Checkmk git commits April 2021

checkmk-commits@lists.checkmk.com

1 participants
553 discussions

[tribe29/checkmk] 7ddc04: 12672 SEC real-time-checks: Provide default password

by Andreas Umbreit

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 7ddc0455f8d950a2c1da89d1c8f92ffc3850c372 https://github.com/tribe29/checkmk/commit/7ddc0455f8d950a2c1da89d1c8f92ffc3… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: A .werks/12672 M agents/check_mk_agent.linux Log Message: ----------- 12672 SEC real-time-checks: Provide default password This Werk fixes a security issue that may arise from a misconfiguration of real-time checks. As mentioned in Werk #8350 (Introduction of real-time checks), a password has to be provided when configuring real-time checks. When using the agent bakery, the ruleset "Encryption" is used to provide the encryption password, while the real-time checks itself are activated for the agents via the ruleset "Send data for real-time checks". If the real-time checks get activated without providing a password, this will result in an empty password, that will nevertheless be used by the agent to encrypt the real-time check data on the host. While the user would most likely fix this situation, because real-time checks won't work (A password is mandatory to activate real-time checks in CMC), the real-time check data can be decrypted without a password/key in this case, resulting in a security issue. This is now fixed with the following mechanism: - The agent bakery will read the default password from the global setting "Monitoring core/Enable handling of real-time checks" and bake it into the agents that have the rule "Send data for real-time checks" activated. Accordingly, a changed global setting will lead to new agents on next bake. - The agent bakery will keep to package the password from the "Encryption" rule, and the Linux agent will prefer it over the default password from the CMC configuration. - If none of the two passwords are configured, but the "Send data for real-time checks" rule is active, the agent bakery will refuse to bake agents - If the Linux agent is requested to send encrypted real-time check data, but no password is deployed, no real-time check data will be sent. However, up from now, this may only happen if real-time checks are configured without the agent bakery. CMK-7590 Change-Id: I151af3f493a5194fd22aa9e779f47a945586db39

3 years, 4 months

[tribe29/checkmk] 40b747: 12672 SEC real-time-checks: Provide default password

by Andreas Umbreit

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 40b747074e20bf0d15e5e8b12d76f49c9db4bf48 https://github.com/tribe29/checkmk/commit/40b747074e20bf0d15e5e8b12d76f49c9… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: A .werks/12672 M agents/check_mk_agent.linux Log Message: ----------- 12672 SEC real-time-checks: Provide default password This Werk fixes a security issue that may arise from a misconfiguration of real-time checks. As mentioned in Werk #8350 (Introduction of real-time checks), a password has to be provided when configuring real-time checks. When using the agent bakery, the ruleset "Encryption" is used to provide the encryption password, while the real-time checks itself are activated for the agents via the ruleset "Send data for real-time checks". If the real-time checks get activated without providing a password, this will result in an empty password, that will nevertheless be used by the agent to encrypt the real-time check data on the host. While the user would most likely fix this situation, because real-time checks won't work (A password is mandatory to activate real-time checks in CMC), the real-time check data can be decrypted without a password/key in this case, resulting in a security issue. This is now fixed with the following mechanism: - The agent bakery will read the default password from the global setting "Monitoring core/Enable handling of real-time checks" and bake it into the agents that have the rule "Send data for real-time checks" activated. Accordingly, a changed global setting will lead to new agents on next bake. - The agent bakery will keep to package the password from the "Encryption" rule, and the Linux agent will prefer it over the default password from the CMC configuration. - If none of the two passwords are configured, but the "Send data for real-time checks" rule is active, the agent bakery will refuse to bake agents - If the Linux agent is requested to send encrypted real-time check data, but no password is deployed, no real-time check data will be sent. However, up from now, this may only happen if real-time checks are configured without the agent bakery. CMK-7590 Change-Id: I151af3f493a5194fd22aa9e779f47a945586db39

3 years, 4 months

[tribe29/checkmk] 8339e0: small refactoring to prepare for deduplication

by Moritz

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 8339e08262856ff6556b882c9b8fd0dadd3568dd https://github.com/tribe29/checkmk/commit/8339e08262856ff6556b882c9b8fd0dad… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: M cmk/base/agent_based/checking/__init__.py Log Message: ----------- small refactoring to prepare for deduplication Change-Id: I56f74ed4381132f2c0c348913aa48c912a7196a7 Commit: db2a712fe5b7bf6d234bd38cd8a55f405656db79 https://github.com/tribe29/checkmk/commit/db2a712fe5b7bf6d234bd38cd8a55f405… Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: M cmk/base/agent_based/checking/__init__.py M cmk/core_helpers/host_sections.py Log Message: ----------- rtc: reuse checking code Change-Id: I23f6f69dc3f35bb551fe69fc00365d7d32115cfb Compare: https://github.com/tribe29/checkmk/compare/d844b2edb85f...db2a712fe5b7

3 years, 4 months

[tribe29/checkmk] d844b2: [Weblate] Updated translation files

by Lars

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: d844b2edb85f377ed74a2a97cd3f732d45bdd65b https://github.com/tribe29/checkmk/commit/d844b2edb85f377ed74a2a97cd3f732d4… Author: Weblate Transfer job <weblate(a)checkmk.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M locale/de/LC_MESSAGES/multisite.po Log Message: ----------- [Weblate] Updated translation files Translation: checkmk/software Translate-URL: https://translate.checkmk.com/projects/checkmk/software/

3 years, 4 months

[tribe29/checkmk] d8d0ee: 12675 FIX Error in systemd socket unit

by Andreas Umbreit

Branch: refs/heads/1.6.0 Home: https://github.com/tribe29/checkmk Commit: d8d0ee236762be7babf3fad16edb7a37626ec51a https://github.com/tribe29/checkmk/commit/d8d0ee236762be7babf3fad16edb7a376… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: A .werks/12675 Log Message: ----------- 12675 FIX Error in systemd socket unit This is a regression since 1.6.0p23 and Werk #12153. When installing the Checkmk agent package on Linux systems, an erroneous systemd socket unit will be installed on the target system. If the affected system is actually contacted via systemd, i.e., no xinetd is installed on the system, this will lead to an inaccessible host. In order to recover from this error on affected hosts, you have to either install the newly baked agent package on the hosts manually, or, if you are using automatic agent updates, run <tt>cmk-update-agent</tt> once manually on the hosts, as it won't get triggered via agent call. SUP-6193 Change-Id: I367260862edd1786e4637073149c185fa06f59a3

3 years, 4 months

[tribe29/checkmk] 2373ef: 12751 FIX mkevents: Fix link to events of host

by rb

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 2373ef90081d95d66be036e7feb8c0ce235d972b https://github.com/tribe29/checkmk/commit/2373ef90081d95d66be036e7feb8c0ce2… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: A .werks/12751 M cmk/gui/plugins/views/icons/mkeventd.py A tests/unit/cmk/gui/plugins/views/icons/test_icon_mkeventd.py Log Message: ----------- 12751 FIX mkevents: Fix link to events of host FEED-6006 Change-Id: I85cf5bd04731f7658d4aff153b5f56ffb66fb069

3 years, 4 months

[tribe29/checkmk] c61b28: Add tests to confirm XSS issue

by Lars

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: c61b2802efdc104219501fe2fc472bd42798219d https://github.com/tribe29/checkmk/commit/c61b2802efdc104219501fe2fc472bd42… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M tests/unit/cmk/gui/test_htmllib_html_cls.py Log Message: ----------- Add tests to confirm XSS issue Change-Id: I88f4fd54dcb525aca313303ec1f004f4f5822eef Commit: ab9e24c89f4ec553a423ff71aedde4a675cdd468 https://github.com/tribe29/checkmk/commit/ab9e24c89f4ec553a423ff71aedde4a67… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: A .werks/12564 M cmk/gui/htmllib.py M tests/unit/cmk/gui/test_htmllib_html_cls.py Log Message: ----------- 12564 SEC Fix possible stored XSS issue when uploading backup keys Uploading backup keys could trigger a XSS issue which could lead to execution of arbitrary javascript code in the context of the user currently accessing the setup GUI. CMK-7152 Change-Id: I384976cb2216a0a9da336b45b26e2e3da450d52c Compare: https://github.com/tribe29/checkmk/compare/6b60d12d81ff...ab9e24c89f4e

