Branch: refs/heads/2.3.0
Home:
https://github.com/Checkmk/checkmk
Commit: 491305a3978db4497bdb581e78b064216aa71bea
https://github.com/Checkmk/checkmk/commit/491305a3978db4497bdb581e78b064216…
Author: Wontek Hong <wontek.hong(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M cmk/gui/openapi/endpoints/notification_rules/response_schemas.py
Log Message:
-----------
openapi/notification_rules: resolve conflict for Checkbox
Change-Id: I4cfafe0ddf9a35396218c0cab30d0d33a89485c1
Commit: 445f138f8baa04262472996068cd26b3148d486e
https://github.com/Checkmk/checkmk/commit/445f138f8baa04262472996068cd26b31…
Author: Wontek Hong <wontek.hong(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M cmk/gui/wsgi/app.py
Log Message:
-----------
openapi/spec: suppress duplicate warnings for generic fields
Change-Id: I94652b639bd3c82944e48c5ac279c98d9797bd12
Commit: f113f413fe7d5038614740b86e29d54b5a782f46
https://github.com/Checkmk/checkmk/commit/f113f413fe7d5038614740b86e29d54b5…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16172.md
M agents/plugins/kaspersky_av
A tests/unit-shell/agents/plugins/test_kaspersky_av.sh
Log Message:
-----------
16172 SEC kaspersky_av: Don't run kav4fs-control or kesl-control if they aren't
owned by root
Kaspersky Anti-Virus plugin uses /opt/kaspersky/kav4fs/bin/kav4fs-control and
/opt/kaspersky/kesl/bin/kesl-control commands to monitor a Kaspersky Anti-Virus
installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, kav4fs-control and kesl-control commands are owned
by root and root is the only user with write permissions, which prevents privilege
escalation attacks.
With this Werk, the plugin checks if control commands are owned by root and root
is the only user with write permissions before running the command. If that's not
the case the commands won't be run. This prevents privilege escalation attacks if
the permissions of the control commands have been changed.
CMK-15318
Change-Id: Ie5de60541dbd76a983c9918ccf48a73ed1ee26f7
Compare:
https://github.com/Checkmk/checkmk/compare/2eca0ad69574...f113f413fe7d
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications