Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 4e30ab9951726c70c574ed19445029a66c876e38
https://github.com/tribe29/checkmk/commit/4e30ab9951726c70c574ed19445029a66…
Author: Christoph Rauch <christoph.rauch(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12343
M cmk/gui/watolib/hosts_and_folders.py
M cmk/update_config.py
Log Message:
-----------
12343 FIX fix missing __id in folders after upgrade from 1.6.0
When upgrading from 1.6.0 to 2.0.0 until 2.0.0p3, only the
root-folder got assigned a __id key which is required for the
folder endpoints of the REST API. Access to other folders with
the REST API would result in a HTTP 500 error with an error message.
During the upgrade to 2.0.0p4, these folders will be fixed.
No further action (apart from upgrading) is necessary.
Change-Id: Icd7ed54a2cfbba7131ba300d8c2002b2a0286401
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: ffedac3e1926c192dfdcbb3141b1d9c3b9d5b600
https://github.com/tribe29/checkmk/commit/ffedac3e1926c192dfdcbb3141b1d9c3b…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
M livestatus/src/TableEventConsole.cc
M livestatus/src/TableLog.cc
M livestatus/src/TableStateHistory.cc
Log Message:
-----------
Pushed auth_user == nullptr checks to a better place, part 1.
Change-Id: Ib15de2bffeb26748139b640f4d2292305818e059
Commit: b02f715b0aefcee4a59074697a64db7582e13937
https://github.com/tribe29/checkmk/commit/b02f715b0aefcee4a59074697a64db758…
Author: Sven Panne <sven.panne(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
M livestatus/src/LogEntry.h
M livestatus/src/TableLog.cc
M livestatus/src/TableStateHistory.cc
Log Message:
-----------
Removed unused enum value.
Change-Id: Ie98ad2dedcb0654698653e259ac31541239444a2
Commit: 82c197b61d57a30966bef0a6d703be71d39563d8
https://github.com/tribe29/checkmk/commit/82c197b61d57a30966bef0a6d703be71d…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12672
M agents/check_mk_agent.linux
Log Message:
-----------
12672 SEC real-time-checks: Provide default password
This Werk fixes a security issue that may arise from a misconfiguration
of real-time checks.
As mentioned in Werk #8350 (Introduction of real-time checks), a password
has to be provided when configuring real-time checks.
When using the agent bakery, the ruleset "Encryption" is used to
provide the encryption password, while the real-time checks itself are
activated for the agents via the ruleset "Send data for real-time checks".
If the real-time checks get activated without providing a password, this
will result in an empty password, that will nevertheless be used by the agent
to encrypt the real-time check data on the host.
While the user would most likely fix this situation, because real-time checks
won't work (A password is mandatory to activate real-time checks in CMC),
the real-time check data can be decrypted without a password/key in this case,
resulting in a security issue.
This is now fixed with the following mechanism:
- The agent bakery will read the default password from the global setting
"Monitoring core/Enable handling of real-time checks" and bake it into the
agents that have the rule "Send data for real-time checks" activated. Accordingly,
a changed global setting will lead to new agents on next bake.
- The agent bakery will keep to package the password from the "Encryption" rule,
and the Linux agent will prefer it over the default password from the CMC configuration.
- If none of the two passwords are configured, but the "Send data for real-time checks"
rule is active, the agent bakery will refuse to bake agents
- If the Linux agent is requested to send encrypted real-time check data, but no password
is deployed, no real-time check data will be sent. However, up from now, this may only happen
if real-time checks are configured without the agent bakery.
CMK-7590
Change-Id: Ib173708140127d0b64f22fc9dbcceeac5841592e
Commit: 5e6ae64499196714fe49c57d59116ec3eed7e845
https://github.com/tribe29/checkmk/commit/5e6ae64499196714fe49c57d59116ec3e…
Author: Martin <martin.hirschvogel(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
M cmk/utils/man_pages.py
Log Message:
-----------
Add OpenText Fuse Mgmt topic to manpages
Change-Id: Ibf535f31e7d0c06fec827ed305cc95ba64242e2e
Compare: https://github.com/tribe29/checkmk/compare/e6c1bbc84550...5e6ae6449919
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: 07ac6998ea501a47563b1954252d251373120a61
https://github.com/tribe29/checkmk/commit/07ac6998ea501a47563b1954252d25137…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12751
M cmk/gui/plugins/views/icons/mkeventd.py
A tests/unit/cmk/gui/plugins/views/icons/test_icon_mkeventd.py
Log Message:
-----------
12751 FIX mkevents: Fix link to events of host
FEED-6006
Change-Id: I85cf5bd04731f7658d4aff153b5f56ffb66fb069
Commit: 3a5bd1efc6943880c927a82d45005dc49be74ba2
https://github.com/tribe29/checkmk/commit/3a5bd1efc6943880c927a82d45005dc49…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12672
M agents/check_mk_agent.linux
Log Message:
-----------
12672 SEC real-time-checks: Provide default password
This Werk fixes a security issue that may arise from a misconfiguration
of real-time checks.
