Zabbix 5.0 LTS released!

Zabbix 5.0 LTS released! Viva Zabbix!

Zabbix is one of the our favourite open source monitoring system. It offers dozens of functions, models, templates dedicated to the most importants vendrors (visit Zabbix Share).

What’s New in Zabbix 5.0 LTS
Zabbix 5.0 LTS release comes with significant improvements in usability, security, and integrity.

Here is just a shortlist of the most important functionality included in Zabbix 5.0 LTS.

You choose: deploy on-premise or in the cloud
Zabbix is a Free and Open Source monitoring solution that can be deployed everywhere depending on your needs!

In addition to existing official packages and appliances, Zabbix 5.0 now also caters to the following platforms: SUSE Linux Enterprise Server 15, Debian 10, Ubuntu 20.04, Raspbian 10, Mac OS/X, RHEL 8, CentOS 8, MSI for Windows Agent.

See all available platforms in Downloads

Zabbix introduces a new set of out-of-the-box integrations with industry-standard cloud providers:

  • AWS
  • Azure
  • Google Cloud Platform
  • Digital Ocean
  • Docker
  • IBM/RedHat Cloud
  • Oracle Cloud

SAML authentication for single sign-on
SAML is used to provide a single point of authentication at a secure identity provider, meaning that user credentials never leave the firewall boundary, and then SAML is used to assert the identity to Zabbix and other applications. Support of SAML allows to have out-of-the-box integration of Zabbix with various on-premise and cloud identity providers like Microsoft ADFS, OpenAM, SecurAuth, Okta, Auth0 and many others.

Secure and reliable monitoring
Zabbix 5.0 introduces significant improvements for much more secure monitoring:

  • Support of HTTP Proxy for webhooks that allows to make connections from Zabbix Server to external alerting and ITSM systems more secure and controlled
  • Support of blacklists and whitelists for metrics on agent-side
  • Configurable ciphers for all Zabbix components to avoid using of non-secure ciphers for TLS connections
  • Support of encrypted connections to MySQL and PostgreSQL backends
  • Strong SHA256 for keeping hashes of user passwords

Keep your secrets secure
Zabbix 5.0 supports secret user macros for keeping any sensitive information like passwords and API tokens that you do not want to be exposed to end-users.

Scalability and performance
Zabbix 5.0 supports optional compression of collected data for TimescaleDB. In addition to general TimescaleDB advantages (automatic partitioning, performance and scalability) it also helps to even more improve performance and lower storage costs.

Zabbix UI is also improved to support monitoring and management of millions of monitored devices.

Next generation Zabbix Agent got official support
The new agent offers a wide range of new capabilities and advanced monitoring functions for Linux and Windows:

  • Written in Golang
  • Plugin framework for monitoring of various services and applications
  • Ability to maintain state between checks (for example, keeping persistent DB connections)
  • Support of trapping
  • Built-in scheduler to support flexible time intervals
  • Efficient network usage through bulk data transfer
  • Support of persistent storage of collected data
  • Drop-in replacement of existing agents on Linux and Windows

For a complete list of new features check out the documentation.

NB! Existing Zabbix agent will still be supported.

Next generation Zabbix Agent got official support
Monitoring that is easy to use and manage
Zabbix 5.0 got tons of usability and automation improvements that help:

  • Threading for email notifications generated by the same event
  • New preprocessing operation Replace, new operator for JSONPath
  • Ability to unacknowledge event
  • Support of message templates for media types for straight forward configuration of notifications
  • CLI tool to test JavaScript-based preprocessing and webhooks
  • Ability to test new and existing metrics from UI
  • Support of mass update of user macros
  • SNMP settings moved to host interface level for more simple templates and easier management
  • Host and metric availability monitoring using function nodata() respects availability of proxies
  • Monitoring that is easy to use and manage


Flexibility to monitor anything you want
Zabbix 5.0 extended functionality to make it more flexible:

  • Triggers support operations with text data
  • Support of host macros for host prototypes
  • Support of Float64 datatype
  • Support of override for low level discovery (LLD) helps to create much smarter templates
  • Flexibility to monitor anything you want


Automation and discovery
Automation is an essential part of Zabbix. Zabbix 5.0 brings it forward with support of:

  • Discovery of Windows performance counters
  • Discovery of JMX counters
  • Better ODBC monitoring with ability to configure all options for each metric individually


Advanced visualization
Presenting data in a human readable way is critical for operations. Zabbix 5.0 helps to make it even better by introducing:

  • New layout of Zabbix UI optimized for wide screens
  • A new view (Monitoring->Hosts) for displaying a list of monitored devices with advanced filtering options
  • Support of filtering by event tags for some dashboard widgets
  • Ability to copy dashboard graphs as pictures
  • Support of UI modules to extend functionality of Zabbix
  • Faster creation of dashboards thanks to ability to copy widgets
  • Improved consistency of map labels

Test item from UI
In previous Zabbix versions, it was difficult to tell if a newly-configured item was configured correctly or not. For that you needed to wait until the item tried to gather some data.

