Module: check_mk
Branch: master
Commit: 2618332e82e72ffed13378e3ebc2c6b68cef0e5f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2618332e82e72f…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Tue Apr 1 14:10:55 2014 +0200
reduced superflueous calls of get_snapshot_status(). fixed wording
Conflicts:
web/htdocs/wato.py
---
web/htdocs/wato.py | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 6b3a668..c81d10f 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -6180,7 +6180,8 @@ def mode_snapshot_detail(phase):
if not os.path.exists(snapshot_dir + '/' + snapshot_name):
raise MKUserError("_snapshot_name", _("The requested snapshot does not exist"))
- status = get_snapshot_status(snapshot_name, validate_checksums = True)
+ if phase not in ["buttons", "action"]:
+ status = get_snapshot_status(snapshot_name, validate_checksums = True)
if phase == "title":
return _("Snapshot details of %s") % html.attrencode(status["name"])
@@ -6424,16 +6425,16 @@ def mode_snapshot(phase):
elif status["type"] == "legacy" and status['checksums'] == None:
q = _('The integrity of this snapshot could not be verified.<br><br>'
- 'You are importing a legacy snapshot which can not be verified. The snapshot contains '
+ 'You are restoring a legacy snapshot which can not be verified. The snapshot contains '
'files which contain code that will be executed during runtime of the monitoring. Please '
'ensure that the snapshot is a legit, not manipulated file.<br><br>'
'Do you want to continue restoring the snapshot?')
else:
q = _('The integrity of this snapshot could not be verified.<br><br>'
- 'If you import a snapshot on the same site as you exported it, the checksum should '
+ 'If you restore a snapshot on the same site as where it was created, the checksum should '
'always be OK. If not, it is likely that something has been modified in the snapshot.<br>'
- 'When you exported the snapshot on another site, the checksum check will always fail.<br><br>'
+ 'When you restore the snapshot on a different site, the checksum check will always fail.<br><br>'
'The snapshot contains files which contain code that will be executed during runtime '
'of the monitoring. Please ensure that the snapshot is a legit, not manipulated file.<br><br>'
'Do you want to <i>ignore</i> the failed integrity check and restore the snapshot?')
Module: check_mk
Branch: master
Commit: 402218b6a4f0303c13da8d053f9f0f75879e4d9c
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=402218b6a4f030…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Apr 1 13:57:18 2014 +0200
FIX Signing and verification of WATO snapshot (addresses CVE-2014-2330)
This change addresses possible attacks against Check_MK using the WATO "Backup & Restore" module,
known as CVE-2014-2330.
In previous versions there were no checksum verifications or signings of the snapshots contents
implemented. This has been changed now. The files within the snapshot which contain Check_MK
configuration files and definitions of check commands etc. are now verified using checksums and
signed.
When you import / export a snapshot on a single site, there is no difference to the former handling.
When you or someone else modifies the snapshots between import and export, the restore process will
warn you about the modification and let you decide if you trust the file and restore it anyways or
terminate the restore process.
In the case you import a snapshot from another site, the singing can not be verified. In this case,
you get a warning about this and can continue or skip the restore process.
Conflicts:
ChangeLog
modules/automation.py
web/htdocs/wato.py
web/plugins/wato/backup_domains.py
---
.werks/767 | 22 +++
ChangeLog | 3 +
modules/automation.py | 61 ++++++--
web/htdocs/images/icon_snapshot_checksum.png | Bin 0 -> 2992 bytes
web/htdocs/images/icon_snapshot_nchecksum.png | Bin 0 -> 3550 bytes
web/htdocs/images/icon_snapshot_pchecksum.png | Bin 0 -> 3054 bytes
web/htdocs/wato.py | 192 +++++++++++++++++++------
web/plugins/wato/backup_domains.py | 4 +-
8 files changed, 227 insertions(+), 55 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=402218b6a4…
Module: check_mk
Branch: master
Commit: a86d4c62b3e14484234b434a6b315d929f3d6a71
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a86d4c62b3e144…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Apr 1 11:36:36 2014 +0200
Fixed problem in yesterdays change in transaction id handling
---
web/htdocs/htmllib.py | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/web/htdocs/htmllib.py b/web/htdocs/htmllib.py
index 847d338..d897b80 100644
--- a/web/htdocs/htmllib.py
+++ b/web/htdocs/htmllib.py
@@ -994,12 +994,16 @@ class html:
def transaction_valid(self):
if not self.has_var("_transid"):
return False
+
id = self.var("_transid")
- if not id or self.ignore_transids:
+ if self.ignore_transids and (not id or id == '-1'):
return True # automation
+ if '/' not in id:
+ return False
+
# Normal user/password auth user handling
- timestamp, rand = id.split("/")
+ timestamp, rand = id.split("/", 1)
# If age is too old (one week), it is always
# invalid:
Module: check_mk
Branch: master
Commit: 5a6705c30243638c16d428dd9eda62b77e5a311b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5a6705c3024363…
Author: Bastian Kuhn <bk(a)mathias-kettner.de>
Date: Tue Apr 1 11:29:10 2014 +0200
tsm_paths: little source cleanup
---
checks/tsm_paths | 4 ----
1 file changed, 4 deletions(-)
diff --git a/checks/tsm_paths b/checks/tsm_paths
index 1bd1eef..2b7f804 100644
--- a/checks/tsm_paths
+++ b/checks/tsm_paths
@@ -24,10 +24,6 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
-# Example output from agent:
-# Put here the example output from your TCP-Based agent. If the
-# check is SNMP-Based, then remove this section
-
def inventory_tsm_paths(info):
return [(None, None)]