As mentioned in Werk #8350 (Introduction of real-time checks), a password
has to be provided when configuring real-time checks.
When using the agent bakery, the ruleset "Encryption" is used to
provide the encryption password, while the real-time checks itself are
activated for the agents via the ruleset "Send data for real-time checks".
If the real-time checks get activated without providing a password, this
will result in an empty password, that will nevertheless be used by the agent
to encrypt the real-time check data on the host.
While the user would most likely fix this situation, because real-time checks
won't work (A password is mandatory to activate real-time checks in CMC),
the real-time check data can be decrypted without a password/key in this case,
resulting in a security issue.
This is now fixed with the following mechanism:
- The agent bakery will read the default password from the global setting
"Monitoring core/Enable handling of real-time checks" and bake it into the
agents that have the rule "Send data for real-time checks" activated. Accordingly,
a changed global setting will lead to new agents on next bake.
- The agent bakery will keep to package the password from the "Encryption" rule,
and the Linux agent will prefer it over the default password from the CMC configuration.
- If none of the two passwords are configured, but the "Send data for real-time checks"
rule is active, the agent bakery will refuse to bake agents
- If the Linux agent is requested to send encrypted real-time check data, but no password
is deployed, no real-time check data will be sent. However, up from now, this may only happen
if real-time checks are configured without the agent bakery.
CMK-7590
Change-Id: I977f4acede5bacaad376cad08bc485e1a58981db
Compare: https://github.com/tribe29/checkmk/compare/f25f9fdaa92f...3a5bd1efc694
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: f585adb6d9b69658c2ca5ac5e8a75ca3f358cdb0
https://github.com/tribe29/checkmk/commit/f585adb6d9b69658c2ca5ac5e8a75ca3f…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12510
M checks/jolokia_jvm_runtime
M tests/unit/checks/generictests/datasets/jolokia_jvm_runtime.py
Log Message:
-----------
12510 FIX jolokia_jvm_runtime: Uptime was off by a factor of 1000
Change-Id: I64365a572848d552dd722f3a4ee5089b2dc94a2f
Commit: e6c1bbc845501e1bcde7f0592662423c895ce079
https://github.com/tribe29/checkmk/commit/e6c1bbc845501e1bcde7f0592662423c8…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12826
M cmk/gui/htmllib.py
Log Message:
-----------
12826 SEC Fix reflected XSS using the on page search
The on page search could be used to trigger a reflected XSS attack. It was
possible to execute arbitrary javascript code in the context of the user
clicking on the reset button of the on page search.
Change-Id: Idf7bf390a65b9aec87980f66300433a37f0475a8
Compare: https://github.com/tribe29/checkmk/compare/00280b0b778f...e6c1bbc84550
Branch: refs/heads/2.0.0
Home: https://github.com/tribe29/checkmk
Commit: def050e3454496bb52bf1d493bf432f4178bdbe8
https://github.com/tribe29/checkmk/commit/def050e3454496bb52bf1d493bf432f41…
Author: Moritz Kiemer <moritz.kiemer(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12510
M checks/jolokia_jvm_runtime
M tests/unit/checks/generictests/datasets/jolokia_jvm_runtime.py
Log Message:
-----------
12510 FIX jolokia_jvm_runtime: Uptime was off by a factor of 1000
Change-Id: I64365a572848d552dd722f3a4ee5089b2dc94a2f
Commit: f25f9fdaa92f396d73abd8c812d6dd6a7ef75c1f
https://github.com/tribe29/checkmk/commit/f25f9fdaa92f396d73abd8c812d6dd6a7…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
A .werks/12826
M cmk/gui/htmllib.py
Log Message:
-----------
12826 SEC Fix reflected XSS using the on page search
The on page search could be used to trigger a reflected XSS attack. It was
possible to execute arbitrary javascript code in the context of the user
clicking on the reset button of the on page search.
Change-Id: Idf7bf390a65b9aec87980f66300433a37f0475a8
Compare: https://github.com/tribe29/checkmk/compare/9dfc0588278f...f25f9fdaa92f
Branch: refs/heads/master
Home: https://github.com/tribe29/checkmk
Commit: 00280b0b778f8f28b1d1a12aeb3e0daf2e71af1d
https://github.com/tribe29/checkmk/commit/00280b0b778f8f28b1d1a12aeb3e0daf2…
Author: Sofia Colakovic <sofia.colakovic(a)tribe29.com>
Date: 2021-04-28 (Wed, 28 Apr 2021)
Changed paths:
M agents/check_mk_agent.openbsd
Log Message:
-----------
remove mem section from openbsd agent
With the werk 12713 ps check no longer needs a mem section.
mem section is removed because it was the exact copy of
openbsd_mem section.
Change-Id: I4c29dffe96c6985178fa4dfa72383b3b115cc897