Zabbix 5.0 LTS released!

Zabbix 5.0 LTS released! Viva Zabbix!

Zabbix is one of the our favourite open source monitoring system. It offers dozens of functions, models, templates dedicated to the most importants vendrors (visit Zabbix Share).

What’s New in Zabbix 5.0 LTS
Zabbix 5.0 LTS release comes with significant improvements in usability, security, and integrity.

Here is just a shortlist of the most important functionality included in Zabbix 5.0 LTS.

You choose: deploy on-premise or in the cloud
Zabbix is a Free and Open Source monitoring solution that can be deployed everywhere depending on your needs!

In addition to existing official packages and appliances, Zabbix 5.0 now also caters to the following platforms: SUSE Linux Enterprise Server 15, Debian 10, Ubuntu 20.04, Raspbian 10, Mac OS/X, RHEL 8, CentOS 8, MSI for Windows Agent.

See all available platforms in Downloads

Zabbix introduces a new set of out-of-the-box integrations with industry-standard cloud providers:

  • AWS
  • Azure
  • Google Cloud Platform
  • Digital Ocean
  • Docker
  • IBM/RedHat Cloud
  • Oracle Cloud

SAML authentication for single sign-on
SAML is used to provide a single point of authentication at a secure identity provider, meaning that user credentials never leave the firewall boundary, and then SAML is used to assert the identity to Zabbix and other applications. Support of SAML allows to have out-of-the-box integration of Zabbix with various on-premise and cloud identity providers like Microsoft ADFS, OpenAM, SecurAuth, Okta, Auth0 and many others.

Secure and reliable monitoring
Zabbix 5.0 introduces significant improvements for much more secure monitoring:

  • Support of HTTP Proxy for webhooks that allows to make connections from Zabbix Server to external alerting and ITSM systems more secure and controlled
  • Support of blacklists and whitelists for metrics on agent-side
  • Configurable ciphers for all Zabbix components to avoid using of non-secure ciphers for TLS connections
  • Support of encrypted connections to MySQL and PostgreSQL backends
  • Strong SHA256 for keeping hashes of user passwords

Keep your secrets secure
Zabbix 5.0 supports secret user macros for keeping any sensitive information like passwords and API tokens that you do not want to be exposed to end-users.

Scalability and performance
Zabbix 5.0 supports optional compression of collected data for TimescaleDB. In addition to general TimescaleDB advantages (automatic partitioning, performance and scalability) it also helps to even more improve performance and lower storage costs.

Zabbix UI is also improved to support monitoring and management of millions of monitored devices.

Next generation Zabbix Agent got official support
The new agent offers a wide range of new capabilities and advanced monitoring functions for Linux and Windows:

  • Written in Golang
  • Plugin framework for monitoring of various services and applications
  • Ability to maintain state between checks (for example, keeping persistent DB connections)
  • Support of trapping
  • Built-in scheduler to support flexible time intervals
  • Efficient network usage through bulk data transfer
  • Support of persistent storage of collected data
  • Drop-in replacement of existing agents on Linux and Windows

For a complete list of new features check out the documentation.

NB! Existing Zabbix agent will still be supported.

Next generation Zabbix Agent got official support
Monitoring that is easy to use and manage
Zabbix 5.0 got tons of usability and automation improvements that help:

  • Threading for email notifications generated by the same event
  • New preprocessing operation Replace, new operator for JSONPath
  • Ability to unacknowledge event
  • Support of message templates for media types for straight forward configuration of notifications
  • CLI tool to test JavaScript-based preprocessing and webhooks
  • Ability to test new and existing metrics from UI
  • Support of mass update of user macros
  • SNMP settings moved to host interface level for more simple templates and easier management
  • Host and metric availability monitoring using function nodata() respects availability of proxies
  • Monitoring that is easy to use and manage


Flexibility to monitor anything you want
Zabbix 5.0 extended functionality to make it more flexible:

