Checkmk git commits May 2015

checkmk-commits@lists.checkmk.com

7 participants
200 discussions

Check_MK Git: check_mk: First version of filedisks.include

by Bastian Kuhn

Module: check_mk Branch: master Commit: cbebdb878d58e58f82db090a691c54ef26d4dd4b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cbebdb878d58e5… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Fri May 8 15:49:14 2015 +0200 First version of filedisks.include --- agents/special/agent_ibmsvc | 2 + checks/filerdisks.include | 103 +++++++++++++++++++++++++++++ checks/ibm_svc_disks | 81 +++++++++++++++++++++++ checks/netapp_api_disk | 109 +++++++++++-------------------- web/plugins/wato/check_parameters.py | 6 +- web/plugins/wato/datasource_programs.py | 3 +- 6 files changed, 229 insertions(+), 75 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=cbebdb878d…

9 years, 1 month

Check_MK Git: check_mk: #2266: Fix: windows agent: fixed invalid agent output if system memory exceeds 2TB RAM

by Andreas Boesl

Module: check_mk Branch: master Commit: ac1ad16efa704ffced9cbb63adb2b76e6a9450bc URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ac1ad16efa704f… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Fri May 8 13:26:07 2015 +0200 #2266: Fix: windows agent: fixed invalid agent output if system memory exceeds 2TB RAM --- .werks/2266 | 11 +++++++++++ ChangeLog | 1 + agents/windows/build_version | 2 +- agents/windows/check_mk_agent.cc | 16 ++++++++-------- agents/windows/check_mk_agent.exe | Bin 181760 -> 182272 bytes agents/windows/check_mk_agent.msi | Bin 730112 -> 730624 bytes agents/windows/check_mk_agent.unversioned.exe | Bin 181760 -> 182272 bytes agents/windows/install_agent-64.exe | Bin 177884 -> 177884 bytes agents/windows/install_agent.exe | Bin 158917 -> 158985 bytes 9 files changed, 21 insertions(+), 9 deletions(-) diff --git a/.werks/2266 b/.werks/2266 new file mode 100644 index 0000000..e48b112 --- /dev/null +++ b/.werks/2266 @@ -0,0 +1,11 @@ +Title: windows agent: fixed invalid agent output if system memory exceeds 2TB RAM +Level: 1 +Component: checks +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i1 +Date: 1431084054 + +The section <tt>mem</tt> section reported invalid (negative) values if the +windows host had equal or more than 2TB RAM. diff --git a/ChangeLog b/ChangeLog index cd75f38..290653d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -357,6 +357,7 @@ * 1244 FIX: windows_tasks: Fixed handling of tasks manually stopped by admin... * 1245 FIX: printer_output: Now correctly detect a bin with unknown as name * 2265 FIX: db2_version: improved check output when version information is missing... + * 2266 FIX: windows agent: fixed invalid agent output if system memory exceeds 2TB RAM... Multisite: * 1758 Improved exception hander: Shows details without additional debug request, added mailto link for error report... diff --git a/agents/windows/build_version b/agents/windows/build_version index b4f334f..aaacbe6 100644 --- a/agents/windows/build_version +++ b/agents/windows/build_version @@ -1 +1 @@ -141 +142 diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc index 80de70d..103945f 100755 --- a/agents/windows/check_mk_agent.cc +++ b/agents/windows/check_mk_agent.cc @@ -2540,14 +2540,14 @@ void section_mem(SOCKET &out) statex.dwLength = sizeof (statex); GlobalMemoryStatusEx (&statex); - output(out, "MemTotal: %11d kB\n", statex.ullTotalPhys / 1024); - output(out, "MemFree: %11d kB\n", statex.ullAvailPhys / 1024); - output(out, "SwapTotal: %11d kB\n", (statex.ullTotalPageFile - statex.ullTotalPhys) / 1024); - output(out, "SwapFree: %11d kB\n", (statex.ullAvailPageFile - statex.ullAvailPhys) / 1024); - output(out, "PageTotal: %11d kB\n", statex.ullTotalPageFile / 1024); - output(out, "PageFree: %11d kB\n", statex.ullAvailPageFile / 1024); - output(out, "VirtualTotal: %11d kB\n", statex.ullTotalVirtual / 1024); - output(out, "VirtualFree: %11d kB\n", statex.ullAvailVirtual / 1024); + output(out, "MemTotal: %s kB\n", llu_to_string(statex.ullTotalPhys / 1024)); + output(out, "MemFree: %s kB\n", llu_to_string(statex.ullAvailPhys / 1024)); + output(out, "SwapTotal: %s kB\n", llu_to_string((statex.ullTotalPageFile - statex.ullTotalPhys) / 1024)); + output(out, "SwapFree: %s kB\n", llu_to_string((statex.ullAvailPageFile - statex.ullAvailPhys) / 1024)); + output(out, "PageTotal: %s kB\n", llu_to_string(statex.ullTotalPageFile / 1024)); + output(out, "PageFree: %s kB\n", llu_to_string(statex.ullAvailPageFile / 1024)); + output(out, "VirtualTotal: %s kB\n", llu_to_string(statex.ullTotalVirtual / 1024)); + output(out, "VirtualFree: %s kB\n", llu_to_string(statex.ullAvailVirtual / 1024)); } // .-----------------------------------------------------------------------. diff --git a/agents/windows/check_mk_agent.exe b/agents/windows/check_mk_agent.exe index 30aecce..dd7be26 100755 Binary files a/agents/windows/check_mk_agent.exe and b/agents/windows/check_mk_agent.exe differ diff --git a/agents/windows/check_mk_agent.msi b/agents/windows/check_mk_agent.msi index b789847..c516b52 100755 Binary files a/agents/windows/check_mk_agent.msi and b/agents/windows/check_mk_agent.msi differ diff --git a/agents/windows/check_mk_agent.unversioned.exe b/agents/windows/check_mk_agent.unversioned.exe index 6b2b57e..91d5c9d 100755 Binary files a/agents/windows/check_mk_agent.unversioned.exe and b/agents/windows/check_mk_agent.unversioned.exe differ diff --git a/agents/windows/install_agent-64.exe b/agents/windows/install_agent-64.exe index de21efe..8ea1c38 100755 Binary files a/agents/windows/install_agent-64.exe and b/agents/windows/install_agent-64.exe differ diff --git a/agents/windows/install_agent.exe b/agents/windows/install_agent.exe index 8e55954..ea42ae2 100755 Binary files a/agents/windows/install_agent.exe and b/agents/windows/install_agent.exe differ

9 years, 1 month

Check_MK Git: check_mk: Fix .f12 script in agents that deleted baked container

by Mathias Kettner

Module: check_mk Branch: master Commit: 3f866ea1ee634004f0ee771813e1501fe373f049 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3f866ea1ee6340… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Fri May 8 11:37:27 2015 +0200 Fix .f12 script in agents that deleted baked container --- agents/.f12 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agents/.f12 b/agents/.f12 index 6484ad4..61ec5bc 100644 --- a/agents/.f12 +++ b/agents/.f12 @@ -1,7 +1,7 @@ #!/bin/bash SITE=${SITE:-$(cat ../.site 2>/dev/null || true)} SITE=${SITE:-$(omd sites --bare | head -n 1)} -sudo rsync -varx --delete ./ /omd/sites/$SITE/share/check_mk/agents/ +sudo rsync -varx --delete --exclude=baked* ./ /omd/sites/$SITE/share/check_mk/agents/ if [ -e /etc/check_mk ] then sudo install -m 644 cfg_examples/logwatch.cfg /etc/check_mk/

9 years, 1 month

Check_MK Git: check_mk: Removed obsolete code comments

by Mathias Kettner

Module: check_mk Branch: master Commit: 93d496716e524631975651cbebc5c58314df9d21 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=93d496716e5246… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Fri May 8 10:54:37 2015 +0200 Removed obsolete code comments --- web/plugins/views/availability.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/web/plugins/views/availability.py b/web/plugins/views/availability.py index 011f0be..e21f776 100644 --- a/web/plugins/views/availability.py +++ b/web/plugins/views/availability.py @@ -27,11 +27,6 @@ import availability, table from valuespec import * -# TODO: CSV-Export geht nicht mehr -# --> A: hosts/services -# --> B: bi -# Export as PDF von timelineansicht - # Variable name conventions # av_rawdata: a two tier dict: (site, host) -> service -> list(spans) # In case of BI (site, host) is (None, aggr_group), service is aggr_name