In the new version it is possible to test the item (template item, item prototype, low-level discovery rule) from the user interface even before saving and, if configured correctly, get a real value in return.

Item testing is not supported for active items and some simple checks (icmpping*vmware.* items).

To test the item, click on the Test button at the bottom of the item configuration form.

Built-in integrations with ITSM systems
Zabbix 5.0 introduces a new set of out-of-the-box integrations with industry-standard cloud-based and on-premise ITSM systems.

Official webhook Coding Guideline was introduced to set standard and simplify creation of webhook based integrations.

zabbix.com/documentation/guidelines/webhooks

More integrations with ITSM systems: Integrations

Built-in integrations with alerting systems
Zabbix 5.0 introduces a new set of out-of-the-box integrations with industry-standard alerting and notification systems.

More integrations with alerting systems: Integrations

New and updated templates and plugins
Most of the existing templates are updated and new templates and plugins are introduced for monitoring of different services, applications and devices.

Most of the templates now take advantage of the functionality for smart automatic discovery of various resources.

More templates and plugins: Integrations

Adjust Zabbix to your needs, contribute!
Make your template, plugin or a webhook included into the official Zabbix distribution by following these three steps:

Sign Zabbix Contributor Agreement (ZCA)
zabbix.com/developers
Make Zabbix Pull Request
https://git.zabbix.com
Zabbix Dev Team will review and accept if everything is fine
Congratulations! Your solution is officially supported and thousands of Zabbix users are thankful for your effort!

More newly developed and improved features of Zabbix 5.0 LTS

  • Increased size of acknowledge messages from 255 to 4096 characters
  • Added support of LIBSSH to support newer platforms like RHEL 8
  • Support of Elasticsearch 7.x (7.4, 7.6)
  • Latest data displays data if filter is not set
  • Increased zabbix_sender time resolution to nanoseconds
  • Monitoring->Latest data: show data if filter is empty
  • Base64 processing in JavaScript using new functions atob() and btoa()
  • Do not log system.run[] for local use
  • Increased size of item key from 255 to 2048 characters
  • Ability to flush SNMP cache, SNMPv3 context changes
  • Faster hash function for internal operations
  • Documented how to do filtering for vmware.event monitoring
  • Improved consistency of map labels
  • Filter by individual severities for Monitoring→Problems
  • Ability to use user macros for IPMI user name and password
  • Remote monitoring of versions of Zabbix components
  • Added filter for discovery rules
  • New API method to get auditlog

Removed legacy to build a better product faster

  • No support of Internet Explorer 11
  • Dropped support of IBM DB2
  • mbedTLS (former polarSSL) is no longer supported for encryption. Only OpenSSL and GnuTSL libraries


Minimum supported version for PHP is now 7.2: safer and more strict code
And more! For a complete list of new features check out the Release notes. Release Notes.

More Informations about what’s new is here: Link

POSTFIX Error “fatal: parameter inet_interfaces: no local interface found for ::1”

Issue

You are note able to restart / start postfix and getting the below error.
fatal: parameter inet_interfaces: no local interface found for ::1

Solution

Edit the file /etc/postfix/main.cf

vim /etc/postfix/main.cf

search for the line inet_interfaces = all

And change it to:

inet_interfaces = 127.0.0.1, 10.10.11.12 10.10.11.12 is your local IP address

:wq! Save and exit

restart postfix.

service postfix restart

Please Comment and share if this post was able to fix your issue

Original Article: fatal: parameter inet_interfaces: no local interface found for ::1

Configure IPTABLES to Allow Access to Common Services This article gives the steps to open firewall ports on CentOS in Iptables IPv4

Basics

  • Iptables rules can be changed on the fly by using the iptables binary.
  • The rules that are set using iptables command are in memory only and will vanish when the daemon is restarted.
  • The firewall rules added on the fly can be saved to the configuration file easily in CentOS/RHEL with the command service iptables save
    • This is no need to edit the configuration file unless you really want to.
  • The following examples are aimed at hardening the inbound traffic, but allowing all outbound traffic.
    • You can completely lock down all inbound, outbound and forwarded traffic if needed. It generally just causes a lot more administration and usually isn’t necessary.

Basic Commands

iptables –flush delete all firewall rules from memory.
iptables –list List current firewall policies
service iptables save (CentOS/RHEL) save current rules in memory to configuration file (/etc/sysconfig/iptables)
service iptables restart restart iptables daemon and load firewall rules from configuration file.
iptables-save > /root/firwallrules.fw save firewall rules in memory to a specific configuration file.
iptables-restore > /root/firwallrules.fw restore firewall rules from a specific configuration file to memory.