  • Triggers support operations with text data
  • Support of host macros for host prototypes
  • Support of Float64 datatype
  • Support of override for low level discovery (LLD) helps to create much smarter templates
  • Flexibility to monitor anything you want


Automation and discovery
Automation is an essential part of Zabbix. Zabbix 5.0 brings it forward with support of:

  • Discovery of Windows performance counters
  • Discovery of JMX counters
  • Better ODBC monitoring with ability to configure all options for each metric individually


Advanced visualization
Presenting data in a human readable way is critical for operations. Zabbix 5.0 helps to make it even better by introducing:

  • New layout of Zabbix UI optimized for wide screens
  • A new view (Monitoring->Hosts) for displaying a list of monitored devices with advanced filtering options
  • Support of filtering by event tags for some dashboard widgets
  • Ability to copy dashboard graphs as pictures
  • Support of UI modules to extend functionality of Zabbix
  • Faster creation of dashboards thanks to ability to copy widgets
  • Improved consistency of map labels

Test item from UI
In previous Zabbix versions, it was difficult to tell if a newly-configured item was configured correctly or not. For that you needed to wait until the item tried to gather some data.

In the new version it is possible to test the item (template item, item prototype, low-level discovery rule) from the user interface even before saving and, if configured correctly, get a real value in return.

Item testing is not supported for active items and some simple checks (icmpping*vmware.* items).

To test the item, click on the Test button at the bottom of the item configuration form.

Built-in integrations with ITSM systems
Zabbix 5.0 introduces a new set of out-of-the-box integrations with industry-standard cloud-based and on-premise ITSM systems.

Official webhook Coding Guideline was introduced to set standard and simplify creation of webhook based integrations.

zabbix.com/documentation/guidelines/webhooks

More integrations with ITSM systems: Integrations

Built-in integrations with alerting systems
Zabbix 5.0 introduces a new set of out-of-the-box integrations with industry-standard alerting and notification systems.

More integrations with alerting systems: Integrations

New and updated templates and plugins
Most of the existing templates are updated and new templates and plugins are introduced for monitoring of different services, applications and devices.

Most of the templates now take advantage of the functionality for smart automatic discovery of various resources.

More templates and plugins: Integrations

Adjust Zabbix to your needs, contribute!
Make your template, plugin or a webhook included into the official Zabbix distribution by following these three steps:

Sign Zabbix Contributor Agreement (ZCA)
zabbix.com/developers
Make Zabbix Pull Request
https://git.zabbix.com
Zabbix Dev Team will review and accept if everything is fine
Congratulations! Your solution is officially supported and thousands of Zabbix users are thankful for your effort!

More newly developed and improved features of Zabbix 5.0 LTS

  • Increased size of acknowledge messages from 255 to 4096 characters
  • Added support of LIBSSH to support newer platforms like RHEL 8
  • Support of Elasticsearch 7.x (7.4, 7.6)
  • Latest data displays data if filter is not set
  • Increased zabbix_sender time resolution to nanoseconds
  • Monitoring->Latest data: show data if filter is empty
  • Base64 processing in JavaScript using new functions atob() and btoa()
  • Do not log system.run[] for local use
  • Increased size of item key from 255 to 2048 characters
  • Ability to flush SNMP cache, SNMPv3 context changes
  • Faster hash function for internal operations
  • Documented how to do filtering for vmware.event monitoring
  • Improved consistency of map labels
  • Filter by individual severities for Monitoring→Problems
  • Ability to use user macros for IPMI user name and password
  • Remote monitoring of versions of Zabbix components
  • Added filter for discovery rules
  • New API method to get auditlog

Removed legacy to build a better product faster

  • No support of Internet Explorer 11
  • Dropped support of IBM DB2
  • mbedTLS (former polarSSL) is no longer supported for encryption. Only OpenSSL and GnuTSL libraries


Minimum supported version for PHP is now 7.2: safer and more strict code
And more! For a complete list of new features check out the Release notes. Release Notes.

