Checkmk git commits November 2021

checkmk-commits@lists.checkmk.com

1 participants
424 discussions

[tribe29/checkmk] c16fc5: 13314 SEC Distributed monitoring: Do not log site ...

by Lars

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: c16fc5d467329db2d73aeb8d9eb11d36eeaa6fc7 https://github.com/tribe29/checkmk/commit/c16fc5d467329db2d73aeb8d9eb11d36e… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-11-10 (Wed, 10 Nov 2021) Changed paths: A .werks/13314 M cmk/gui/watolib/automations.py M tests/unit/cmk/gui/watolib/test_config_sync.py Log Message: ----------- 13314 SEC Distributed monitoring: Do not log site secret on remote site This issue only affects you in case you are using a distributed monitoring setup and only affects the remote sites of a distributed setup. When the central site is communicating with a remote site, this access from the central site to a remote system is authenticated used the so called site secret. This secret is handed over to the remote site with each remote call and validated. Previous Checkmk versions were sending the site secret via GET parameters to the remote site. Which made the secret visible in the access log of the remote site apache (var/log/apache/access_log). As these log files are normally only readable by the site user and the site secret is also known by the site user, this alone is not a information disclosure. Of course it might happen that you forward a log, e.g. for error diagnosis, then this issue might be a real problem. Therefore, we recommend all users to update to the next version to eliminate the problem for the future. Afterwards we recommend to check the log files (var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove problematic log entries. If your logs could be viewed by non Checkmk admins, you should also change the site secret. If you change the site secret of a remote site, you will have to navigate to "Setup > Distributed monitoring", then "Logout" the remote site and "Login" the site again to make the central site know the new site secret. CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…) Change-Id: Ie4b0c7047b81ee3db35e10b44acf276a772896ae

2 years, 10 months

[tribe29/checkmk] 78da44: 13314 SEC Distributed monitoring: Do not log site ...

by Lars

Branch: refs/heads/1.6.0 Home: https://github.com/tribe29/checkmk Commit: 78da4483a35abe12b50cf2de1d1e3075cfe2b9b1 https://github.com/tribe29/checkmk/commit/78da4483a35abe12b50cf2de1d1e3075c… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-11-10 (Wed, 10 Nov 2021) Changed paths: A .werks/13314 M cmk/gui/watolib/automations.py Log Message: ----------- 13314 SEC Distributed monitoring: Do not log site secret on remote site This issue only affects you in case you are using a distributed monitoring setup and only affects the remote sites of a distributed setup. When the central site is communicating with a remote site, this access from the central site to a remote system is authenticated used the so called site secret. This secret is handed over to the remote site with each remote call and validated. Previous Checkmk versions were sending the site secret via GET parameters to the remote site. Which made the secret visible in the access log of the remote site apache (var/log/apache/access_log). As these log files are normally only readable by the site user and the site secret is also known by the site user, this alone is not a information disclosure. Of course it might happen that you forward a log, e.g. for error diagnosis, then this issue might be a real problem. Therefore, we recommend all users to update to the next version to eliminate the problem for the future. Afterwards we recommend to check the log files (var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove problematic log entries. If your logs could be viewed by non Checkmk admins, you should also change the site secret. If you change the site secret of a remote site, you will have to navigate to "Setup > Distributed monitoring", then "Logout" the remote site and "Login" the site again to make the central site know the new site secret. CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…) Change-Id: Ie4b0c7047b81ee3db35e10b44acf276a772896ae

2 years, 10 months

[tribe29/checkmk] 42756d: 13314 SEC Distributed monitoring: Do not log site ...

by Lars

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 42756d8471e766ac87206a975b2dcf650668891a https://github.com/tribe29/checkmk/commit/42756d8471e766ac87206a975b2dcf650… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-11-10 (Wed, 10 Nov 2021) Changed paths: A .werks/13314 M cmk/gui/watolib/automations.py M tests/unit/cmk/gui/watolib/test_config_sync.py Log Message: ----------- 13314 SEC Distributed monitoring: Do not log site secret on remote site This issue only affects you in case you are using a distributed monitoring setup and only affects the remote sites of a distributed setup. When the central site is communicating with a remote site, this access from the central site to a remote system is authenticated used the so called site secret. This secret is handed over to the remote site with each remote call and validated. Previous Checkmk versions were sending the site secret via GET parameters to the remote site. Which made the secret visible in the access log of the remote site apache (var/log/apache/access_log). As these log files are normally only readable by the site user and the site secret is also known by the site user, this alone is not a information disclosure. Of course it might happen that you forward a log, e.g. for error diagnosis, then this issue might be a real problem. Therefore, we recommend all users to update to the next version to eliminate the problem for the future. Afterwards we recommend to check the log files (var/log/apache/access_log and var/log/apache/access_log.*.gz) and to remove problematic log entries. If your logs could be viewed by non Checkmk admins, you should also change the site secret. If you change the site secret of a remote site, you will have to navigate to "Setup > Distributed monitoring", then "Logout" the remote site and "Login" the site again to make the central site know the new site secret. CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L (https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/…) Change-Id: Ie4b0c7047b81ee3db35e10b44acf276a772896ae

2 years, 10 months

[tribe29/checkmk] 966f70: 13472 FIX fjdarye500_disks_summary: "Transform fai...

by Moritz

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 966f7005d578d0efe5a75ac51d685bbf4fc838e5 https://github.com/tribe29/checkmk/commit/966f7005d578d0efe5a75ac51d685bbf4… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: A .werks/13472 M cmk/gui/plugins/wato/check_parameters/raid_summary.py Log Message: ----------- 13472 FIX fjdarye500_disks_summary: "Transform failed" during cmk-update-config For services of the plugin fjdarye500_disks_summary the tool cmk-update-config reported "Transform failed". This is fixed now. Change-Id: I06ed762c8d5148f461144a699a179d06d048fbd5

2 years, 10 months

[tribe29/checkmk] 213589: 13470 FIX "Item not found" for cached local checks...

by Moritz

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 213589785eeecab24df7d00bc5ea7ef148e33398 https://github.com/tribe29/checkmk/commit/213589785eeecab24df7d00bc5ea7ef14… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: A .werks/13470 M cmk/base/plugins/agent_based/local.py Log Message: ----------- 13470 FIX "Item not found" for cached local checks on clusters Change-Id: I22cc5fa87bc410d075fa9c033b22660527aa0a9f Commit: ec385b1b5260ab4a405510bf90d8a05074786bc2 https://github.com/tribe29/checkmk/commit/ec385b1b5260ab4a405510bf90d8a0507… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2021-11-10 (Wed, 10 Nov 2021) Changed paths: A .werks/13472 M cmk/gui/plugins/wato/check_parameters/raid_summary.py Log Message: ----------- 13472 FIX fjdarye500_disks_summary: "Transform failed" during cmk-update-config For services of the plugin fjdarye500_disks_summary the tool cmk-update-config reported "Transform failed". This is fixed now. Change-Id: I2c2b5e536726784edb6154efaa7c7355669d2c13 Compare: https://github.com/tribe29/checkmk/compare/0f6a8e3cea1c...ec385b1b5260

2 years, 10 months

[tribe29/checkmk] 0f6a8e: 13469 FIX cisco_ucs_hdd: hot spares are OK to be i...

by Moritz

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 0f6a8e3cea1c0951debd297f01b3ecc777a4bef8 https://github.com/tribe29/checkmk/commit/0f6a8e3cea1c0951debd297f01b3ecc77… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: A .werks/13469 M checks/cisco_ucs_hdd M cmk/base/check_legacy_includes/cisco_ucs.py Log Message: ----------- 13469 FIX cisco_ucs_hdd: hot spares are OK to be inoperable Change-Id: I575d06b65b7982a2559f08665d1142536ab649eb

2 years, 10 months

[tribe29/checkmk] 88626e: [Weblate] Updated translation files

by Lars

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 88626e34648cb0c1e3e63767ba7aa6285fcbfbfe https://github.com/tribe29/checkmk/commit/88626e34648cb0c1e3e63767ba7aa6285… Author: Weblate Transfer job <weblate(a)checkmk.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: M locale/de/LC_MESSAGES/multisite.po M locale/es/LC_MESSAGES/multisite.po M locale/fr/LC_MESSAGES/multisite.po M locale/it/LC_MESSAGES/multisite.po M locale/ja/LC_MESSAGES/multisite.po M locale/nl/LC_MESSAGES/multisite.po M locale/pt_PT/LC_MESSAGES/multisite.po M locale/ro/LC_MESSAGES/multisite.po Log Message: ----------- [Weblate] Updated translation files Translation: checkmk/software Translate-URL: https://translate.checkmk.com/projects/checkmk/software/

2 years, 10 months

[tribe29/checkmk] f618ac: Fix help

by Simon

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: f618acb0f68662a4c676c2151b27e094892f72bb https://github.com/tribe29/checkmk/commit/f618acb0f68662a4c676c2151b27e0948… Author: Simon Jess <simon.jess(a)tribe29.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: M tests/Makefile Log Message: ----------- Fix help Change-Id: If84af6ec43e1e49d6c0ec20384941ea2338a5d2d

2 years, 10 months

[tribe29/checkmk] d41b90: Fixed werk level.

by Sven Panne

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: d41b90f82733ebb4603993fb320e7e3854df1716 https://github.com/tribe29/checkmk/commit/d41b90f82733ebb4603993fb320e7e385… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: M .werks/13089 Log Message: ----------- Fixed werk level. Change-Id: I60f0e5b9eaedc961bc7002a09558e7aab71934ef

2 years, 10 months

[tribe29/checkmk] feb51f: Fixed werk level.

by Sven Panne

Branch: refs/heads/1.6.0 Home: https://github.com/tribe29/checkmk Commit: feb51fae6090e4915da96248570decdf64131e37 https://github.com/tribe29/checkmk/commit/feb51fae6090e4915da96248570decdf6… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-11-09 (Tue, 09 Nov 2021) Changed paths: M .werks/13089 Log Message: ----------- Fixed werk level. Change-Id: I559d0df2c9f9db32672c404b0e5b20e71c2d401d

2 years, 10 months

← Newer
1
...
29
30
31
32
33
34
35
...
43
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits November 2021