Zabbix モジュール間の通信を暗号化する

Click here to load reader

  • date post

    12-May-2015
  • Category

    Engineering

  • view

    2.175
  • download

    5

Embed Size (px)

description

Zabbix モジュール間の通信を暗号化する ~拠点間通信をstunnelで暗号化~

Transcript of Zabbix モジュール間の通信を暗号化する

  • 1.Zabbix!! stunnel (Takeshi YAMANE)/ Twitter : @fripper1214 fripper1214 at gmail.com 2014/06/29

2. (Takeshi YAMANE) https://twitter.com/fripper1214 https://www.facebook.com/takeshi.yamane.9 HW Zabbix(2.0.x) Zabbix(1.6.x) 3. Zabbix (2.2.4)Zabbix zabbix_server zabbix_agentd zabbix_proxy zabbix_agentd zabbix_server zabbix_proxy zabbix_sender zabbix_server zabbix_sender zabbix_proxy zabbix_get zabbix_agentd 4. NTTSoftBankVPN !! OpenVPNVPN httpsTCP SSL!! 5. SSL TCP stunnel https://www.stunnel.org/ LinuxWindows 5.022014/06/28 CentOSrpmorz 6. stunnel stunnel Zabbix stunnel stunnel stunnel 7. Zabbixstunnel(1) server(proxy) agentd tcp tcp server(proxy) agentd (get) 10050 10051 (trapper) server(proxy) agentd 10050 10051 10050 10051 11050 11051 8. Zabbixstunnel(2) server proxy zabbix_proxyactive proxy server !! server proxy passive proxy 10050 10051 active proxy server proxy10051 1005111051 agent agent agent agent 9. stunnel configure / make / make install yum / rpm (CentOS6) yum install stunnel init Zabbix http://www.gaztronics.net/scripts/stunnel.php 43stunnel 10. stunnel(1) key/cert openssl root# openssl genrsa 2048 > server.key root# openssl req -new -key server.key > server.csr root# openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt root# cat server.key server.crt > server.pem root# cp server.pem /etc/stunnel/ root# chmod 600 /etc/stunnel/server.pem 11. stunnel(2) stunnel.conf cert/key server agent cert = /etc/stunnel/server.pem key = /etc/stunnel/server.pem [zabbix-server] accept = 0.0.0.0:11051 tcp:11051 connect = 127.0.0.1:10051 localhost tcp:10051 [zabbix-agent-to-server] client = yes accept = 127.0.0.1:10051 agent tcp:10051 connect = 192.168.1.206:11051 server tcp:11051 12. Zabbix zabbix_server.conf ListenIP stunnel server stunnel 127.0.0.1 zabbix_proxy.conf Server proxy server localhost stunnel 127.0.0.1 zabbix_agentd.conf ServerActive agent(active) server localhost stunnel 127.0.0.1 13. !! stunnel ! (-o-) SSL stunnel! stunnel openssl stunnel / openssl