9 years, 1 month

Check_MK Git: check_mk: Fixed CSV export for BI availability

by Mathias Kettner

Module: check_mk Branch: master Commit: ff71e6c0098bf7efc1b2ddd25f095324b2fe6dad URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ff71e6c0098bf7… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Fri May 8 10:47:53 2015 +0200 Fixed CSV export for BI availability --- web/htdocs/table.py | 1 + web/plugins/views/availability.py | 131 ++++++++++++++++++++++--------------- 2 files changed, 81 insertions(+), 51 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=ff71e6c009…

9 years, 1 month

Check_MK Git: check_mk: #2265 FIX db2_version: improved check output when version information is missing

by Andreas Boesl

Module: check_mk Branch: master Commit: 3a25e7a069256c4b2f8aad31b1a1d511117aa910 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3a25e7a069256c… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Fri May 8 10:44:06 2015 +0200 #2265 FIX db2_version: improved check output when version information is missing The version information of a db2 instance is taken from on of its snapshots. If the instance had no snapshots, the check raised an exception. --- .werks/2265 | 11 +++++++++++ ChangeLog | 1 + checks/db2_version | 11 ++++++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.werks/2265 b/.werks/2265 new file mode 100644 index 0000000..68a667b --- /dev/null +++ b/.werks/2265 @@ -0,0 +1,11 @@ +Title: db2_version: improved check output when version information is missing +Level: 1 +Component: checks +Compatible: compat +Version: 1.2.7i1 +Date: 1431074580 +Class: fix + +The version information of a db2 instance is taken from on of its snapshots. +If the instance had no snapshots, the check raised an exception. + diff --git a/ChangeLog b/ChangeLog index 2bc3f5b..cd75f38 100644 --- a/ChangeLog +++ b/ChangeLog @@ -356,6 +356,7 @@ * 2077 FIX: Windows MSI Installer: fixed automatical install of agent plugins... * 1244 FIX: windows_tasks: Fixed handling of tasks manually stopped by admin... * 1245 FIX: printer_output: Now correctly detect a bin with unknown as name + * 2265 FIX: db2_version: improved check output when version information is missing... Multisite: * 1758 Improved exception hander: Shows details without additional debug request, added mailto link for error report... diff --git a/checks/db2_version b/checks/db2_version index b610a74..6e7fa33 100644 --- a/checks/db2_version +++ b/checks/db2_version @@ -33,9 +33,14 @@ def inventory_db2_version(info): def check_db2_version(item, no_params, info): for line in info: - instance, version = line[0].split(" ", 1) - if item == instance: - return 0, version + tokens = line[0].split(" ", 1) + if len(tokens) < 2: + if item == tokens[0]: + return 3, "No version information found" + else: + instance, version = tokens + if item == instance: + return 0, version check_info['db2_version'] = { "service_description" : "DB2 Version %s",

