Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: 20c171b5ac108d3d67a6abae0a121886a5883a49
https://github.com/Checkmk/checkmk/commit/20c171b5ac108d3d67a6abae0a121886a…
Author: Rebekka Seltmann <rebekka.seltmann(a)checkmk.com>
Date: 2024-03-21 (Thu, 21 Mar 2024)
Changed paths:
M agents/plugins/kaspersky_av
M tests/unit-shell/agents/plugins/test_kaspersky_av.sh
Log Message:
-----------
Generalize common agent plugin code root_owned()
Pass permissions, owner and group directly and document arguments
Change-Id: I29095c316e1a4cd8bd234b65cbcfbc3867f2a693
Commit: 28d42981e7a2c22f9d61a1344ef8781ab780e842
https://github.com/Checkmk/checkmk/commit/28d42981e7a2c22f9d61a1344ef8781ab…
Author: Rebekka Seltmann <rebekka.seltmann(a)checkmk.com>
Date: 2024-03-21 (Thu, 21 Mar 2024)
Changed paths:
A .werks/16198.md
M agents/plugins/mk_informix
Log Message:
-----------
mk_informix: Do not allow privilege escalation
The informix database monitoring plugin would previously `eval` statements parsed from
`$INFORMIXDIR/bin/onstat`. Since the plugin is usually run as root, this could cause
statements injected in `$INFORMIXDIR/bin/onstat` to be run as root as well.
By adding scripts named the same as other functionality found in `$PATH` to
`$INFORMIXDIR/bin`, `$PATH` functionality could also be overshadowed and the custom
executed as root.
Finally, `$INFORMIXDIR/bin/onstat` would be executed as root, allowing a substituted
script to be run with elevated privileges.
With this werk, the environment variables will be exported instead and `$PATH` will now be
searched before `$INFORMIXDIR/bin`.
The plugin will now also check if `$INFORMIXDIR/bin/onstat` belongs to root if the plugin
is executed as root. If not, it will be executed as the user owning the executable.
Change-Id: Idfe1d31c80998c6067baa718df9fb0a5c293eb27
Commit: a1e0f889a6e63ec1ea6b7f40a17d6114c7563d32
https://github.com/Checkmk/checkmk/commit/a1e0f889a6e63ec1ea6b7f40a17d6114c…
Author: Lukas Lengler <lukas.lengler(a)checkmk.com>
Date: 2024-03-21 (Thu, 21 Mar 2024)
Changed paths:
M cmk/gui/utils/ntop.py
Log Message:
-----------
ntopng: add error message for failing active connections
1. failing active connection -> error message in /var/log/web.log
2. successful active connection -> no messages
3. inactive connection -> no messages
Also ConnectionRefusedErrors and OSErrors are now handled and logged.
CMK-15731
Change-Id: I3ffa0fe6a86d6a1228bd9865254397be7322d5a7
Compare:
https://github.com/Checkmk/checkmk/compare/f03118a55715...a1e0f889a6e6
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications