#Requires -RunAsAdministrator <# .SYNOPSIS Zabbix Agent 2 Deployment Script - Windows Installs and configures Zabbix Agent 2 with PSK auto-registration. .DESCRIPTION Target server: zabbix.snarfnet.net Downloads Zabbix Agent 2 MSI, installs it, configures PSK encryption, and starts the service for auto-registration. .PARAMETER PskKey Optional. A 64-character hex PSK key. If omitted, one is generated. .PARAMETER ZabbixVersion Optional. Zabbix version to install. Defaults to 7.0.0. .EXAMPLE .\deploy_zabbix_agent_windows.ps1 .\deploy_zabbix_agent_windows.ps1 -PskKey "aabbccdd..." #> param( [Parameter(Mandatory = $false)] [string]$PskKey = "", [Parameter(Mandatory = $false)] [string]$ZabbixVersion = "7.0.26" ) # --- Configuration --- $ZabbixServer = "zabbix.snarfnet.net" $PskIdentity = "PSK_autoregister" $HostMetadata = "Windows" $InstallDir = "C:\Program Files\Zabbix Agent 2" $ConfFile = "$InstallDir\zabbix_agent2.conf" $PskFile = "$InstallDir\zabbix_agent2.psk" $MsiUrl = "https://cdn.zabbix.com/zabbix/binaries/stable/7.0/$ZabbixVersion/zabbix_agent2-$ZabbixVersion-windows-amd64-openssl.msi" $MsiPath = "$env:TEMP\zabbix_agent2.msi" # --- Functions --- function Write-Log { param([string]$Message) Write-Host "[$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')] $Message" } function New-PskKey { $bytes = New-Object byte[] 32 $rng = [System.Security.Cryptography.RandomNumberGenerator]::Create() $rng.GetBytes($bytes) return ($bytes | ForEach-Object { $_.ToString("x2") }) -join '' } function Install-ZabbixAgent { Write-Log "Downloading Zabbix Agent 2 v$ZabbixVersion..." try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Invoke-WebRequest -Uri $MsiUrl -OutFile $MsiPath -UseBasicParsing } catch { Write-Log "ERROR: Failed to download MSI from $MsiUrl" Write-Log " $_" exit 1 } Write-Log "Installing Zabbix Agent 2..." $msiArgs = @( "/i", $MsiPath, "/qn", "/l*v", "$env:TEMP\zabbix_agent2_install.log", "SERVER=$ZabbixServer", "SERVERACTIVE=$ZabbixServer", "INSTALLFOLDER=`"$InstallDir`"" ) $process = Start-Process msiexec.exe -ArgumentList $msiArgs -Wait -PassThru if ($process.ExitCode -ne 0) { Write-Log "ERROR: MSI installation failed with exit code $($process.ExitCode)" Write-Log " Check log: $env:TEMP\zabbix_agent2_install.log" exit 1 } Remove-Item $MsiPath -Force -ErrorAction SilentlyContinue Write-Log "Installation complete." } function Set-AgentConfiguration { param([string]$Key) Write-Log "Writing PSK to $PskFile..." Set-Content -Path $PskFile -Value $Key -NoNewline $acl = Get-Acl $PskFile $acl.SetAccessRuleProtection($true, $false) $adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule( "BUILTIN\Administrators", "FullControl", "Allow") $systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule( "NT AUTHORITY\SYSTEM", "FullControl", "Allow") $acl.AddAccessRule($adminRule) $acl.AddAccessRule($systemRule) Set-Acl -Path $PskFile -AclObject $acl Write-Log "Configuring $ConfFile..." if (Test-Path $ConfFile) { Copy-Item $ConfFile "$ConfFile.bak.$(Get-Date -Format 'yyyyMMddHHmmss')" } $config = @" # Zabbix Agent 2 Configuration # Auto-generated by deployment script on $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') Server=$ZabbixServer ServerActive=$ZabbixServer HostnameItem=system.hostname HostMetadata=$HostMetadata # PSK Encryption TLSConnect=psk TLSAccept=psk TLSPSKIdentity=$PskIdentity TLSPSKFile=$PskFile # Logging LogFile=$InstallDir\zabbix_agent2.log LogFileSize=10 # Performance BufferSend=5 BufferSize=100 "@ Set-Content -Path $ConfFile -Value $config Write-Log "Configuration written." } function Start-ZabbixAgent { Write-Log "Configuring Zabbix Agent 2 service..." $svc = Get-Service -Name "Zabbix Agent 2" -ErrorAction SilentlyContinue if (-not $svc) { Write-Log "ERROR: Zabbix Agent 2 service not found. Installation may have failed." exit 1 } Set-Service -Name "Zabbix Agent 2" -StartupType Automatic Restart-Service -Name "Zabbix Agent 2" -Force Start-Sleep -Seconds 2 $svc = Get-Service -Name "Zabbix Agent 2" if ($svc.Status -eq "Running") { Write-Log "Zabbix Agent 2 is running." } else { Write-Log "WARNING: Service status is '$($svc.Status)'. Check logs at $InstallDir\zabbix_agent2.log" } } function Add-FirewallRule { $ruleName = "Zabbix Agent 2 (TCP-In 10050)" $existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue if (-not $existing) { Write-Log "Adding firewall rule for port 10050..." New-NetFirewallRule -DisplayName $ruleName ` -Direction Inbound -Protocol TCP -LocalPort 10050 ` -Action Allow -Profile Domain, Private | Out-Null } else { Write-Log "Firewall rule already exists." } } # --- Main --- Write-Log "=== Zabbix Agent 2 Deployment (Windows) ===" Write-Log "Server: $ZabbixServer" Write-Log "PSK Identity: $PskIdentity" # Generate or validate PSK if ([string]::IsNullOrEmpty($PskKey)) { $PskKey = New-PskKey Write-Log "Generated new PSK key." } if ($PskKey -notmatch '^[0-9a-fA-F]{32,128}$') { Write-Log "ERROR: PSK must be a 32-128 character hex string." exit 1 } Install-ZabbixAgent Set-AgentConfiguration -Key $PskKey Add-FirewallRule Start-ZabbixAgent Write-Log "=== Deployment Complete ===" Write-Log "PSK Identity: $PskIdentity" Write-Log "PSK Key: $PskKey" Write-Log "" Write-Log "IMPORTANT: Use this same PSK identity and key in your Zabbix server" Write-Log " auto-registration encryption settings."