get one of the Zabbix agent version
~]# wget https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
add Zabbix repository to be able to install
~]# rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
Retrieving https://repo.zabbix.com/zabbix/5.0/rhel/8/x86_64/zabbix-release-5.0-1.el8.noarch.rpm
warning: /var/tmp/rpm-tmp.Ankajf: Header V4 RSA/SHA512 Signature, key ID a14fe591: NOKEY
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:zabbix-release-5.0-1.el8 ################################# [ 50%]
Cleaning up / removing...
2:zabbix-release-5.0-1.el5 ################################# [100%]
~]# dnf clean all
install the Zabbix agent package
~]# dnf install zabbix-agent
start the Zabbix agent service and start it in boot
~]# systemctl enable --now zabbix-agent
Created symlink /etc/systemd/system/multi-user.target.wants/zabbix-agent.service → /usr/lib/systemd/system/zabbix-agent.service.
[root@cabinet ~]# systemctl status zabbix-agent
● zabbix-agent.service - Zabbix Agent
Loaded: loaded (/usr/lib/systemd/system/zabbix-agent.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-07-24 10:54:58 EEST; 19s ago
Process: 2920207 ExecStart=/usr/sbin/zabbix_agentd -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 2920209 (zabbix_agentd)
Tasks: 6 (limit: 49468)
Memory: 3.8M
install net-tool to run the netstat
~]# yum install net-tools
check listening ports
~]# netstat -nlptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
...
tcp 0 0 10.10.10.102:1500 0.0.0.0:* LISTEN ...
check firewall state:
~]# firewall-cmd --state
not running
if it’s running then stop and disable the firewall
! this option makes sense due to using the target host behind the other firewall or gateway, otherwise to tune the firewall in the proper way
~]# systemctl stop firewalld
~]# systemctl disable firewalld
if it’s not running then check access to port 10050 from another host:
~ # telnet 10.10.10.102 10050
Trying 10.10.10.102...
telnet: Unable to connect to remote host: No route to host
if it’s blocked then check iptables on the target host:
~]# iptables -S
...
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
...
add the open 10050 port rule to the iptables by command
~]# iptables -I INPUT 5 -p tcp -m tcp --dport 10050 -j ACCEPT
check the rule again
~]# iptables -S | grep 10050
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
and check the access from another host by telnet
~ # telnet 10.10.10.102 10050
Trying 10.10.10.102...
Connected to 10.10.10.102.
Escape character is '^]'.
Connection closed by foreign host.
return to the target host and save current iptables settings to backup iptables file and to the actual iptables config file (/etc/sysconfig/iptables)
# save actual working settings to backup file
~]# iptables-save > iptables_rules_20220724
# replace the actual iptables config file with actual working settings
~]# cp iptables_rules_20220724 /etc/sysconfig/iptables
# check expected record
~]# cat /etc/sysconfig/iptables | grep 10050
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
# or the rule could be added inside the /etc/sysconfig/iptables
# -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
References links:
https://serverspace.io/support/help/install-configure-zabbix-agent-centos-8/
https://linuxize.com/post/how-to-configure-and-manage-firewall-on-centos-8/
https://linuxhint.com/disable-firewall-centos-8/
https://forums.centos.org/viewtopic.php?t=9059
https://upcloud.com/resources/tutorials/configure-iptables-centos