More Informations about what’s new is here: Link

POSTFIX Error “fatal: parameter inet_interfaces: no local interface found for ::1”

Issue

You are note able to restart / start postfix and getting the below error.
fatal: parameter inet_interfaces: no local interface found for ::1

Solution

Edit the file /etc/postfix/main.cf

vim /etc/postfix/main.cf

search for the line inet_interfaces = all

And change it to:

inet_interfaces = 127.0.0.1, 10.10.11.12 10.10.11.12 is your local IP address

:wq! Save and exit

restart postfix.

service postfix restart

Please Comment and share if this post was able to fix your issue

Original Article: fatal: parameter inet_interfaces: no local interface found for ::1

Intel’s CPU List affected by Meltdown and Spectre Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

We talk about Meltdown and Spectre Here and Here.

In this article we’re reporting the Intel’s CPU list affected by Meltdown and Spectre.

Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

 

Intel ID: INTEL-SA-00088
Product family: Systems with Speculative Execution
Impact of vulnerability: Information Disclosure
Severity rating: Important
Original release: Jan 03, 2018
Last revised: Jan 03, 2018
Summary:Today a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’ processors and operating systems.

Intel is committed to product and customer security and to responsible disclosure. We worked closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to mitigate this issue promptly and constructively.

For facts about these new exploits, and steps you can take to help protect your systems and information please visit: https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html.

Description:Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Affected products:For non-Intel based systems please contact your system manufacturer or microprocessor vendor (AMD, ARM, Qualcomm, etc.) for updates.

The following Intel-based platforms are impacted by this issue. Intel may modify this list at a later time. Please check with your system vendor or equipment manufacturer for more information regarding updates for your system.

  • Intel® Core™ i3 processor (45nm and 32nm)
  • Intel® Core™ i5 processor (45nm and 32nm)
  • Intel® Core™ i7 processor (45nm and 32nm)
  • Intel® Core™ M processor family (45nm and 32nm)
  • 2nd generation Intel® Core™ processors
  • 3rd generation Intel® Core™ processors
  • 4th generation Intel® Core™ processors
  • 5th generation Intel® Core™ processors
  • 6th generation Intel® Core™ processors
  • 7th generation Intel® Core™ processors
  • 8th generation Intel® Core™ processors
  • Intel® Core™ X-series Processor Family for Intel® X99 platforms
  • Intel® Core™ X-series Processor Family for Intel® X299 platforms
  • Intel® Xeon® processor 3400 series
  • Intel® Xeon® processor 3600 series
  • Intel® Xeon® processor 5500 series
  • Intel® Xeon® processor 5600 series
  • Intel® Xeon® processor 6500 series
  • Intel® Xeon® processor 7500 series
  • Intel® Xeon® Processor E3 Family
  • Intel® Xeon® Processor E3 v2 Family
  • Intel® Xeon® Processor E3 v3 Family
  • Intel® Xeon® Processor E3 v4 Family
  • Intel® Xeon® Processor E3 v5 Family
  • Intel® Xeon® Processor E3 v6 Family
  • Intel® Xeon® Processor E5 Family
  • Intel® Xeon® Processor E5 v2 Family
  • Intel® Xeon® Processor E5 v3 Family
  • Intel® Xeon® Processor E5 v4 Family
  • Intel® Xeon® Processor E7 Family
  • Intel® Xeon® Processor E7 v2 Family
  • Intel® Xeon® Processor E7 v3 Family
  • Intel® Xeon® Processor E7 v4 Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon Phi™ Processor 3200, 5200, 7200 Series
  • Intel® Atom™ Processor C Series
  • Intel® Atom™ Processor E Series
  • Intel® Atom™ Processor A Series
  • Intel® Atom™ Processor x3 Series
  • Intel® Atom™ Processor Z Series
  • Intel® Celeron® Processor J Series
  • Intel® Celeron® Processor N Series
  • Intel® Pentium® Processor J Series
  • Intel® Pentium® Processor N Series

 

Recommendations:Intel has worked with operating system vendors, equipment manufacturers, and other ecosystem partners to develop software updates that can help protect systems from these methods. End users and systems administrators should check with their operating system vendors and apply any available updates as soon as practical.

For non-Intel based systems please contact your system manufacturer or microprocessor vendor (AMD, ARM, Qualcomm, etc.) for updates.

Please check with your system vendor or equipment manufacturer for more information regarding your system.

Other variants of this side-channel analysis are being addressed by Operating System and Software Vendors.  For more details see:

–         CVE-2017-5753 https://01.org/security/advisories/intel-oss-10002

–         CVE-2017-5754 https://01.org/security/advisories/intel-oss-10003

Acknowledgements:Intel would like to thank Jann Horn with Google Project Zero for his original report and for working with the industry on coordinated disclosure.

Intel would also like to thank the following researchers for working with us on coordinated disclosure.

  • Moritz Lipp, Michael Schwarz, Daniel Gruss, Stefan Mangard from Graz University of Technology
  • Paul Kocher, Daniel Genkin from University of Pennsylvania and University of Maryland, Mike Hamburg from Rambus, Cryptography Research Division and Yuval Yarom from  University of Adelaide and Data61.

Thomas Prescher and Werner Haas from Cyberus Technology, Germa

Revision history:

Revision
Date
Description
1.0
03-January-2018
Initial Release
1.1
03-January-2018
Update Links
1.2
05-January-2018
Update
CVE Name:  CVE-2017-5715

Meltdown and Spectre CPU flaws for Windows 2003 Windows, Meltdown and Spectre: Keep calm and carry on

Microsoft releases Windows patches

Yesterday evening, Microsoft released Windows patches — Security-only Updates, Cumulative Updates, and Delta Updates — for a wide array of Window versions, from Win7 onward. See the Update Catalog for details. (Thx, @Crysta). Note that the patches are listed with a “Last Updated” date of Jan. 4, not Jan. 3, the nominal release date. The Win7 and 8.1 patches are Security Only (the kind you have to install manually). I’ve been assured that the Win7 and 8.1 Monthly Rollups will come out next week on Patch Tuesday.

The Win10 patch for Fall Creators Update, version 1709, contains other security fixes besides those related to Meltdown. The other Win10 patches appear to be Meltdown-only. Those of you running the beta version of Win10 1803, in the Insider Program, have already received the patches.

BUT… you won’t get any patches installed unless and until your antivirus software sets a specific registry key. (It now appears as if the value of the key doesn’t matter; just the presence of the registry entry turns on Meltdown protection. Thx, @abbodi86, @MrBrian.) If you’re running third-party antivirus, it has to be updated before the Meltdown patch installer will run. It looks as if there are known problems with bluescreens for some antivirus products.

There are also cumulative updates for Internet Explorer 11 in various versions of Win7 and 8.1 listed in the Update Catalog. The fixes for Win10, and for Edge, are inside the respective Win10 cumulative updates. Microsoft has also released fixes for SQL Server 2016 and 2017.

Note that the Windows Server patches are not enabled by default. Those of you who want to turn on Meltdown protection have to change the registry. (Thx @GossiTheDog)

Question: Does Microsoft will release patches for olders operating systems like Windows Server 2003, Windows Server 2000?

Answer: Maybe No. Windows XP and Server 2003 don’t yet have patches. As you know these operating system are out of support. No word on whether Microsoft will release those sooner or later.

Operating system version Update KB
Windows Server, version 1709 (Server Core Installation) 4056892
Windows Server 2016 4056890
Windows Server 2012 R2 4056898
Windows Server 2012 Not available
Windows Server 2008 R2 4056897
Windows Server 2008 Not available

Kevin Beaumont, @GossiTheDog, is maintaining a list of antivirus products and their Meltdown-related problems. On Google Docs, of course.

Related Articles: Windows, Meltdown and Spectre | Meltdown and Spectre CPU flaws | Widenet Meltdown and Spectre CPU Blog

All You Need To Know About Spectre And Meltdown A pair of bugs has silently infested CPUs from Intel, AMD, and ARM for years.

 

After two days of whirlwind developments, we finally have more of a complete picture of the new vulnerabilities that impact processors from the leading vendors. Reports initially surfaced two days ago that Intel’s processors are susceptible to a new hardware-based bug that cannot be patched with a mere microcode update. A report from The Register, based in part on a blog post, said that incoming Windows and Linux patches would correct the vulnerability but come with a 5-30% performance loss depending on the workload.

The industry remained silent due to NDAs that were scheduled to expire on January 9, the same date as a round of patches were scheduled to appear. After a day of silence while its stock slumped, Intel issued a statement and claimed the issue is not a hardware bug. Intel also announced that it’s working with other titans of the industry, such as AMD and ARM Holdings, to “develop an industry-wide approach to resolve this issue promptly and constructively.” AMD has since released a statement and claimed that it has minimal exposure to the primary vulnerability.

The root issues behind the vulnerabilities weren’t clearly defined at the time, but a slew of releases from several of the parties involved, along with Google’s Project Zero team, have shed light on two new exploits that have served as the catalyst for the recent developments. We’ll cover the new exploits below; then we’ll get to the updates from Intel, ARM, AMD, and Nvidia.

Performance First

Before we dive into the nuts and bolts, recent tests indicate the patch does not impart a cataclysmic performance loss in most workloads. Phoronix tested the Linux patch, and Computerbase.de tested a patched Windows Insider build.

The good news? Most desktop applications appear to be safe in both Windows 10 and Linux. That includes most workloads that are largely confined to the user space, such as gaming and normal productivity applications. There does appear to be a slowdown to storage I/O operations (2-7%), but for now it’s hard to ascertain if that is due to the patch or other kernel updates. The Windows 10 patch was rolled out to the Windows Insider builds in November, and there haven’t been reports of performance issues.

The bad news? The patch does incur a performance overhead to some enterprise applications. Phoronix recorded significant performance regressions in the object-relational PostgreSQL database. Redis also suffers a performance loss. Many industry analysts feel the real impacts will come in virtualized environments, but we have yet to see benchmarks. Google has already updated all its cloud infrastructure, which includes its cloud computing services, and we haven’t yet heard of significant user backlash due to reduced performance.

Meet Meltdown & Spectre

Google’s Project Zero touched off the vulnerability scare when it discovered that it could access data held in the protected kernel memory through two exploits that are now known as Meltdown and Spectre. Google does not believe these exploits have ever been used in the wild, but it’s impossible to tell if they have or not.

 

Meltdown is both easy to execute and easy to fix. This exploit allows applications to read from the protected kernel memory. That ability can allow hackers to read passwords, encryption keys, or other data from the memory. Intel’s statement specifically noted that the exploits cannot corrupt, modify, or delete data, but those points are moot if the attacker can access passwords and encryption keys. The biggest concern for data centers and cloud service providers is that the exploit also allows an application resident in one virtual machine to access the memory of another remote virtual machine. This means an attacker could rent an instance on a public cloud and collect information from other virtual machines on the same server.

Researchers have been able to execute a Meltdown exploit only on Intel processors, although ARM has submitted patches to protect itself from the same method of attack. In fact, the attack exploits Intel’s out-of-order execution implementation that is present on every Intel processor made since 1995. Researchers discovered Meltdown last year. The exploit is reportedly simple enough that a script kiddie could execute the attack, so a fix is of utmost importance.

Apple already patched this exploit in the MacOS December OSX patch (10.13.2). Windows is also pushing emergency patches out immediately. The Linux kernel has also been patched. These patches do have performance impacts, as we noted above, that largely revolve around how frequently the application issues kernel calls.

