Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: ffedac3e1926c192dfdcbb3141b1d9c3b9d5b600 https://github.com/tribe29/checkmk/commit/ffedac3e1926c192dfdcbb3141b1d9c3b… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: M livestatus/src/TableEventConsole.cc M livestatus/src/TableLog.cc M livestatus/src/TableStateHistory.cc Log Message: ----------- Pushed auth_user == nullptr checks to a better place, part 1. Change-Id: Ib15de2bffeb26748139b640f4d2292305818e059 Commit: b02f715b0aefcee4a59074697a64db7582e13937 https://github.com/tribe29/checkmk/commit/b02f715b0aefcee4a59074697a64db758… Author: Sven Panne <sven.panne(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: M livestatus/src/LogEntry.h M livestatus/src/TableLog.cc M livestatus/src/TableStateHistory.cc Log Message: ----------- Removed unused enum value. Change-Id: Ie98ad2dedcb0654698653e259ac31541239444a2 Commit: 82c197b61d57a30966bef0a6d703be71d39563d8 https://github.com/tribe29/checkmk/commit/82c197b61d57a30966bef0a6d703be71d… Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: A .werks/12672 M agents/check_mk_agent.linux Log Message: ----------- 12672 SEC real-time-checks: Provide default password This Werk fixes a security issue that may arise from a misconfiguration of real-time checks. As mentioned in Werk #8350 (Introduction of real-time checks), a password has to be provided when configuring real-time checks. When using the agent bakery, the ruleset "Encryption" is used to provide the encryption password, while the real-time checks itself are activated for the agents via the ruleset "Send data for real-time checks". If the real-time checks get activated without providing a password, this will result in an empty password, that will nevertheless be used by the agent to encrypt the real-time check data on the host. While the user would most likely fix this situation, because real-time checks won't work (A password is mandatory to activate real-time checks in CMC), the real-time check data can be decrypted without a password/key in this case, resulting in a security issue. This is now fixed with the following mechanism: - The agent bakery will read the default password from the global setting "Monitoring core/Enable handling of real-time checks" and bake it into the agents that have the rule "Send data for real-time checks" activated. Accordingly, a changed global setting will lead to new agents on next bake. - The agent bakery will keep to package the password from the "Encryption" rule, and the Linux agent will prefer it over the default password from the CMC configuration. - If none of the two passwords are configured, but the "Send data for real-time checks" rule is active, the agent bakery will refuse to bake agents - If the Linux agent is requested to send encrypted real-time check data, but no password is deployed, no real-time check data will be sent. However, up from now, this may only happen if real-time checks are configured without the agent bakery. CMK-7590 Change-Id: Ib173708140127d0b64f22fc9dbcceeac5841592e Commit: 5e6ae64499196714fe49c57d59116ec3eed7e845 https://github.com/tribe29/checkmk/commit/5e6ae64499196714fe49c57d59116ec3e… Author: Martin <martin.hirschvogel(a)tribe29.com> Date: 2021-04-28 (Wed, 28 Apr 2021) Changed paths: M cmk/utils/man_pages.py Log Message: ----------- Add OpenText Fuse Mgmt topic to manpages Change-Id: Ibf535f31e7d0c06fec827ed305cc95ba64242e2e Compare: https://github.com/tribe29/checkmk/compare/e6c1bbc84550...5e6ae6449919