Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 0010c146c6cfd76110044330e64bbd589a01600d
https://github.com/Checkmk/checkmk/commit/0010c146c6cfd76110044330e64bbd589…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/base/modes/check_mk.py
M cmk/checkengine/checking/_checking.py
M cmk/checkengine/discovery/_impl.py
Log Message:
-----------
Check_MK services: summarize only once
The result of the Check_MK service is composed of multiple sub checks.
Those checks were summarized multiple times: the summary of a
subcheck was summarized with the summary of others.
This lead to inaccuracy of the placement of check markers.
Now the checks are only summarized once.
Change-Id: I8aadf90e17196395ad8f554247013d397aac73e8
Commit: bf54bf45f70f0106b9ea5b5170807476da0932f0
https://github.com/Checkmk/checkmk/commit/bf54bf45f70f0106b9ea5b5170807476d…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/checkengine/checking/__init__.py
M cmk/checkengine/checking/_checking.py
M tests/unit/cmk/checkengine/test_checking.py
Log Message:
-----------
add test to demonstrate problem
specific_missing_sections rule still returns a warning with an empty
list.
SUP-17271
Change-Id: I85b968701fea1d3e310c46a92a32672c78f15463
Commit: 7fa5e35c880d51abbada243aefd5eecea4bd6906
https://github.com/Checkmk/checkmk/commit/7fa5e35c880d51abbada243aefd5eecea…
Author: Benedikt Seidl <benedikt.seidl(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/15321.md
M cmk/checkengine/checking/_checking.py
M tests/unit/cmk/checkengine/test_checking.py
Log Message:
-----------
15321 FIX Fix "State if specific check plugins receive no monitoring data" of Rule "Status of the Checkmk service"
Rule "Status of the Checkmk service" provides a setting called "State if
specific check plugins receive no monitoring data" where you can specify a
regular expression to match specific check plugins, and assign a status for
the "Check_MK" service if this check plugins receives no data.
The feature did work correctly if you specified a Status worse than "WARN".
But the "Check_MK" service went to "WARN" even if there was an rule to set the
status to "OK" if the specific section did not receive any data. This is fixed now.
SUP-17271
Change-Id: I449cf23a3b9fce9227ff7d7f12a0162e8dc81c3e
Compare: https://github.com/Checkmk/checkmk/compare/266ffb91251a...7fa5e35c880d
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: acbcf379f446fa75bcf8d72f3aee9cc38ee4db6f
https://github.com/Checkmk/checkmk/commit/acbcf379f446fa75bcf8d72f3aee9cc38…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
R cmk/base/legacy_checks/check_ldap.py
A cmk/plugins/collection/server_side_calls/ldap.py
R tests/unit/checks/test_check_ldap.py
A tests/unit/cmk/plugins/collection/server_side_calls/test_ldap.py
Log Message:
-----------
ldap: migrate active check to SSC API
Change-Id: I538c98073aaaf50a8925bd5a8b183cc681b44ce0
(cherry picked from commit 632afa9be9c905bdddeaa16c1675baeb16c4a2f4)
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.2.0
Home: https://github.com/Checkmk/checkmk
Commit: 799b798815639a45767869f875b7efa460186894
https://github.com/Checkmk/checkmk/commit/799b798815639a45767869f875b7efa46…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/16173
M agents/plugins/symantec_av
A tests/unit-shell/agents/plugins/test_symantec_av.sh
Log Message:
-----------
16173 SEC symantec_av: Don't run sav command if it isn't owned by root
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Change-Id: I677d94136bd21cd54461f6e125764754208d99af
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 42c0da99a43e0426485a54d0b75fa2f2d8e59524
https://github.com/Checkmk/checkmk/commit/42c0da99a43e0426485a54d0b75fa2f2d…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/plugins/collection/rulesets/cert.py
Log Message:
-----------
check_cert ruleset: allow hash algo for RSAPSS
Even though x509 uses only one OID for RSASSA-PSS, different hash
algorithms can be used for the signature and the chosen algorithm must
be specified. See also RFC 4055, esp Sec 6.
Change-Id: Ia68e3498000107fe4596f93cda8fd7837c784cbd
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: 9baae60a822d26808d558eb1b5ebd46f7c6a2a98
https://github.com/Checkmk/checkmk/commit/9baae60a822d26808d558eb1b5ebd46f7…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/16173.md
M agents/plugins/symantec_av
A tests/unit-shell/agents/plugins/test_symantec_av.sh
Log Message:
-----------
16173 SEC symantec_av: Don't run sav command if it isn't owned by root
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Change-Id: I677d94136bd21cd54461f6e125764754208d99af
Commit: d1d270d6100c834f283ae744c66bfa10f1502120
https://github.com/Checkmk/checkmk/commit/d1d270d6100c834f283ae744c66bfa10f…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M cmk/base/automations/check_mk.py
M cmk/base/config.py
M cmk/base/core_nagios.py
M cmk/base/sources/_builder.py
M tests/unit/cmk/base/test_server_side_calls.py
Log Message:
-----------
server side calls: remove new ssc macros
For compatibility reasons, it's decided that we don't introduce new
macros for server-side call macros. We support the ones that were
supported in the previous versions.
Change-Id: I623225ed0f0b623528ccb3b482546f84362acd5d
(cherry picked from commit 567f90e8a4d8c24cb94aacfd1aeb12ce588890b9)
Compare: https://github.com/Checkmk/checkmk/compare/007ae571c77f...d1d270d6100c
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 43b88d8ebeece489ea96e328c28a5fd094abc811
https://github.com/Checkmk/checkmk/commit/43b88d8ebeece489ea96e328c28a5fd09…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
A .werks/16173.md
M agents/plugins/symantec_av
A tests/unit-shell/agents/plugins/test_symantec_av.sh
Log Message:
-----------
16173 SEC symantec_av: Don't run sav command if it isn't owned by root
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Change-Id: I677d94136bd21cd54461f6e125764754208d99af
Commit: 0e30b8d6d27f15e93427380f83ac7736d44541d8
https://github.com/Checkmk/checkmk/commit/0e30b8d6d27f15e93427380f83ac7736d…
Author: Moritz Kiemer <moritz.kiemer(a)checkmk.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M packages/cmk-graphing/cmk/graphing/v1/graphs.py
M tests/unit/cmk/gui/graphing/test_utils.py
M tests/unit/cmk/gui/test_metrics.py
Log Message:
-----------
simplify defaults
Change-Id: Ica8e372ae1ad09782ae64cbc52c93160a6a28341
Compare: https://github.com/Checkmk/checkmk/compare/b100815e0715...0e30b8d6d27f
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications