Checkmk git commits September 2022

checkmk-commits@lists.checkmk.com

1 participants
607 discussions

[tribe29/checkmk] 0a137a: 14734 FIX Remove preliminary agent pairing ruleset

by Andreas Umbreit

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: 0a137a125064859fd9619f80bd2511bee1e9f152 https://github.com/tribe29/checkmk/commit/0a137a125064859fd9619f80bd2511bee… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14734 Log Message: ----------- 14734 FIX Remove preliminary agent pairing ruleset This was not ready for production. Change-Id: I6f976f8b16aa58b7d90595af87e50fa9708d99dd

1 year, 10 months

[tribe29/checkmk] 2a3844: 14385 SEC Fix limited SSRF in agent-receiver API

by Hannes Rantzsch

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 2a384409a17c33422964f9d61327aaf49da069e7 https://github.com/tribe29/checkmk/commit/2a384409a17c33422964f9d61327aaf49… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14385 M agent-receiver/agent_receiver/checkmk_rest_api.py M agent-receiver/agent_receiver/models.py M tests/unit/agent_receiver/test_endpoints.py Log Message: ----------- 14385 SEC Fix limited SSRF in agent-receiver API Prior to this Werk attackers could use the host registration API for Server Side Request Forgery. An attacker would have been able to make the Checkmk server issue local requests to endpoints that should only be accessible from localhost. In order to exploit this vulnerability attackers would have needed the privileges to register hosts. This vulnerability was caused by insufficient sanitization of the hostname of the host to be registered. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: 2.1 Mitigations: The affected API can be disabled using omd stop agent-receiver. Note however, that this makes it impossible to register new hosts. Vulnerability Management: We have rated the issue with a CVSS Score of 5.0 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N. A CVE has been requested. Changes: This Werk adds validation for the hostname and ensures hostnames are escaped in requests to the REST API. CMK-11202 Change-Id: I230f72edf67eb0eb3451984a3415daa888af1f60

1 year, 10 months

[tribe29/checkmk] 4a399f: 14385 SEC Fix limited SSRF in agent-receiver API

by Hannes Rantzsch

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: 4a399f6ba043c93cfbde7e2dcfa71964dee89450 https://github.com/tribe29/checkmk/commit/4a399f6ba043c93cfbde7e2dcfa71964d… Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14385 M agent-receiver/agent_receiver/checkmk_rest_api.py M agent-receiver/agent_receiver/models.py M tests/unit/agent_receiver/test_endpoints.py Log Message: ----------- 14385 SEC Fix limited SSRF in agent-receiver API Prior to this Werk attackers could use the host registration API for Server Side Request Forgery. An attacker would have been able to make the Checkmk server issue local requests to endpoints that should only be accessible from localhost. In order to exploit this vulnerability attackers would have needed the privileges to register hosts. This vulnerability was caused by insufficient sanitization of the hostname of the host to be registered. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: 2.1 Mitigations: The affected API can be disabled using omd stop agent-receiver. Note however, that this makes it impossible to register new hosts. Vulnerability Management: We have rated the issue with a CVSS Score of 5.0 (Medium) with the following CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N. A CVE has been requested. Changes: This Werk adds validation for the hostname and ensures hostnames are escaped in requests to the REST API. CMK-11202 Change-Id: I230f72edf67eb0eb3451984a3415daa888af1f60

1 year, 10 months

[tribe29/checkmk] f33756: Enforce keyword arguments to create rulesets

by Max Linke

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: f33756dfc99b791a92100f6060ef06667aca1e90 https://github.com/tribe29/checkmk/commit/f33756dfc99b791a92100f6060ef06667… Author: Max Linke <max.linke(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M cmk/gui/watolib/rulespecs.py Log Message: ----------- Enforce keyword arguments to create rulesets Change-Id: I84e30b4eb0b05d7c445ab4856f244e80bb87e36f Commit: 1059bd0658cf6d235cd4279842d159c007ced122 https://github.com/tribe29/checkmk/commit/1059bd0658cf6d235cd4279842d159c00… Author: Max Linke <max.linke(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14677 M cmk/gui/watolib/rulespecs.py Log Message: ----------- 14677 FIX refactor CheckParameterRulespecWithItem remove item_name and item_help keywords for CheckParameterRulespecWithItem. Change-Id: I941b986cf5aafc96a88edd0b02236a605afd3f0f Compare: https://github.com/tribe29/checkmk/compare/a5736e168e56...1059bd0658cf