9 years, 1 month

Check_MK Git: check_mk: reworked styling of icon and snmp trap upload dialogs

by Lars Michelsen

Module: check_mk Branch: master Commit: 941d90c9bb5a6b72cfc78a57a59414537ea24a25 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=941d90c9bb5a6b… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri May 8 10:36:02 2015 +0200 reworked styling of icon and snmp trap upload dialogs --- mkeventd/web/plugins/wato/mkeventd.py | 6 ++++++ web/htdocs/wato.py | 20 +++++++++++--------- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/mkeventd/web/plugins/wato/mkeventd.py b/mkeventd/web/plugins/wato/mkeventd.py index 2c752a7..d013c21 100644 --- a/mkeventd/web/plugins/wato/mkeventd.py +++ b/mkeventd/web/plugins/wato/mkeventd.py @@ -1853,8 +1853,14 @@ def mode_mkeventd_mibs(phase): html.write("<h3>" + _("Upload MIB file") + "</h3>") html.write(_("Allowed are single MIB files - usually with the extension <tt>.mib</tt> or <tt>.txt</tt>. ")) + html.begin_form("upload_form", method = "POST") + forms.header(_("Upload MIB file")) + + forms.section(_("Select file")) html.upload_file("_upload_mib") + forms.end() + html.button("upload_button", _("Upload MIB(s)"), "submit") html.hidden_fields() html.end_form() diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index e77c26a..d666cfc 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -17597,8 +17597,8 @@ def upload_icon(icon_info): # Add the icon category to the PNG comment from PIL import Image, PngImagePlugin from StringIO import StringIO - im = Image.open(StringIO(icon_info[0][2])) - im.info['Comment'] = icon_info[1] + im = Image.open(StringIO(icon_info['icon'][2])) + im.info['Comment'] = icon_info['category'] meta = PngImagePlugin.PngInfo() for k,v in im.info.iteritems(): if k not in ('interlace', 'gamma', 'dpi', 'transparency', 'aspect'): @@ -17607,7 +17607,7 @@ def upload_icon(icon_info): # and finally save the image dest_dir = "%s/local/share/check_mk/web/htdocs/images/icons" % defaults.omd_root make_nagios_directories(dest_dir) - im.save(dest_dir+'/'+icon_info[0][0], 'PNG', pnginfo=meta) + im.save(dest_dir+'/'+icon_info['icon'][0], 'PNG', pnginfo=meta) def load_custom_icons(): @@ -17627,19 +17627,21 @@ def mode_icons(phase): home_button() return - vs_upload = Tuple( + vs_upload = Dictionary( title = _('Icon'), + optional_keys = False, + render = "form", elements = [ - FileUpload( + ('icon', FileUpload( title = _('Icon'), allow_empty = False, validate = validate_icon, - ), - DropdownChoice( + )), + ('category', DropdownChoice( title = _('Category'), choices = IconSelector._categories, no_preselect = True, - ) + )) ] ) @@ -17668,7 +17670,7 @@ def mode_icons(phase): html.message(_("Sorry, you can mange your icons only within OMD environments.")) return - html.write(_("Allowed are single PNG image files with a maximum size of 80x80 px.")) + html.write(""+_("Allowed are single PNG image files with a maximum size of 80x80 px.")+"") html.begin_form('upload_form', method='POST') vs_upload.render_input('_upload_icon', None)

9 years, 1 month

Check_MK Git: check_mk: Makefile: Not longer exclude c sourcecodes of agents

by Bastian Kuhn

Module: check_mk Branch: master Commit: 95b77688531d7436d934d8b0db9c2628c82b718d URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=95b77688531d74… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Fri May 8 10:28:07 2015 +0200 Makefile: Not longer exclude c sourcecodes of agents --- Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Makefile b/Makefile index aa50058..8b767a7 100644 --- a/Makefile +++ b/Makefile @@ -109,8 +109,6 @@ dist: mk-livestatus mk-eventd --exclude "endless.bat" \ --exclude "logstate.txt" \ --exclude "*.unversioned.exe" \ - --exclude "*.cc" \ - --exclude "*.c" \ --exclude "*.res" \ --exclude "*~" \ --exclude "Makefile" \

9 years, 1 month

Check_MK Git: check_mk: Updated werk

by Lars Michelsen

Module: check_mk Branch: master Commit: eb391868f483f1b85777026cdf5ca1acede47e73 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=eb391868f483f1… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri May 8 10:14:25 2015 +0200 Updated werk --- .werks/2252 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.werks/2252 b/.werks/2252 index be40dc8..6f451e8 100644 --- a/.werks/2252 +++ b/.werks/2252 @@ -22,6 +22,8 @@ If you have the situation where the agent is executed in another user con than the configuration file <tt>logwatch.cfg</tt> can be written, you should update to the fixed <tt>mk_logwatch</tt> plugin. +Thanks to Adam Lis for finding and reporting this issue! + Short Q/As: What does the attacker need?

9 years, 1 month

Check_MK Git: check_mk: #2252 SEC mk_logwatch: Fixed mostly uncritical command injection from config

