Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: acbcf379f446fa75bcf8d72f3aee9cc38ee4db6f
https://github.com/Checkmk/checkmk/commit/acbcf379f446fa75bcf8d72f3aee9cc38…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
R cmk/base/legacy_checks/check_ldap.py
A cmk/plugins/collection/server_side_calls/ldap.py
R tests/unit/checks/test_check_ldap.py
A tests/unit/cmk/plugins/collection/server_side_calls/test_ldap.py
Log Message:
-----------
ldap: migrate active check to SSC API
Change-Id: I538c98073aaaf50a8925bd5a8b183cc681b44ce0
(cherry picked from commit 632afa9be9c905bdddeaa16c1675baeb16c4a2f4)
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 799b798815639a45767869f875b7efa460186894
https://github.com/Checkmk/checkmk/commit/799b798815639a45767869f875b7efa46…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/16173
M agents/plugins/symantec_av
A tests/unit-shell/agents/plugins/test_symantec_av.sh
Log Message:
-----------
16173 SEC symantec_av: Don't run sav command if it isn't owned by root
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Change-Id: I677d94136bd21cd54461f6e125764754208d99af
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 42c0da99a43e0426485a54d0b75fa2f2d8e59524
https://github.com/Checkmk/checkmk/commit/42c0da99a43e0426485a54d0b75fa2f2d…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/plugins/collection/rulesets/cert.py
Log Message:
-----------
check_cert ruleset: allow hash algo for RSAPSS
Even though x509 uses only one OID for RSASSA-PSS, different hash
algorithms can be used for the signature and the chosen algorithm must
be specified. See also RFC 4055, esp Sec 6.
Change-Id: Ia68e3498000107fe4596f93cda8fd7837c784cbd
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 9baae60a822d26808d558eb1b5ebd46f7c6a2a98
https://github.com/Checkmk/checkmk/commit/9baae60a822d26808d558eb1b5ebd46f7…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/16173.md
M agents/plugins/symantec_av
A tests/unit-shell/agents/plugins/test_symantec_av.sh
Log Message:
-----------
16173 SEC symantec_av: Don't run sav command if it isn't owned by root
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Change-Id: I677d94136bd21cd54461f6e125764754208d99af
Commit: d1d270d6100c834f283ae744c66bfa10f1502120
https://github.com/Checkmk/checkmk/commit/d1d270d6100c834f283ae744c66bfa10f…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/base/automations/check_mk.py
M cmk/base/config.py
M cmk/base/core_nagios.py
M cmk/base/sources/_builder.py
M tests/unit/cmk/base/test_server_side_calls.py
Log Message:
-----------
server side calls: remove new ssc macros
For compatibility reasons, it's decided that we don't introduce new
macros for server-side call macros. We support the ones that were
supported in the previous versions.
Change-Id: I623225ed0f0b623528ccb3b482546f84362acd5d
(cherry picked from commit 567f90e8a4d8c24cb94aacfd1aeb12ce588890b9)
Compare: https://github.com/Checkmk/checkmk/compare/007ae571c77f...d1d270d6100c
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 43b88d8ebeece489ea96e328c28a5fd094abc811
https://github.com/Checkmk/checkmk/commit/43b88d8ebeece489ea96e328c28a5fd09…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/16173.md
M agents/plugins/symantec_av
A tests/unit-shell/agents/plugins/test_symantec_av.sh
Log Message:
-----------
16173 SEC symantec_av: Don't run sav command if it isn't owned by root
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Change-Id: I677d94136bd21cd54461f6e125764754208d99af
Commit: 0e30b8d6d27f15e93427380f83ac7736d44541d8
https://github.com/Checkmk/checkmk/commit/0e30b8d6d27f15e93427380f83ac7736d…
Author: Moritz Kiemer <moritz.kiemer(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M packages/cmk-graphing/cmk/graphing/v1/graphs.py
M tests/unit/cmk/gui/graphing/test_utils.py
M tests/unit/cmk/gui/test_metrics.py
Log Message:
-----------
simplify defaults
Change-Id: Ica8e372ae1ad09782ae64cbc52c93160a6a28341
Compare: https://github.com/Checkmk/checkmk/compare/b100815e0715...0e30b8d6d27f
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 6045511182d56322bd6a9ee5533c449dda20a200
https://github.com/Checkmk/checkmk/commit/6045511182d56322bd6a9ee5533c449dd…
Author: Moritz Kiemer <moritz.kiemer(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/base/legacy_checks/check_ldap.py
M cmk/gui/plugins/wato/active_checks/ldap.py
M tests/unit/checks/test_check_ldap.py
Log Message:
-----------
make check_ldap rule a Dict
Change-Id: Iba5a518808fa3d47872d971a87dc7469299c6216
(cherry picked from commit 7f9883d208cb77250eefc5782fe465db0a6c8ef5)
Commit: 007ae571c77fda66609afa9e419deb1940deb076
https://github.com/Checkmk/checkmk/commit/007ae571c77fda66609afa9e419deb194…
Author: Moritz Kiemer <moritz.kiemer(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M packages/cmk-graphing/cmk/graphing/v1/graphs.py
M tests/unit/cmk/gui/graphing/test_utils.py
M tests/unit/cmk/gui/test_metrics.py
Log Message:
-----------
simplify defaults
Change-Id: Ica8e372ae1ad09782ae64cbc52c93160a6a28341
Compare: https://github.com/Checkmk/checkmk/compare/f550fe7fc86a...007ae571c77f
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 567f90e8a4d8c24cb94aacfd1aeb12ce588890b9
https://github.com/Checkmk/checkmk/commit/567f90e8a4d8c24cb94aacfd1aeb12ce5…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/base/automations/check_mk.py
M cmk/base/config.py
M cmk/base/core_nagios.py
M cmk/base/sources/_builder.py
M tests/unit/cmk/base/test_server_side_calls.py
Log Message:
-----------
server side calls: remove new ssc macros
For compatibility reasons, it's decided that we don't introduce new
macros for server-side call macros. We support the ones that were
supported in the previous versions.