Basic iptables Command Parameters

  • -A append to policy chain
  • INPUT | OUTPUT | FORWARD policy chain identifiers
  • -p protocol
  • -m match
  • -s source
  • –dport destination port
  • –state connection state
  • -j jump target ACCEPT | DROP

Backup Current Iptables Configuration to File

Before you begin, it is recommended to backup your current firewall rules.

iptables-save > /path/to/somewhere/filename

Example:

iptables-save > /home/user1/iptable-rules-20130308.fw

Remove All Current Rules

iptables --flush

Set Policy Chains Default Rule

iptables -P INPUT DROP
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD ACCEPT

Allow Loopback

iptables -A INPUT -i lo -j ACCEPT

Allow All Established and Related Connections

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Allow ICMP “ping” from LAN (TCP Port 22)

iptables -A INPUT -p icmp -m icmp -s 192.168.0.0/24 --icmp-type echo-request -j ACCEPT

Allow SSH from LAN (TCP Port 22)

iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow RSYNC from LAN (TCP Port 873)

iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow HTTP (TCP Port 80)

iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow HTTPS (TCP Port 443)

iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow MySQL Server Access from LAN (TCP Port 3306)

iptables -A INPUT -p tcp -m tcp -s 192.168.0.0/24 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT

Allow Nagios NRPE Client Access from Nagios Server (TCP Port 5666)

iptables -A INPUT -s 192.168.0.100 -p tcp -m tcp --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT

Save Current Rules in Memory to Configuration File

service iptables save

Restart Service

service iptables restart

iptables: insert a rule at a specific line number

# list the rules with line numbers

iptables -nL --line-numbers

# insert a rule at line 5

iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 4000 -j ACCEPT

Related Articles: Configure iptablesiptables: insert a rule at a specific line number

How to disable IPv6 on Linux CentOS or RHEL 7 This Article describes procedure to disable IPv6 on CentOS or Red Hat 7.x

There are 2 ways to do this:

  1. Disable IPv6 in kernel module (requires reboot)
  2. Disable IPv6 using sysctl settings (no reboot required)

To verify if IPv6 is enabled or not, execute :

# ifconfig -a | grep inet6

inet6 fe80::211:aff:fe6a:9de4 prefixlen 64 scopeid 0x20
inet6 ::1 prefixlen 128 scopeid 0x10[host]

Disable IPv6 in kernel module (requires reboot)

1) Edit /etc/default/grub and add ipv6.disable=1 in line

GRUB_CMDLINE_LINUX, e.g.:

# vi /etc/default/grub

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT=”console”
GRUB_CMDLINE_LINUX=”ipv6.disable=1 crashkernel=auto rhgb quiet”
GRUB_DISABLE_RECOVERY=”true”

2) Regenerate a GRUB configuration file and overwrite existing one:

# grub2-mkconfig -o /boot/grub2/grub.cfg

3) Restart system and verify no line “inet6” in “ip addr show” command output.

# shutdown -r now
 

# ip addr show | grep net6

Disable IPv6 using sysctl settings (no reboot required)

1) Append below lines in /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

NOTE : To disable IPv6 on a single interface add below lines to /etc/sysctl.conf :
net.ipv6.conf.[interface].disable_ipv6 = 1 ### put interface name here [interface]
net.ipv6.conf.default.disable_ipv6 = 1

2) To make the settings affective, execute :

# sysctl -p

NOTE : make sure the file /etc/ssh/sshd_config contains the line AddressFamily inet to avoid breaking SSH Xforwarding if you are using the sysctl method

3) Add the AddressFamily line to sshd_config :

# vi /etc/ssh/sshd_config
 ....
 AddressFamily inet
 ....
 Restart sshd for changes to get get effect :

# systemctl restart sshd

Related Articles: CentOS / RHEL 7 : How to disable IPv6

Initial Network Setup with UBUNTU Server Main steps to configure newtwork services on Linux Ubuntu Server

How do I change the hostname without a restart?

sudo hostname your-new-name

Assigning a static IP to Ubuntu Server

vi /etc/network/interfaces

Example:

auto eth0
 iface eth0 inet static

address 192.168.1.128
 netmask 255.255.255.0
 network 192.168.1.0
 broadcast 192.168.1.255
 gateway 192.168.1.1

How to disable IPv6 in Ubuntu?

vi /etc/sysctl.conf

insert the following lines at the end:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Linux Proxy Server Settings – Set Proxy For Command Line

env | grep -i proxy

check the file :

cat /etc/apt/apt.conf
cat /etc/environment

To Modify contents of file (remove everything from apt.conf for no proxy and only proxy sentences from environment)!

sudo nano /etc/apt/apt.conf
sudo nano /etc/environment
Acquire::http::Proxy "http://proxy.site.com:8080";

Manually edit DNS in Ubuntu

sudo nano /etc/resolvconf/resolv.conf.d/base

Add your DNS to the file :

nameserver 8.8.8.8
nameserver 8.8.4.4

Update resolv configuration:

sudo resolvconf -u

Setting up NTP on Ubuntu

sudo apt-get install ntp ntpdate

sudo nano /etc/ntp.conf

server myserverdnsname1 or IP
server myserverdnsname2 or IP
server myserverdnsname3 or IP

sudo service ntp start

sudo ntpd -gq

watch ntpq -cpe -cas

Grab you Ubuntu server HERE