Module: check_mk
Branch: master
Commit: 46eae19c6aabe084cf7b5c5aeacd883ed9d3ce67
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=46eae19c6aabe0…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Dec 3 10:49:28 2014 +0100
#1562 Move manual checks into a new WATO module
The rulesets for configuration manual checks (i.e. checks not created by the service
discovery) have been moved into a new WATO module <i>Manual Checks</i>. This should
save users from accidentally using these rules instead of their counterparts for
invetorized checks.
---
.werks/1562 | 12 ++++++++++++
ChangeLog | 1 +
web/htdocs/images/icon_static_checks.png | Bin 0 -> 3242 bytes
web/htdocs/wato.py | 28 +++++++++++++++++++++++-----
web/plugins/wato/builtin_modules.py | 3 +++
5 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/.werks/1562 b/.werks/1562
new file mode 100644
index 0000000..9759232
--- /dev/null
+++ b/.werks/1562
@@ -0,0 +1,12 @@
+Title: Move manual checks into a new WATO module
+Level: 2
+Component: wato
+Compatible: compat
+Version: 1.2.5i7
+Date: 1417599830
+Class: feature
+
+The rulesets for configuration manual checks (i.e. checks not created by the service
+discovery) have been moved into a new WATO module <i>Manual Checks</i>. This should
+save users from accidentally using these rules instead of their counterparts for
+invetorized checks.
diff --git a/ChangeLog b/ChangeLog
index ee7258c..01bbdca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -108,6 +108,7 @@
* 1587 SEC: Prevent logging of passwords during initial distributed site login...
* 1560 Put host and service groups into one WATO menu item...
* 1561 Remove Auditlog from the main WATO menu and put it into the activate Changes page
+ * 1562 Move manual checks into a new WATO module...
* 1165 FIX: Fixed exception in service discovery of logwatch event console forwarding checks...
* 1490 FIX: Timperiod excludes can now even be configured when creating a timeperiod...
* 1491 FIX: Fixed bug in dynamic lists where removing an item was not always possible...
diff --git a/web/htdocs/images/icon_static_checks.png b/web/htdocs/images/icon_static_checks.png
new file mode 100644
index 0000000..b7b58ee
Binary files /dev/null and b/web/htdocs/images/icon_static_checks.png differ
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 2132e18..a626574 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -834,6 +834,7 @@ def mode_folder(phase):
global_buttons()
if config.may("wato.rulesets") or config.may("wato.seeall"):
html.context_button(_("Rulesets"), make_link([("mode", "ruleeditor")]), "rulesets")
+ html.context_button(_("Manual Checks"), make_link([("mode", "static_checks")]), "static_checks")
if auth_read:
html.context_button(_("Folder Properties"), make_link_to([("mode", "editfolder")], g_folder), "edit")
if not g_folder.get(".lock_subfolders") and config.may("wato.manage_folders") and auth_write:
@@ -13587,6 +13588,8 @@ def mode_ruleeditor(phase):
title = _("Used Rulesets")
help = _("Show only modified rulesets<br>(all rulesets with at least one rule)")
icon = "usedrulesets"
+ elif groupname == "static": # these have moved into their own WATO module
+ continue
else:
title, help = g_rulegroups.get(groupname, (groupname, ""))
icon = "rulesets"
@@ -13749,9 +13752,14 @@ def mode_ineffective_rules(phase):
html.write('</div>')
return
+def mode_static_checks(phase):
+ return mode_rulesets(phase, "static")
+
+
+def mode_rulesets(phase, group=None):
+ if not group:
+ group = html.var("group") # obligatory
-def mode_rulesets(phase):
- group = html.var("group") # obligatory
search = html.var("search")
if search != None:
search = search.strip().lower()
@@ -13760,6 +13768,10 @@ def mode_rulesets(phase):
title = _("Used Rulesets")
help = _("Non-empty rulesets")
only_used = True
+ elif group == "static":
+ title = _("Manual Checks")
+ help = _("Here you can create explicit checks that are not being created by the automatic service discovery.")
