ID: 6430
Title: LDAP: Sync detected password changes only to login sites
Component: Multisite
Level: 1
Class: Bug fix
Version: 1.6.0i1
This is a minor performance improvement. The number of destination sites
a user profile is synchronized to in case a password change is detected
in LDAP is reduced to the sites where access to the GUI is allowed.
ID: 6718
Title: Fixed invalid exception handling when unable to initialize the Event Console
Component: Event Console
Level: 1
Class: Bug fix
Version: 1.6.0i1
When an exception occurs before the configuration was read during initialization
of the Event Console a subsequent exception could occur during shutdown of the
Event Console process. The exception message looked like this:
local variable 'pid_path' referenced before assignment
ID: 6716
Title: Add SNMP trap processing log target for deep SNMP trap debugging
Component: Event Console
Level: 1
Class: Bug fix
Version: 1.6.0i1
A new option "SNMP trap processing" has been added to the Event Console log setting.
This setting is currently used in the following ways:
<ul>
<li>It controls the log level of all SNMP related log messages. Previously some
of the SNMP messages were controlled through the "Processing of incoming
events" setting.</li>
<li>Nothing is logged in <i>Informational</i> log level</li>
<li>When set to <i>Verbose</i> it shows details about which traps are received
by the Event Console and how they are handled on protocol level (whether they
are accepted or dropped).</li>
<li>When set to <i>Debug</i> it tells the underlying SNMP library (PySNMP) to
write it's debug output to the <tt>var/log/mkeventd.log</tt>. Please be careful
with this level. It may result in a lot of log output when you set it to debug
for instances which receive a lot of SNMP traps.</li>
</ul>
ID: 6717
Title: 3rd party components and licenses are now listed in central file
Component: Site Management
Level: 1
Class: New feature
Version: 1.6.0i1
Check_MK contains a lot of open source software. The licensing and copyright of
each package can now be found in a central CSV file. This file is located in
<tt>share/doc/Licenses.csv</tt> in each released version. You can find the file
of your local default version e.g. at <tt>/omd/versions/default/share/doc/Licenses.csv</tt>.
The latest file is always available in the git at <tt>omd/Licenses.csv</tt> which
is also available via the git browser
<a href="https://git.mathias-kettner.de/git/?p=check_mk.git;a=blob;f=omd/Makefile/Li…">here</a>.
ID: 5510
Title: Add missing metrics for Windows Memory and Pagefile check
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
Memory and Pagefile average graphs are now displayed using the correct scaling and unit.
ID: 6713
Title: Fixed monitoring of piggyback based services when "No agent" is configured
Component: Core & setup
Level: 1
Class: Bug fix
Version: 1.6.0i1
Check_MK was not correctly discovering services using piggyback data when a
host (e.g. a docker container) has "No agent" configured.
ID: 6711
Title: Change Check_MK site umask to prevent "world" access
Component: Site Management
Level: 1
Class: Security fix
Version: 1.6.0i1
To prevent Check_MK site files from being read by any local system user the Check_MK
sites now have a umask of 0007 set.
The effect of this change is that new files and directories that are created in
the context of the site user are not accessible by "world" users. These are
local system users that are neither the site user nor members of the site
group.
If you don't like this, you can change the umask back to e.g. 0002 in the file
<tt>~/.profile</tt>.
ID: 6630
Title: df: Do not ignore filesystems mounted at /var/lib/docker and /var/lib/docker-latest
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
We do not want to discover the container filesystems, but previously, the filtering had
been too aggressive. This has been fixed.
ID: 6710
Title: Limit crash reporting functionality to permitted users
Component: Multisite
Level: 1
Class: Security fix
Version: 1.6.0i1
The crash reporting functionality of the GUI, which shows a lot of detailed
information about the internal state of the GUI, has been limited to be shown
only to permitted users.
The crash report could be used by attackers to get internal information about
the application state and secrets processed by the GUI.
All not permitted users will now only see a short message about the occurred
crash. Some more information is written to <tt>var/log/web.log</tt>.
Only authenticated administrative users are allowed to see and submit crash
reports by default.
If you like to give all your users the right to see and send crash reports give
them the permission "See crash reports"
A problem with this change may be that some crashes occur only in very specific
situations, for example for specific users. In such a case it may be hard to
get detailed information about the situation when the crash reporting is not
available. We plan to add an improved crash reporting in future versions to
make all occurred crashes available to the Check_MK administrator for later
debugging.
CMK-1037