The Spectre exploit is much more nefarious and impacts Intel, AMD, and ARM. This exploit can access kernel memory or data from other applications. Researchers contend that fixing this exploit would require a fundamental re-tooling of all processor architectures, so we’ll live with the threat of this vulnerability for the foreseeable future. Fortunately, this exploit is extremely hard to execute and requires an elevated level of knowledge of the interior workings of the target processor.

These two exploits are categorized into three variants. Variants 1 and 2 are Spectre, whereas Variant 3 is Meltdown. Intel is vulnerable to all three.

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)

Levels Of Exposure

We reached out to AMD, and the company responded with the following information, which has since been publicly released.

Most notably, AMD claims that is has zero vulnerability to Variant 3 (Meltdown), stating that the patches that are currently being issued for Meltdown do not apply to its processors due to “architectural differences.” This is excellent news for AMD, as it therefore has no exposure to the current round of potentially performance-sapping patches. That bodes very well for the company as it reenters the data center with a competitive line of EPYC processors.

The Ryzen desktop processors are also not susceptible to Meltdown. Linus Torvalds has also granted AMD an exemption to the performance penalties incurred by the Linux patch for Meltdown.

AMD is vulnerable to Variant 1, which is a Spectre exploit. As noted above, many contend that Spectre is not likely to see an effective patch any time soon, and some researchers claim the vulnerability exists in every modern processor architecture in existence. They also claim that fixing the issues could require a redesign of fundamental processor architectures. AMD said it has a patch that can mitigate Variant 1 with minimal performance impact and further stated that it has a “near zero risk of exploitation” from Variant 2, which is also a Spectre exploit.

Nvidia also issued a statement regarding the vulnerabilities:

Nvidia’s core business is GPU computing. We believe our GPU hardware is immune to the reported security issue and are updating our GPU drivers to help mitigate the CPU security issue. As for our SoCs with ARM CPUs, we have analyzed them to determine which are affected and are preparing appropriate mitigations.

ARM Holdings has added a security update to its website that outlines its exposure to the vulnerabilities, and like Intel, it is susceptible to all three variants.

The legal ramifications of these developments could be troublesome. The Law Offices of Howard G. Smith has already announced an investigation on behalf of Intel Corporation investors, and there will likely be more similar developments in the coming weeks. Intel has a history of establishing a reserve to cover pending large-scale hardware replacements, but the company has not disclosed a new fund to deal with the vulnerabilities. The company has also stated that it does not expect any impact to its business.

Intel’s statement on the matter specifically says that the exploits are not caused by a “bug” or a “flaw” that is unique to Intel products. Intel also noted that the exploits can “gather sensitive data from computing devices that are operating as designed.” These statements likely indicate Intel will defend any potential claims because “the hardware is working correctly.” Depending on when these vulnerabilities became known (some claim that Meltdown-type attacks have been a known entity since 2010), these points may be challenged in court. ARM and other vendors may also face similar challenges.

Intel’s CEO, Brian Krzanich, also sold $39 million in stocks in November 2017 (this doesn’t include the amount he paid for the stock options). These transaction initially appeared innocuous (and they may be) because Krzanich sold the stock under a 10b5-1(c) plan, which is a pre-planned sale of stocks intended to prevent claims of insider trading. The sale left Krzanich with the Intel-mandated minimum of 250,000 stocks. The sale was pre-planned on October 30. Now, though, MarketWatch claims Intel was made aware of the vulnerability on June 1, which may draw attention to the matter from regulatory officials. Business Insider said a representative for the Securities and Exchange Commission declined to comment on the matter.

Considering the lengthy preparation period, we imagine there will not be any major service disruptions to the cloud service providers. However, we expect more details to come to light concerning performance impacts of the new patches on various workloads. Stay tuned.

Related Articles: Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, And Nvidia