ID: 0600
Title: nfsexports.solaris: new agent plugin for monitoring nfs exports on solaris systems
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i2
This agent plugin delivers information about nfs exports on Solaris systems in stand-alone
as well as clustered environments.
ID: 0776
Title: ibm_svc_nodestats.cpu_util: new check for CPU Utilization per Node on IBM SVC / V7000 devices
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i2
ID: 0742
Title: table statehist: now able to cancel a running query if limit is reached
Component: Livestatus
Level: 1
Class: Bug Fix
Version: 1.2.5i2
The livestatus table statehist was unable to end a query when
the <tt>Timelimit:</tt> or <tt>Limit:</tt> options were reached.
ID: 0766
Title: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330)
Component: Multisite
Level: 3
Class: Bug Fix
Version: 1.2.5i2
This change fixes possible attacks against Check_MK Multisite users. In previous
versions a possible attacker could try to make the browsers of authenticated users
open URLs of the Check_MK Multisite GUI to execute actions e.g. within WATO without
knowledge of the attacked user.
To make such an attack possible, there are several things needed: The user must be
authenticated with multisite and have enough permission within multisite to execute
the actions the attacker wants to use, the attacker needs to know the exact URL to the
Multisite GUI. Then the attacker needs to make the user either click on a manipulated
link or open a manipulated webpage which makes the browser of the user, where the user
is authenticated with multisite, open the URL the attacker wants to make it open.
The multisite GUI makes use of transids (transaction ids) when processing form
submissions or actions. The transids were mainly used to prevent double execution
of actions when reloading the page which performed the action in the browser.
Now we changed internal handling of the transid to make it also prevent CSRF attacks.
The transid is now some kind of shared secret between the webserver and the browser
of the user. This ensures a form submission is intended by a previously requested page.
This change impicates an incompatible change: In case you use a script which opens
multisite pages to perform an action, e.g. set a downtime and use this with a regular
user account which authenticates by username/password, the script won't work anymore
after this change.
The way to go is to adapt the script and change the user to authenticate with an
automation secret instead of a password. For this kind of authentication, you will
need to user other URL parameters (_username=... and _secret=...).
ID: 0765
Title: NagVis-Maps-Snapin: Now visualizes downtime / acknowledgment states of maps
Component: Multisite
Level: 1
Class: New Feature
Version: 1.2.5i2
The NagVis-Maps sidebar snapin now shows a green box with yellow or red borders when
maps have a problematic summary state, but have been acknowledged or set into downtime.
ID: 0741
Title: BI editor: fixed display bug in "Create nodes based on a service search"
Component: BI
Level: 1
Class: Bug Fix
Version: 1.2.5i2
The WATO BI editor had some problems when displaying rules with the pattern<br>
"Create nodes based on a service search" -> "State of a service"
ID: 0764
Title: lnx_quota: Added new check to monitor Linux File System Quota
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i2
This check monitors filesystems where linux user quotas has been
configured for users which exceed their space and file quotas.
ID: 0740
Title: winperf_if: now able to handle display of bandwidth > 4GBit
Component: Checks & Agents
Level: 1
Class: Bug Fix
Version: 1.2.5i2
If an interface had a bandwidth of > 4GBit the check did not receive
the correct bandwidth value, because of a 32 bit counter overflow.
Workaround: The windows plugin wmic_if.bat now also reports the correct bandwidth value.
If you use this plugin its bandwidth value will have precedence before the bandwidth determined by the agent.
ID: 0775
Title: ibm_svc_systemstats.diskio: new check for disk throughput in IBM SVC / V7000 devices in total
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i2
ID: 0774
Title: ibm_svc_nodestats.diskio: new check for disk troughput per node on IBM SVC / V7000 devices
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i2