) and certificate encryption, encryption configuration is optional, some proxies and agents can use certificate authentication to encrypt communication, others can use PSK encryption to encrypt communication, while the rest can communicate without encryption, it should be noted that if you want to use encrypted communication The-with-openssl parameter must be added when compiling.

1. Generate and add PSK shared key

Use the command openssl rand-hex 32 to produce a string of keys. The configuration steps are as follows:

[root@zabbix scripts] # openssl rand-hex 32ef52cbe2d1a35e6bb3c43b22bd4f1a1d7bf24d1ccb7c47f6a602425970da5432# writes the generated key to the file vim / data/zabbix/etc/psk/zabbix.pskvim / data/zabbix/etc/zabbix_agentd.conf# to join TLSConnect=pskTLSAccept=pskTLSPSKFile=/data/zabbix/etc/psk/zabbix.pskTLSPSKIdentity=PSK ID # restart the zabbix_agent process after configuration is completed

two。 Add in zabbix web gui

3. Test command

Zabbix_get-s 127.0.0.1-k "system.cpu.load [all Avg1] "--tls-connect=psk-- tls-psk-identity=" PSK ID "--tls-psk-file=/data/zabbix/etc/psk/zabbix.psk [root@10.28.233.188 ~] $/ data/zabbix/bin/zabbix_get-s 10.81.47.129-p 9528-k" tps "- tls-connect psk--tls-psk-identity=" LianYu "- tls-psk-file / data/zabbix/etc/psk/zabbix.psk 452.05

4..zabbix_get usage

# only use this command zabbix_get-s host-name-or-IP [- p port-number] [- I IP-address]-k item-key zabbix_get-s host-name-or-IP [- p port-number] [- I IP-address]-- tls-connect cert-- tls-ca-file CA-file [--tls-crl-file CRL-file] [--on the zabbix server side Tls-agent-cert-issuer cert-issuer] [--tls-agent-cert- subject cert-subject]-- tls-cert-file cert-file-- tls-key-file key-file-k item-key zabbix_get-s host-name-or-IP [- p port-number] [- I IP-address]-- tls-connect psk--tls-psk-identity PSK-identity-- tls-psk-file PSK-file-k item-key Zabbix_get-h zabbix_get-V OPTIONS-s -host host-name-or-IP specifies the hostname or IP address of the host. -p,-port port-number specifies the port number of the agent running on the host. The default value is 10050. -I,-source-address IP-address specifies the source IP address. The key of the-kremlin color key specifies the key of the item for which you want to retrieve the value -- how the tls-connect value connects to the proxy. Values: encryption No encrypted connection (default) PSK uses TLS and pre-shared key to connect cert uses TLS and certificate connection-tls-ca-file CA file The full pathname of the file that contains the top-level CA (s) certificate used for peer certificate verification. The tls-crl-file CRL file contains the full pathname of the file whose certificate has been revoked. -- the proxy certificate issuer allowed by the tls-agent-cert-issuer issuer certificate. -- the proxy certificate subject allowed by tls-agent-cert-subject cert-subject. -- the tls-cert-file certificate file contains the full pathname of the file for the certificate or certificate chain. -- the full pathname of the file containing the private key in the tls-key-file key file. -- tls-psk-identity PSK-identity PSK identity string. -- the full pathname of the file containing the pre-shared key in the tls-psk-file PSK file. -h,-help displays this help and exits. -V,-version outputs version information and exits.

Example:

1 zabbix_get-s 127.0.0.1-p 10050-k "system.cpu.load [all,avg1]" 2 zabbix_get-s 127.0.0.1-p 10050-k "system.cpu.load [all,avg1]"-tls- connect cert--tls-ca-file / home / zabbix / zabbix_ca_file-- tls-agent-cert-issuer "CN = signed CA,OU = IT operation, O = example company, DC = example DC = com "- tls-agent-cert-subject" CN = server1,OU = IT operations,O = Example Corp,DC = example,DC = com "--tls-cert-file / home/zabbix/zabbix_get.crt-- tls-key-file / home/zabbix/zabbix_get.key 3 zabbix_get-s 127.0.0.1-p 10050-k" system.cpu.load [all Avg1] "- tls-connect psk--tls-psk-identity" PSK ID Zabbix agentd "--tls-psk-file / home/zabbix/zabbix_agentd.psk

Summary

The above is the editor introduced to you the zabbix psk encryption combined with zabbix_get values, I hope to help you, if you have any questions welcome to leave a message, the editor will reply to you in time!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.