1 year, 10 months

[tribe29/checkmk] 3aa193: mk_mongodb.py: convert doctests to unit tests

by Lisa Pichler

Branch: refs/heads/2.0.0 Home: https://github.com/tribe29/checkmk Commit: 3aa193dca9c3f7b75ba1b69a5f2eea2318adfda6 https://github.com/tribe29/checkmk/commit/3aa193dca9c3f7b75ba1b69a5f2eea231… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M agents/plugins/mk_mongodb.py M tests/agent-plugin-unit/test_mk_mongodb.py Log Message: ----------- mk_mongodb.py: convert doctests to unit tests doctests are not run for agent plugins and provide a false sense of security. SUP-11410 Change-Id: I82991eedf5e839e52a3f19b53b87e7e71bc5315c Commit: c9922991b1455fca7b6ba9e479ec65ae8001ebdf https://github.com/tribe29/checkmk/commit/c9922991b1455fca7b6ba9e479ec65ae8… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14765 M agents/plugins/mk_mongodb.py M tests/agent-plugin-unit/test_mk_mongodb.py Log Message: ----------- 14765 FIX mk_mongodb.py: primary host is listed under active secondaries SUP-11410 Change-Id: Id898f7e2af5c746410b0cdfc1df8c367890ce994 Commit: ec7d748da7547f13fcb27ec7eb299d8f87936bdb https://github.com/tribe29/checkmk/commit/ec7d748da7547f13fcb27ec7eb299d8f8… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M agents/plugins/mk_mongodb.py Log Message: ----------- mk_mongodb.py: add useful comment SUP-11405 Change-Id: I1e3ed0c8e04cddf7e91f14e47aa2ae6f10bf0194 Commit: 276e6b8c4c9ebe46a4a204793920545c1e9848d3 https://github.com/tribe29/checkmk/commit/276e6b8c4c9ebe46a4a204793920545c1… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14766 M agents/plugins/mk_mongodb.py Log Message: ----------- 14766 FIX mk_mongodb.py: mongodb_instace section shows information from a different host SUP-11405 Change-Id: I4b01ab10cc5268eb440dd3b8c2d0055fff63cac2 Compare: https://github.com/tribe29/checkmk/compare/c8322e80a9d2...276e6b8c4c9e

1 year, 10 months

[tribe29/checkmk] 390d0e: mk_mongodb.py: convert doctests to unit tests

by Lisa Pichler

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 390d0e3461cd31ce5c9bf7ee768dce49a8598c4f https://github.com/tribe29/checkmk/commit/390d0e3461cd31ce5c9bf7ee768dce49a… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M agents/plugins/mk_mongodb.py M tests/agent-plugin-unit/test_mk_mongodb.py Log Message: ----------- mk_mongodb.py: convert doctests to unit tests doctests are not run for agent plugins and provide a false sense of security. SUP-11410 Change-Id: I82991eedf5e839e52a3f19b53b87e7e71bc5315c Commit: 752e25292556d40622eee5bf22f083df3cc8bae4 https://github.com/tribe29/checkmk/commit/752e25292556d40622eee5bf22f083df3… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14765 M agents/plugins/mk_mongodb.py M tests/agent-plugin-unit/test_mk_mongodb.py Log Message: ----------- 14765 FIX mk_mongodb.py: primary host is listed under active secondaries SUP-11410 Change-Id: Id898f7e2af5c746410b0cdfc1df8c367890ce994 Commit: a0fcce2a91500ae0d33495b6de40881438d20fa8 https://github.com/tribe29/checkmk/commit/a0fcce2a91500ae0d33495b6de4088143… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M agents/plugins/mk_mongodb.py M tests/agent-plugin-unit/test_mk_mongodb.py Log Message: ----------- mk_mongodb.py: configure connection in one place SUP-11405 Change-Id: I1e3ed0c8e04cddf7e91f14e47aa2ae6f10bf0194 Commit: a5736e168e56685780caa48f31c0c7d2d0b25f6f https://github.com/tribe29/checkmk/commit/a5736e168e56685780caa48f31c0c7d2d… Author: Lisa Pichler <lisa.pichler(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14766 M agents/plugins/mk_mongodb.py M tests/agent-plugin-unit/test_mk_mongodb.py Log Message: ----------- 14766 FIX mk_mongodb.py: mongodb_instace section shows information from a different host SUP-11405 Change-Id: I4b01ab10cc5268eb440dd3b8c2d0055fff63cac2 Compare: https://github.com/tribe29/checkmk/compare/522e954ab01a...a5736e168e56

1 year, 10 months

[tribe29/checkmk] dff6f0: 14741 FIX Use internal folder ID in audit log on m...

by rb

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: dff6f065771ec3c1c2d8c20a08449f7d252e1e4a https://github.com/tribe29/checkmk/commit/dff6f065771ec3c1c2d8c20a08449f7d2… Author: Ronny Bruska <ronny.bruska(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: A .werks/14741 M cmk/gui/watolib/hosts_and_folders.py Log Message: ----------- 14741 FIX Use internal folder ID in audit log on moving hosts SUP-10967 Change-Id: I4ab17f72eefa04cfc79836aea9b6d21227e50738

1 year, 10 months

[tribe29/checkmk] 67516a: Move update_config.py to dedicated folder

by Jörg Herbel

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 67516a220a9b3714e65514a03c6d5f1b4957bc1f https://github.com/tribe29/checkmk/commit/67516a220a9b3714e65514a03c6d5f1b4… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M bin/cmk-update-config M cmk/.f12 R cmk/update_config.py A cmk/update_config/__init__.py A cmk/update_config/legacy.py M omd/packages/check_mk/check_mk.make M tests/Makefile R tests/unit/cmk/test_update_config.py A tests/unit/cmk/update_config/test_legacy.py Log Message: ----------- Move update_config.py to dedicated folder This is the first step towards splitting this file into plugins. CMK-10789 Change-Id: I7c7d345117f86d90614d00e97e5377b24de6a6b7 Commit: 522e954ab01af61f30eb6771e86cc2de8ad6d55c https://github.com/tribe29/checkmk/commit/522e954ab01af61f30eb6771e86cc2de8… Author: Joerg Herbel <joerg.herbel(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M bin/cmk-update-config M cmk/.f12 A cmk/update_config/main.py A cmk/update_config/plugins/__init__.py A cmk/update_config/plugins/actions/__init__.py A cmk/update_config/registry.py M omd/packages/check_mk/check_mk.make M scripts/find-python-files A tests/unit/cmk/post_rename_site/__init__.py A tests/unit/cmk/update_config/__init__.py A tests/unit/cmk/update_config/test_main.py Log Message: ----------- Plugin architecture for update_config CMK-10789 Change-Id: I782042f8bf7002aede3b07388c29f04236147251 Compare: https://github.com/tribe29/checkmk/compare/de59ff7aade3...522e954ab01a

1 year, 10 months

[tribe29/checkmk] f18ecb: Fix upload to archive for rc tagged versions

by Timotheus Bachinger

Branch: refs/heads/2.1.0 Home: https://github.com/tribe29/checkmk Commit: f18ecbaaba73b5a513d4c235dd1849e6f593fd80 https://github.com/tribe29/checkmk/commit/f18ecbaaba73b5a513d4c235dd1849e6f… Author: Timotheus Bachinger <timotheus.bachinger(a)tribe29.com> Date: 2022-09-01 (Thu, 01 Sep 2022) Changed paths: M buildscripts/scripts/build-cmk-container.jenkins Log Message: ----------- Fix upload to archive for rc tagged versions #rc-tagging Change-Id: I0db00c027bbc0ff877c15a79888681d68eca1c03

1 year, 10 months

[tribe29/checkmk]

by Timotheus Bachinger

Branch: refs/tags/v9.9.9p9-rc9 Home: https://github.com/tribe29/checkmk

1 year, 10 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits September 2022