=== chris14_ is now known as chris14 === chris14_ is now known as chris14 === cpaelzer_ is now known as cpaelzer === JanC_ is now known as JanC === kostkon_ is now known as kostkon === shokohsc0 is now known as shokohsc [20:12] Zabbix agent in Ubuntu 20.04 FIPS is v4.0, which is older. Later versions (6.0+) I have to get from the Zabbix repository. Unfortunately, the Zabbix repository uses incompatible ciphers compared to FIPS and failes TLS connections. [20:13] Are there any updates planned for Zabbix and Zabbix-Agent2 for Ubuntu 20.04 FIPS? [20:13] samy1028: you'll have to ask your zabbix sales agent [20:14] sarnold, there is a Zabbix agent in the Ubuntu repository though. So I guess there aren't any plans to release a later version at the moment? Or is it provided to Ubuntu from Zabbix? [20:17] samy1028: wholesale version upgrades of zabbix in the archive is very unlikely; I don't know much about the support end of canonical but "prepare a ppa with zabbix that has been configured to work with FIPS" certainly feels like a plausible thing the support team could do [20:17] samy1028: heck, the support team might even be willing to make a ppa of newer zabbix, but it'd be worth knowing *why* you'd want a newer zabbix before approaching them [20:20] specifically, to limit the actions of what Zabbix can do on the remote system, there's an option called "AllowedKey" which allows you to specify a specific remote script to run. According to the documentation I can find the AllowKey options are only available in 5.0 and later. [20:20] aha, that sounds like a nice feature indeed [20:20] you may be able to achieve something similar with an appropriate apparmor profile around the agent [20:24] also, the 4.0 version only supports the original zabbix-agent whereas the later versions support zabbix-agent2 which gives more flexibility and control of scritps. === chris14_ is now known as chris14 === mrmango176 is now known as mrmango17