ID: 11259
Title: Fix host "Save & Test" action showing "API error" for all tests
Component: WATO
Level: 1
Class: Bug fix
Version: 1.7.0i1
The host diagnostic page was initially showing the message "API Error: The text
None is not a valid integer number." after adding or editing a host and
confirming the dialog with the "Save & Test" button.
This regression was introduced by werk #11254 in version 1.6.0p15.
You could workaround this issue by clicking the "Test" button on the page
showing that error. It will start the tests in the correct way.
ID: 11241
Title: Status of the Check_MK services: Fix unhandled 'State in case of restricted address missmatch' parameter
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
Within the ruleset {{Status of the Checkmk services}} there's a parameter
{{State in case of restricted address missmatch}} where you can overwrite the
default state {{WARN}} if the {{Check_MK}} service reports
{{Unexpected allowed IP ranges}}. This option was introduced in Checkmk version
1.6.0 and not handled by the {{Check_MK}} service, ie. the configure state of
this option had no effect.
ID: 11371
Title: mk_oracle: Fixed failed login with specific credentials
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
With werk #10850 we introduced a fix for possible problems with upper and
lower case instances in 1.6.0p15. It made a match possible where the process
is lower case but the specific login variable definition in the configuration
file is upper case - or vice versa. This fix is incompatible with Bash
versions that are older than 4.0 and has been enhanced with this werk.
You need to replace the plugin only if you are running Oracle Databases
on an OS that uses an older version of Bash and you noticed a failed login
after upgrading to 1.6.0p15. Otherwise there is no need for interaction.
ID: 10785
Title: Metric History Painter can directly inherit their time range from report
Component: Reporting & Availability
Level: 1
Class: New feature
Version: 1.7.0i1
When configuring a Metric History column on a view on your report
additional to the predefined fixed time ranges it is now possible to
inherit from the report time range.
ID: 11400
Title: Linux agent service: IP Access List support for systemd
Component: agents
Level: 1
Class: New feature
Version: 1.7.0i1
Previously, an IP restriction for the access to the Checkmk agent, as configured in
WATO ruleset "Allowed agent access via IP address", could only be realized with the
help of an "only_from" entry at the xinetd service that is shipped with a baked
agent package.
With this Werk, the restriction is also realizable via "IP Access Lists" for the
Checkmk agent systemd service/socket. Depending on the configuration of the
"Checkmk agent network service" WATO ruleset, a configured IP restriction will be
realized activating either the systemd service/socket, or the xinetd service, with
the systemd service/socket being the default.
There is no action needed to activate this new behavior.
The benefit of this change is, that you won't need to install xinetd any more to
realize an IP restriction, but can rely on systemd, that is standard on most Linux
distributions.
<b>Note</b>: The feature "IP Access Lists" is supported by systemd versions >= 235
only. The agent installation will check for a sufficient version and prevent the
systemd service/socket from being activated, if the check fails. Depending on the
"Checkmk agent network service" configuration, the installation will try to fall
back to the xinetd service, see also Werk #10431.
ID: 11342
Title: postgres_instances: Set status to CRIT in case no instance is running
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
ID: 11304
Title: mysql.connections: extended plugin to show currently open connections in addition to maximum parallel connections
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.7.0i1
The plugin mysql.connections shows the maximum number of parallel connections
since the server was started in relation to the maximum number of parallel
connections allowed. We have extended this plugin to include the number of
currently open connections to the server. This value is shown by the MySQL
status variable 'Threads_connected'.
ID: 11239
Title: Check_MK Discovery: Revert werks 10534 and 11229
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
The original werks 10534 (1.6.0p11) and 11229 (1.6.0p16) tried to fix the
following situation:
The "Check_MK discovery" check was unable to discover entirely new check_types.
The discovery phase always relies on cached data, if available. Since the SNMP
datasource only fetches the data it actually needs, there is no guarantee that
all services will be discovered.
So the "Check_MK discovery" service failed to discover any interfaces, if the
snmp host did not have any interfaces beforehand. Through WATO however, the
discovery was successfull, since this mechanism may bypass the snmp caching
entirely.
We have to revert these werk because they did not have the effect to fix above
situation. In one of the next patch releases we will really fix this behaviour.
Sorry for that.. :(
ID: 11362
Title: rmon_stats: new, separate discovery ruleset
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.7.0i1
The discovery of the services provided by the check <tt>rmon_stats</tt>,
which monitors RMON statistics, used to be configured via the ruleset
"Network Interface and Switch Port Discovery". However, <tt>rmon_stats</tt>
does not honor any of the other settings provided by this ruleset. Therefore,
the service discovery for <tt>rmon_stats</tt> is now configured via the new,
separate ruleset "Monitor RMON statistics".
This werk is marked as incompatible because users who configured
<tt>rmon_stats</tt> to be discovered have to adjust their rulesets
accordingly. This is done by activating the discovery of <tt>rmon_stats</tt>
for the corresponding hosts using the new ruleset "Monitor RMON statistics".
Without this step, the corresponding services will continue to work but will
disappear if a re-discovery is performed.
ID: 11263
Title: Fix piggyback path traversal
Component: Core & setup
Level: 2
Class: Security fix
Version: 1.7.0i1
In previous versions it was possible to create files in the querying Checkmk
site by modifying or extending an agent on a monitored system.
So an attacker who gained rights on a monitored system to extend the agent
could create and modify files in the monitoring Checkmk site with certain
modifications of the agent. The creation or modification of files in the
Checkmk site was done with rights of the Checkmk site user.
This problem is now solved by a better validation of hostnames of piggybacked
hosts. With this change only these characters are allowed in Piggybacked
hostnames: <tt>0-9a-zA-Z_.-</tt>. These are exactly the same characters that
Checkmk normally allows when creating hostnames. A special feature of Piggyback
hostnames is that all illegal hostnames are replaced by "_".
This change means that Piggyback hosts created with now invalid characters will
have to be created differently after this change so that they can continue to
be monitored.