主页 / 问题 / 1529330
Accepted
don Rumata
Asked:2023-07-07 06:31:32 +0000 UTC2023-07-07 06:31:32 +0000 UTC

如何限制zabbix agent从外网发现?

  • 772

我计划使用zabbix监控iron服务器。zabbix 服务器本身将位于同一服务器上的虚拟机内。我如何确保扫描我的白色 IP 的每个人都看不到我打开了代理端口?在互联网上,他们建议要么将端口更改为非标准端口,要么不要洗澡,因为设置中指定了服务器地址,这意味着其他请求将下降。但这一切听起来都像是半途而废。

linux

2 个回答

  1. Best Answer

    将 zabiks 放入虚拟隔离子网格中。在 ListenIP 配置中的代理上放置此子网的地址。

    • 1

  2. 我将用在测试环境中对我有用的最终实现来补充@eri 的答案。

    使用netplan

    /etc/netplan/01-netcfg.yaml

    # This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes
      addresses:
        - 10.100.1.38/24:
            label: "eth0:zbx-ag"

    测试/应用配置: sudo netplan try

    结果,输出是这样的:

    sudo ifconfig

    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet <внешний ip>  netmask 255.255.255.0  broadcast <внешний бродкаст>
        inet6 fe80::a00:27ff:fe46:b2e  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:46:0b:2e  txqueuelen 1000  (Ethernet)
        RX packets 118851  bytes 171228788 (171.2 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 67800  bytes 9228459 (9.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:zbx-ag: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.100.1.38  netmask 255.255.255.0  broadcast 10.100.1.255
        ether 08:00:27:46:0b:2e  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Локальная петля (Loopback))
        RX packets 128645  bytes 163302207 (163.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 128645  bytes 163302207 (163.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    更改 zabbix 代理设置:

    sudo sed -i 's/ListenIP=127.0.0.1/ListenIP=10.100.1.38/' /etc/zabbix/zabbix_agent2.conf

    重新开始:

    sudo systemctl restart zabbix-agent2.service

    利润!!!

    Zabbix代理被服务器看到

    从另一台计算机扫描外部 IP 将如下所示:

    nmap <внешний ip> -p10050

    Starting Nmap 7.80 ( https://nmap.org ) at 2023-07-09 11:29 UTC
Nmap scan report for <внешний ip>
Host is up (0.00033s latency).

PORT      STATE  SERVICE
10050/tcp closed zabbix-agent

    来源

    • 0

相关问题