---
test case: No rules (all allowed)
in:
rules: []
out:
number_of_rules: 1
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_DENY
---
test case: No allowed keys
in:
rules:
- pattern: '*'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 1
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.localtime[utc]'
result: ZBX_KEY_ACCESS_DENY
---
test case: No arguments
in:
rules:
- pattern: 'vfs.file.contents'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Empty parameter list
in:
rules:
- pattern: 'vfs.file.contents[]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[""]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Any arguments
in:
rules:
- pattern: 'vfs.file.contents[*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/path/to/file]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Any arguments double asterisk
in:
rules:
- pattern: 'vfs.file.contents[**]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/path/to/file]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/path/to/file,UTF8]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Specific first parameter
in:
rules:
- pattern: 'vfs.file.contents[/etc/passwd,*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd,]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/var/log/zabbix_server.log]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: First argument pattern
in:
rules:
- pattern: 'vfs.file.contents[*passwd*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd,]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Any second parameter value
in:
rules:
- pattern: 'test[a,*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'test[a]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test[a,]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test[a,anything]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test[]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: First argument pattern and any following arguments
in:
rules:
- pattern: 'vfs.file.contents[*passwd*,*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd,]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/tmp/test]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Any first parameter value
in:
rules:
- pattern: 'test[*,b]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'test[anything,c]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'test[anything,b]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test[anything,b,c]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'test[anything,b,]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Empty second parameter value
in:
rules:
- pattern: 'test[a,,c]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'test[a,,c]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test[a,b,c]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Any second parameter value
in:
rules:
- pattern: 'vfs.file.contents[/var/log/zabbix_server.log,*,abc]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/var/log/zabbix_server.log,,abc]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/var/log/zabbix_server.log,utf8,abc]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/var/log/zabbix_server.log,,abc,def]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Specific parameters
in:
rules:
- pattern: 'vfs.file.contents[/etc/passwd,utf8]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd,]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents[/etc/passwd,utf16]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Quoted parameters
in:
rules:
- pattern: 'vfs.file.contents[/etc/passwd,utf8]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'system.run[*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents["/etc/passwd","utf8"]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents["/etc/passwd",""]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents["/etc/passwd","utf16"]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.run["echo 1"]'
result: ZBX_KEY_ACCESS_DENY
---
test case: Key pattern without arguments
in:
rules:
- pattern: 'vfs.file.*'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.size'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.size[/var/log/zabbix_server.log]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Key pattern with any arguments
in:
rules:
- pattern: 'vfs.file.*[*]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.*.contents'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 3
metrics:
- metric: 'vfs.file.size.bytes[]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.size[/var/log/zabbix_server.log, utf8]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.size.bytes'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.mount.point.file.contents'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs..contents'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.contents'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Whitelist
in:
rules:
- pattern: 'vfs.file.*[/var/log/*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'system.localtime[*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: '*'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 3
metrics:
- metric: 'vfs.file.size[/var/log/zabbix_server.log]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.contents[/var/log/zabbix_server.log]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.localtime[]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.localtime[utc]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.localtime'
result: ZBX_KEY_ACCESS_DENY
---
test case: Blacklist
in:
rules:
- pattern: 'vfs.file.contents[/etc/passwd,*]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'system.run[*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd,]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.run[]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.run[echo 2,a]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.localtime[utc]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Combined wildcard in key
in:
rules:
- pattern: 't*t*[a]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'test1[a]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test_best2[a]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'tests[a]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'test[a]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'best[a]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Duplicate rules
in:
rules:
- pattern: 'vfs.file.*'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.file.*'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.file.contents'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.file.contents[]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.file.contents[/etc/passwd]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.file.contents[/etc/passwd,*]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'vfs.file.*'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'vfs.file.contents'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'vfs.file.contents[]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'vfs.file.contents[/etc/passwd]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'vfs.file.contents[/etc/passwd,*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'net.*.in'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'net.*.in'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'net.*.in[]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'net.*.in[eth0]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'net.*.in[eth0,*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'net.*.in'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'net.*.in[]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'net.*.in[eth0]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'net.*.in[eth0,*]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'net.*.in[eth0,bytes]'
type: ZBX_KEY_ACCESS_DENY
- pattern: '*'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 11
metrics:
- metric: 'vfs.file.size'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.contents[/etc/passwd,utf8]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'net.if.in'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'net.if.in[]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'net.if.in[eth0]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'net.if.in[eth0,]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'net.if.in[eth0,packets]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'net.if.in[eth0,bytes]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_DENY
---
test case: No rules after AllowKey=*
in:
rules:
- pattern: 'vfs.file.*[*]'
type: ZBX_KEY_ACCESS_DENY
- pattern: '*'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'system.run[*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 1
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.size[/etc/systemd.conf]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: No rules after DenyKey=*
in:
rules:
- pattern: 'vfs.file.*[*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: '*'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'system.run[*]'
type: ZBX_KEY_ACCESS_ALLOW
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'vfs.file.size[/etc/systemd.conf]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.localtime'
result: ZBX_KEY_ACCESS_DENY
---
test case: Incomplete whitelist (no deny all at the end)
in:
rules:
- pattern: 'vfs.file.*[/var/log/*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: 'system.localtime[*]'
type: ZBX_KEY_ACCESS_ALLOW
exit code: failure
---
test case: No trailing AllowKey rules
in:
rules:
- pattern: 'vfs.file.*[*]'
type: ZBX_KEY_ACCESS_DENY
- pattern: 'system.run[*]'
type: ZBX_KEY_ACCESS_ALLOW
- pattern: '*'
type: ZBX_KEY_ACCESS_ALLOW
out:
number_of_rules: 2
metrics:
- metric: 'vfs.file.contents[/etc/passwd]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'vfs.file.size[/etc/systemd.conf]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'system.run[echo 1]'
result: ZBX_KEY_ACCESS_ALLOW
- metric: 'system.localtime'
result: ZBX_KEY_ACCESS_ALLOW
---
test case: Empty parameters match
in:
rules:
- pattern: 'web.page.get[localhost,*,*]'
type: ZBX_KEY_ACCESS_DENY
out:
number_of_rules: 2
metrics:
- metric: 'web.page.get[localhost]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'web.page.get[localhost,]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'web.page.get[localhost,/,80]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'web.page.get[localhost,/]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'web.page.get[localhost,,80]'
result: ZBX_KEY_ACCESS_DENY
- metric: 'web.page.get[127.0.0.1]'
result: ZBX_KEY_ACCESS_ALLOW
...