[20:12] <samy1028> Zabbix agent in Ubuntu 20.04 FIPS is v4.0, which is older.  Later versions (6.0+) I have to get from the Zabbix repository.  Unfortunately, the Zabbix repository uses incompatible ciphers compared to FIPS and failes TLS connections.
[20:13] <samy1028> Are there any updates planned for Zabbix and Zabbix-Agent2 for Ubuntu 20.04 FIPS?
[20:13] <sarnold> samy1028: you'll have to ask your zabbix sales agent
[20:14] <samy1028> sarnold, there is a Zabbix agent in the Ubuntu repository though.  So I guess there aren't any plans to release a later version at the moment?  Or is it provided to Ubuntu from Zabbix?
[20:17] <sarnold> samy1028: wholesale version upgrades of zabbix in the archive is very unlikely; I don't know much about the support end of canonical but "prepare a ppa with zabbix that has been configured to work with FIPS" certainly feels like a plausible thing the support team could do
[20:17] <sarnold> samy1028: heck, the support team might even be willing to make a ppa of newer zabbix, but it'd be worth knowing *why* you'd want a newer zabbix before approaching them
[20:20] <samy1028> specifically, to limit the actions of what Zabbix can do on the remote system, there's an option called "AllowedKey" which allows you to specify a specific remote script to run.  According to the documentation I can find the AllowKey options are only available in 5.0 and later.
[20:20] <sarnold> aha, that sounds like a nice feature indeed
[20:20] <sarnold> you may be able to achieve something similar with an appropriate apparmor profile around the agent
[20:24] <samy1028> also, the 4.0 version only supports the original zabbix-agent whereas the later versions support zabbix-agent2 which gives more flexibility and control of scritps.