3 years, 4 months

[tribe29/checkmk] facc66: Add tests to confirm XSS issue

by Lars

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: facc664f423f1abd969dd65afc1a659872108509 https://github.com/tribe29/checkmk/commit/facc664f423f1abd969dd65afc1a65987… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M tests/unit/cmk/gui/test_htmllib_html_cls.py Log Message: ----------- Add tests to confirm XSS issue Change-Id: I88f4fd54dcb525aca313303ec1f004f4f5822eef Commit: 9f3bb5e9c3939624f3100df78d0f9e6c75cdc9b4 https://github.com/tribe29/checkmk/commit/9f3bb5e9c3939624f3100df78d0f9e6c7… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: A .werks/12564 M cmk/gui/htmllib.py M tests/unit/cmk/gui/test_htmllib_html_cls.py Log Message: ----------- 12564 SEC Fix possible stored XSS issue when uploading backup keys Uploading backup keys could trigger a XSS issue which could lead to execution of arbitrary javascript code in the context of the user currently accessing the setup GUI. CMK-7152 Change-Id: I384976cb2216a0a9da336b45b26e2e3da450d52c Compare: https://github.com/tribe29/checkmk/compare/39b876965bdd...9f3bb5e9c393

3 years, 4 months

[tribe29/checkmk] 5fe732: Unify AuthUser handling in grouped queries a bit.

by Sven Panne

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 5fe7329539ac18fbaefc939d45fa27695037696b https://github.com/tribe29/checkmk/commit/5fe7329539ac18fbaefc939d45fa27695… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M livestatus/src/TableHostsByGroup.cc M livestatus/src/TableServicesByGroup.cc Log Message: ----------- Unify AuthUser handling in grouped queries a bit. Change-Id: I11a6f66bedcec09ed4ac6830d4c4742fc6a10678 Commit: 6b60d12d81ffb3a8adbd542dee06371c5cc42020 https://github.com/tribe29/checkmk/commit/6b60d12d81ffb3a8adbd542dee06371c5… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M livestatus/src/TableHostsByGroup.cc M livestatus/src/TableServicesByGroup.cc Log Message: ----------- Removed superfluous conditions. Change-Id: I9f42a4ae8d6e4726c6c61516e09e751ea662ad90 Compare: https://github.com/tribe29/checkmk/compare/f32dd68b9ee0...6b60d12d81ff

3 years, 4 months

[tribe29/checkmk] 9afd03: Make naming more consistent, part 1.

by Sven Panne

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 9afd0302cc66278ad3c75f7a7d376437961a0c46 https://github.com/tribe29/checkmk/commit/9afd0302cc66278ad3c75f7a7d3764379… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M livestatus/src/TableServicesByGroup.cc Log Message: ----------- Make naming more consistent, part 1. Change-Id: I46c0bf701811a0d46afee31eb6611502ff8e3bec Commit: 04f62d8a987bcb3d58a03ed4de39e2afb62bdd30 https://github.com/tribe29/checkmk/commit/04f62d8a987bcb3d58a03ed4de39e2afb… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M livestatus/src/TableServicesByHostGroup.cc Log Message: ----------- Make naming more consistent, part 2. Change-Id: Ic7561dc97b0b7c83543ff85e9b20f9c5bd496eac Commit: f32dd68b9ee0263d686cf9d2ab1d68ed6da8959e https://github.com/tribe29/checkmk/commit/f32dd68b9ee0263d686cf9d2ab1d68ed6… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M livestatus/src/TableHostsByGroup.cc Log Message: ----------- Make naming more consistent, part 3. Change-Id: I08f5337106eabf7a5657aeed96cede8f3427501a Compare: https://github.com/tribe29/checkmk/compare/3b0ded84ebda...f32dd68b9ee0

3 years, 4 months

← Newer
1
...
8
9
10
11
12
13
14
...
56
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits April 2021