+ only_used = False
elif search != None:
title = _("Rules matching ") + search
help = _("All rules that contain '%s' in their name") % search
@@ -13780,12 +13792,14 @@ def mode_rulesets(phase):
elif phase == "buttons":
if only_host:
home_button()
- html.context_button(_("All Rulesets"), make_link([("mode", "ruleeditor"), ("host", only_host)]), "back")
+ if group != "static":
+ html.context_button(_("All Rulesets"), make_link([("mode", "ruleeditor"), ("host", only_host)]), "back")
html.context_button(only_host,
make_link([("mode", "edithost"), ("host", only_host)]), "host")
else:
global_buttons()
- html.context_button(_("All Rulesets"), make_link([("mode", "ruleeditor")]), "back")
+ if group != "static":
+ html.context_button(_("All Rulesets"), make_link([("mode", "ruleeditor")]), "back")
if config.may("wato.hosts") or config.may("wato.seeall"):
html.context_button(_("Folder"), make_link([("mode", "folder")]), "folder")
return
@@ -13818,7 +13832,7 @@ def mode_rulesets(phase):
# Select matching rule groups while keeping their configured order
groupnames = [ gn for gn, rulesets in g_rulespec_groups
- if only_used or search != None or gn == group or gn.startswith(group + "/") ]
+ if only_used or search or gn == group or gn.startswith(group + "/") ]
# In case of search we need to sort the groups since main chapters would
# appear more than once otherwise.
@@ -13853,6 +13867,9 @@ def mode_rulesets(phase):
and search not in varname:
continue
+ if search != None and groupname.startswith("static/"):
+ continue # search must not find these
+
# Handle case where a host is specified
rulespec = g_rulespecs[varname]
@@ -18208,6 +18225,7 @@ modes = {
"edit_configvar" : (["global"], mode_edit_configvar),
"ldap_config" : (["global"], mode_ldap_config),
"ruleeditor" : (["rulesets"], mode_ruleeditor),
+ "static_checks" : (["rulesets"], mode_static_checks),
"rulesets" : (["rulesets"], mode_rulesets),
"ineffective_rules" : (["rulesets"], mode_ineffective_rules),
"edit_ruleset" : (["rulesets"], mode_edit_ruleset),
diff --git a/web/plugins/wato/builtin_modules.py b/web/plugins/wato/builtin_modules.py
index d337e8b..5a6daaa 100644
--- a/web/plugins/wato/builtin_modules.py
+++ b/web/plugins/wato/builtin_modules.py
@@ -43,6 +43,9 @@ modules += [
_("Check parameters and other configuration variables on "
"hosts and services") ),
+ ( "static_checks", _("Manual Checks"), "static_checks", "rulesets",
+ _("Configure fixed checks without using service discovery")),
+
( "host_groups", _("Host & Service Groups"), "hostgroups", "groups",
_("Organize your hosts and services in groups independent of the tree structure.") ),
Module: check_mk
Branch: master
Commit: 3ee6ad88206d229939412d753c891874f99659bd
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3ee6ad88206d22…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Dec 3 10:17:42 2014 +0100
#1560 Put host and service groups into one WATO menu item
There is now a common menu item in WATO for host and service groups. It
points to the host group management where you can switch to the service
groups. This makes the WATO menu a bit more cleaned up.
---
.werks/1560 | 12 ++++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 9 ++++++++-
web/plugins/wato/builtin_modules.py | 7 ++-----
4 files changed, 23 insertions(+), 6 deletions(-)
diff --git a/.werks/1560 b/.werks/1560
new file mode 100644
index 0000000..cfa460e
--- /dev/null
+++ b/.werks/1560
@@ -0,0 +1,12 @@
+Title: Put host and service groups into one WATO menu item
+Level: 2
+Component: wato
+Compatible: compat
+Version: 1.2.5i7
+Date: 1417598188
+Class: feature
+
+There is now a common menu item in WATO for host and service groups. It
+points to the host group management where you can switch to the service
+groups. This makes the WATO menu a bit more cleaned up.
+
diff --git a/ChangeLog b/ChangeLog
index 369b516..07e2a0f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -106,6 +106,7 @@
* 1504 WATO makes host tag and group information available for NagVis...
* 1535 Disabled services on service discovery page now link to the ruleset
* 1587 SEC: Prevent logging of passwords during initial distributed site login...
+ * 1560 Put host and service groups into one WATO menu item...
* 1165 FIX: Fixed exception in service discovery of logwatch event console forwarding checks...
* 1490 FIX: Timperiod excludes can now even be configured when creating a timeperiod...