by Lars Michelsen

Module: check_mk Branch: master Commit: 6336893400206a6a36e15ced52aff8043cf6488c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6336893400206a… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri May 8 10:12:25 2015 +0200 #2252 SEC mk_logwatch: Fixed mostly uncritical command injection from config This change fixes a security related issue n the <tt>mk_logwatch</tt> linux agent plugin. It was possible to inject commands to the agent plugin when having write access to the logwatch.cfg configuration file. This might result in privilege escalation issues in very rare conditions. >From our point of view this is a low impact issue for nearly all installations out there. Most installations run the agent as root but also have the <tt>logwatch.cfg</tt> only being writable by root. So if a user has write access to this file the user don't need to do privilege escalation anymore since he is already root. If you have the situation where the agent is executed in another user context than the configuration file <tt>logwatch.cfg</tt> can be written, you should update to the fixed <tt>mk_logwatch</tt> plugin. Short Q/As: What does the attacker need? He needs to have write access to the <tt>/etc/check_mk/logwatch.cfg</tt>, which is normally only writable by root. What does the attacker get? He can execute commands in context of the Check_MK-Agent (often root). Do I need to update asap? Only if non-root users can edit the <tt>logwatch.cfg</tt>. I want to update, where can I get the fixed version? If we did not release an updated version yet, you can get it from the git: http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob_plain;f=agents/plu… --- .werks/2252 | 44 ++++++++++++++++++++++++++++++++++++++++++++ ChangeLog | 1 + agents/plugins/mk_logwatch | 11 +++++------ 3 files changed, 50 insertions(+), 6 deletions(-) diff --git a/.werks/2252 b/.werks/2252 new file mode 100644 index 0000000..be40dc8 --- /dev/null +++ b/.werks/2252 @@ -0,0 +1,44 @@ +Title: mk_logwatch: Fixed mostly uncritical command injection from config +Level: 1 +Component: checks +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i1 +Date: 1431071697 + +This change fixes a security related issue n the <tt>mk_logwatch</tt> linux agent +plugin. It was possible to inject commands to the agent plugin when having write access +to the logwatch.cfg configuration file. This might result in privilege +escalation issues in very rare conditions. + +From our point of view this is a low impact issue for nearly all installations +out there. Most installations run the agent as root but also have the +<tt>logwatch.cfg</tt> only being writable by root. So if a user has write +access to this file the user don't need to do privilege escalation anymore +since he is already root. + +If you have the situation where the agent is executed in another user context +than the configuration file <tt>logwatch.cfg</tt> can be written, you should update +to the fixed <tt>mk_logwatch</tt> plugin. + +Short Q/As: + +What does the attacker need? + +He needs to have write access to the <tt>/etc/check_mk/logwatch.cfg</tt>, which is +normally only writable by root. + +What does the attacker get? + +He can execute commands in context of the Check_MK-Agent (often root). + +Do I need to update asap? + +Only if non-root users can edit the <tt>logwatch.cfg</tt>. + +I want to update, where can I get the fixed version? + +If we did not release an updated version yet, you can get it from the git: + +http://git.mathias-kettner.de/git/?p=check_mk.git;a=blob_plain;f=agents/plugins/mk_logwatch;hb=refs/heads/1.2.6 diff --git a/ChangeLog b/ChangeLog index b4bfa8c..2bc3f5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -173,6 +173,7 @@ * 2245 AIX-Agent: Added support for the uptime check * 2076 fortigate_cpu_base, fortigate_sessions_base: supports wider range of models... * 2227 isc_dhcpd: New agent plugin and check for checking IP address pools of ISC DHCP-Daemon + * 2252 SEC: mk_logwatch: Fixed mostly uncritical command injection from config... * 1457 FIX: logins: new check renamed from "users" check... NOTE: Please refer to the migration notes! * 1762 FIX: lnx_thermal: Now ignoring trip points with level 0... diff --git a/agents/plugins/mk_logwatch b/agents/plugins/mk_logwatch index 921da63..afb334b 100755 --- a/agents/plugins/mk_logwatch +++ b/agents/plugins/mk_logwatch @@ -26,8 +26,7 @@ # Call with -d for debug mode: colored output, no saving of status -import sys, os, re, time -import glob +import sys, os, re, time, glob if '-d' in sys.argv[1:] or '--debug' in sys.argv[1:]: tty_red = '\033[1;31m' @@ -376,14 +375,14 @@ for filenames, patterns in config: sys.exit(1) - for glob in filenames: - if '=' in glob: + for glob_pattern in filenames: + if '=' in glob_pattern: continue - logfiles = [ l.strip() for l in os.popen("ls %s 2>/dev/null" % glob).readlines() ] + logfiles = glob.glob(glob_pattern) if opt_regex: logfiles = [ f for f in logfiles if opt_regex.search(f) ] if len(logfiles) == 0: - print '[[[%s:missing]]]' % glob + print '[[[%s:missing]]]' % glob_pattern else: for logfile in logfiles: process_logfile(logfile, patterns)

9 years, 1 month

← Newer
1
...
13
14
15
16
17
18
19
20
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits May 2015