Change-Id: I623225ed0f0b623528ccb3b482546f84362acd5d
Commit: 01d378ef438f38aee30fb022498449ba4ce1550e
https://github.com/Checkmk/checkmk/commit/01d378ef438f38aee30fb022498449ba4…
Author: Sergey Kipnis <sergey.kipnis(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M packages/mk-sql/src/ms_sql/client.rs
M packages/mk-sql/src/ms_sql/instance.rs
M packages/mk-sql/src/types.rs
M packages/mk-sql/tests/test_ms_sql.rs
Log Message:
-----------
mk-sql: add certificate to API
To do it the API had been switche to the builder pattern:
- clean up
- better typing
Change-Id: Ie63d14feae1d7c6a1003776e19bcc1f98bfe0c9f
Compare: https://github.com/Checkmk/checkmk/compare/632afa9be9c9...01d378ef438f
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 0312e47fffc5e57c5481623e80ed17e06ad221e1
https://github.com/Checkmk/checkmk/commit/0312e47fffc5e57c5481623e80ed17e06…
Author: Sven Panne <sven.panne(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/base/server_side_calls/_active_checks.py
M cmk/base/server_side_calls/_special_agents.py
M cmk/plugins/collection/server_side_calls/agent_bi.py
M cmk/plugins/collection/server_side_calls/http.py
M cmk/plugins/elasticsearch/server_side_calls/special_agent.py
M cmk/plugins/prism/server_side_calls/special_agent.py
M packages/cmk-server-side-calls/cmk/server_side_calls/v1/_active_checks.py
M packages/cmk-server-side-calls/cmk/server_side_calls/v1/_special_agents.py
M packages/cmk-server-side-calls/cmk/server_side_calls/v1/_utils.py
M packages/cmk-server-side-calls/tests/v1/test_utils.py
M tests/unit/cmk/base/test_server_side_calls.py
M tests/unit/cmk/plugins/aws/server_side_calls/test_aws.py
M tests/unit/cmk/plugins/collection/server_side_calls/test_bi_aggr.py
M tests/unit/cmk/plugins/collection/server_side_calls/test_cisco_meraki.py
M tests/unit/cmk/plugins/collection/server_side_calls/test_datadog.py
M tests/unit/cmk/plugins/collection/server_side_calls/test_icmp.py
M tests/unit/cmk/plugins/collection/server_side_calls/test_kube.py
M tests/unit/cmk/plugins/elasticsearch/server_side_calls/test_agent_elasticsearch.py
M tests/unit/cmk/plugins/proxmox_ve/server_side_calls/test_special_agent.py
M tests/unit/cmk/plugins/pure_storage_fa/server_side_calls/test_special_agent.py
M tests/unit/cmk/plugins/three_par/server_side_calls/test_three_par.py
Log Message:
-----------
Make the SSC dataclass constructors kw_only.
Allowing the passing of up to 11 parameters by position would be insane,
especially with the primtive obsession going on here, i.e. most of the
parameters have type str or Mapping[str, str]: Swapping parameters would go
unnoticed without any static tool complaining. So let's at least make the
call sites more explicit about what primitive entity is passed for which
purpose.
Change-Id: Idff0e39fcf341683995da5844abfd79bfbc854e9
Commit: fe4e12eabd7cdb52cac11ff2ddf4eb73d3016cc9
https://github.com/Checkmk/checkmk/commit/fe4e12eabd7cdb52cac11ff2ddf4eb73d…
Author: Sven Panne <sven.panne(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M tests/code_quality/test_pipfile.py
Log Message:
-----------
Improved ignorance.
Change-Id: Iaf3600ce38de5b63e0917ff0c788b78eb355f5f4
Commit: f550fe7fc86a7f1416d4a4e66e4204164db57eea
https://github.com/Checkmk/checkmk/commit/f550fe7fc86a7f1416d4a4e66e4204164…
Author: Sven Panne <sven.panne(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M tests/code_quality/test_pipfile.py
Log Message:
-----------
Fixed bazel directory name to ignore.
Change-Id: If3d8495d57c92d3f802e342ebeb57e76e219283d
Compare: https://github.com/Checkmk/checkmk/compare/3ece2653093f...f550fe7fc86a
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications