Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: a5a27e0f95b218d1915be3f837ea2a353f5465a2
https://github.com/tribe29/checkmk/commit/a5a27e0f95b218d1915be3f837ea2a353…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-06-15 (Wed, 15 Jun 2022)
Changed paths:
M agents/cmk-agent-ctl/src/certs.rs
M agents/cmk-agent-ctl/src/modes/registration.rs
M agents/cmk-agent-ctl/src/modes/status.rs
Log Message:
-----------
agent controller: small refactoring
This is a preparation for enhancing TLS certificate validation in the
agent controller.
CMK-10709
Change-Id: I5098d1f03452ca020007010c7b87df4e2d65933b
Commit: aed50e8fce4ae95c48ac8ba7d9b36b4ee34dfbe2
https://github.com/tribe29/checkmk/commit/aed50e8fce4ae95c48ac8ba7d9b36b4ee…
Author: Joerg Herbel <joerg.herbel(a)tribe29.com>
Date: 2022-06-15 (Wed, 15 Jun 2022)
Changed paths:
M agents/cmk-agent-ctl/src/tls_server.rs
Log Message:
-----------
agent controller pull mode: validate that CN in client cert is no UUID
This additional validation step mitigates attack vectors where a
certificate from a compromised agent controller is used to impersonate
the Checkmk server in order to obtain agent data.
CMK-10709
Change-Id: Iaa142258f0af0d3a7e46b71850d24eddcc8fcc7d
Compare:
https://github.com/tribe29/checkmk/compare/5733a1bc90f8...aed50e8fce4a