* 1491 FIX: Fixed bug in dynamic lists where removing an item was not always possible...
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 089e6bb..750b92d 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -7769,7 +7769,14 @@ def mode_groups(phase, what):
elif phase == "buttons":
global_buttons()
- html.context_button(_("New group"), make_link([("mode", "edit_%s_group" % what)]), "new")
+ if what == "host":
+ html.context_button(_("Service groups"), make_link([("mode", "service_groups")]), "hostgroups")
+ html.context_button(_("New host group"), make_link([("mode", "edit_host_group")]), "new")
+ elif what == "service":
+ html.context_button(_("Host groups"), make_link([("mode", "host_groups")]), "servicegroups")
+ html.context_button(_("New service group"), make_link([("mode", "edit_service_group")]), "new")
+ else:
+ html.context_button(_("New contact group"), make_link([("mode", "edit_contact_group")]), "new")
if what == "contact":
html.context_button(_("Rules"), make_link([("mode", "rulesets"),
("filled_in", "search"), ("search", _("contact group"))]), "rulesets")
diff --git a/web/plugins/wato/builtin_modules.py b/web/plugins/wato/builtin_modules.py
index 9e9ff0f..7992dde 100644
--- a/web/plugins/wato/builtin_modules.py
+++ b/web/plugins/wato/builtin_modules.py
@@ -43,11 +43,8 @@ modules += [
_("Check parameters and other configuration variables on "
"hosts and services") ),
- ( "host_groups", _("Host Groups"), "hostgroups", "groups",
- _("Organize your hosts in groups independent of the tree structure.") ),
-
- ( "service_groups", _("Service Groups"), "servicegroups", "groups",
- _("Organize services in groups for a better overview in the status display.") ),
+ ( "host_groups", _("Host & Service Groups"), "hostgroups", "groups",
+ _("Organize your hosts and services in groups independent of the tree structure.") ),
( "users", _("Users"), "users", "users",
_("Manage users of the monitoring system.") ),
Module: check_mk
Branch: master
Commit: dbd2f29c6b28d4dadbb4c82bec5c1001214e6af4
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=dbd2f29c6b28d4…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Dec 3 10:19:58 2014 +0100
#1561 Remove Auditlog from the main WATO menu and put it into the activate Changes page
---
.werks/1561 | 9 +++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 3 +++
web/plugins/wato/builtin_modules.py | 3 ---
4 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/.werks/1561 b/.werks/1561
new file mode 100644
index 0000000..328bd54
--- /dev/null
+++ b/.werks/1561
@@ -0,0 +1,9 @@
+Title: Remove Auditlog from the main WATO menu and put it into the activate Changes page
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.2.5i7
+Date: 1417598377
+Class: feature
+
+
diff --git a/ChangeLog b/ChangeLog
index 07e2a0f..ee7258c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -107,6 +107,7 @@
* 1535 Disabled services on service discovery page now link to the ruleset
* 1587 SEC: Prevent logging of passwords during initial distributed site login...
* 1560 Put host and service groups into one WATO menu item...
+ * 1561 Remove Auditlog from the main WATO menu and put it into the activate Changes page
* 1165 FIX: Fixed exception in service discovery of logwatch event console forwarding checks...
* 1490 FIX: Timperiod excludes can now even be configured when creating a timeperiod...
* 1491 FIX: Fixed bug in dynamic lists where removing an item was not always possible...
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 750b92d..2132e18 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -4648,6 +4648,9 @@ def mode_changelog(phase):
if is_distributed():
html.context_button(_("Site Configuration"), make_link([("mode", "sites")]), "sites")
+ if config.may("wato.auditlog"):
+ html.context_button(_("Audit log"), make_link([("mode", "auditlog")]), "auditlog")
+
elif phase == "action":
# Let host validators do their work
diff --git a/web/plugins/wato/builtin_modules.py b/web/plugins/wato/builtin_modules.py
index 7992dde..d337e8b 100644
--- a/web/plugins/wato/builtin_modules.py
+++ b/web/plugins/wato/builtin_modules.py
@@ -71,9 +71,6 @@ modules += [
( "sites", _("Distributed Monitoring"), "sites", "sites",
_("Distributed monitoring via Multsite, distributed configuration via WATO")),
- ( "auditlog", _("Audit Logfile"), "auditlog", "auditlog",
- _("Keep track of all modifications and actions of the users in WATO.")),
-
( "snapshot", _("Backup & Restore"), "backup", "snapshots",
_("Make snapshots of your configuration, download, upload and restore snapshots.")),
Module: check_mk
Branch: master
Commit: b35e2492f520f2f770ec927fc2b153e0549d3533
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b35e2492f520f2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Dec 3 09:11:34 2014 +0100
#1587 SEC Prevent logging of passwords during initial distributed site login
When creating a distributed monitoring setup using WATO, after configuring
a remote site in the central site, you need to login into the remote site
as admin user once to establish a trust between both sites.
This login was made using a HTTP get request, which is logged in the access
logs of the affected webservers (local system apache, local site apache,
remote system apache, remote site apache). All these log entries contain the
whole GET query string, which also includes the inserted username and password.
This has been fixed by replacing the GET request with a POST request where
the request vars are not logged in the access log.
---
.werks/1587 | 19 +++++++++++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 17 +++++++++++------
3 files changed, 31 insertions(+), 6 deletions(-)
diff --git a/.werks/1587 b/.werks/1587
new file mode 100644
index 0000000..7e5fcdd
--- /dev/null
+++ b/.werks/1587
@@ -0,0 +1,19 @@
+Title: Prevent logging of passwords during initial distributed site login
+Level: 1
+Component: wato
+Compatible: compat
+Version: 1.2.5i7
+Date: 1417594096
+Class: security
+
+When creating a distributed monitoring setup using WATO, after configuring
+a remote site in the central site, you need to login into the remote site
+as admin user once to establish a trust between both sites.
+
+This login was made using a HTTP get request, which is logged in the access
+logs of the affected webservers (local system apache, local site apache,
+remote system apache, remote site apache). All these log entries contain the
+whole GET query string, which also includes the inserted username and password.
+
+This has been fixed by replacing the GET request with a POST request where
+the request vars are not logged in the access log.
diff --git a/ChangeLog b/ChangeLog
index b55f0b1..1d16e40 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -104,6 +104,7 @@
* 1495 Most WATO tables can now be sorted (where useful)...
* 1504 WATO makes host tag and group information available for NagVis...
* 1535 Disabled services on service discovery page now link to the ruleset
+ * 1587 SEC: Prevent logging of passwords during initial distributed site login...
* 1165 FIX: Fixed exception in service discovery of logwatch event console forwarding checks...
* 1490 FIX: Timperiod excludes can now even be configured when creating a timeperiod...
* 1491 FIX: Fixed bug in dynamic lists where removing an item was not always possible...
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index e69ca57..089e6bb 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -9877,7 +9877,7 @@ def mode_sites(phase):
"the initial handshake and not be stored. If the login is "
"successful then both side will exchange a login secret "
"which is used for the further remote calls.") % site["alias"])
- html.begin_form("login")
+ html.begin_form("login", method="POST")
html.write("<table class=form>")
html.write("<tr><td class=legend>%s</td>" % _("Administrator login"))
html.write("<td class=content>")
@@ -10561,15 +10561,20 @@ def do_site_login(site_id, name, password):
# Trying basic auth AND form based auth to ensure the site login works.
# Adding _ajaxid makes the web service fail silently with an HTTP code and
# not output HTML code for an error screen.
- url = site["multisiteurl"] + 'login.py?_login=1' \
- '&_username=%s&_password=%s&_origtarget=automation_login.py&_plain_error=1' % \
- (name, password)
- response = get_url(url, site.get('insecure', False), name, password).strip()
+ url = site["multisiteurl"] + 'login.py'
+ post_data = html.urlencode_vars([
+ ('_login', '1'),
+ ('_username', name),
+ ('_password', password),
+ ('_origtarget', 'automation_login.py'),
+ ('_plain_error', '1'),
+ ])
+ response = get_url(url, site.get('insecure', False), name, password, post_data=post_data).strip()
if '<html>' in response.lower():
message = _("Authentication to web service failed.<br>Message:<br>%s") % \
html.strip_tags(html.strip_scripts(response))
if config.debug:
- message += "<br>Automation URL: <tt>%s</tt><br>" % url
+ message += "<br>" + _("Automation URL:") + " <tt>%s</tt><br>" % url
raise MKAutomationException(message)
elif not response:
raise MKAutomationException(_("Empty response from web service"))