Checkmk werks level1 August 2020

checkmk-werks-lvl1@lists.checkmk.com

15 participants
34 discussions

Checkmk Werk 11259: Fix host "Save & Test" action showing "API error" for all tests

by Lars Michelsen

ID: 11259 Title: Fix host "Save & Test" action showing "API error" for all tests Component: WATO Level: 1 Class: Bug fix Version: 1.7.0i1 The host diagnostic page was initially showing the message "API Error: The text None is not a valid integer number." after adding or editing a host and confirming the dialog with the "Save & Test" button. This regression was introduced by werk #11254 in version 1.6.0p15. You could workaround this issue by clicking the "Test" button on the page showing that error. It will start the tests in the correct way.

4 years

Checkmk Werk 11241: Status of the Check_MK services: Fix unhandled 'State in case of restricted address missmatch' parameter

by Simon Jess

ID: 11241 Title: Status of the Check_MK services: Fix unhandled 'State in case of restricted address missmatch' parameter Component: Checks & agents Level: 1 Class: Bug fix Version: 1.7.0i1 Within the ruleset {{Status of the Checkmk services}} there's a parameter {{State in case of restricted address missmatch}} where you can overwrite the default state {{WARN}} if the {{Check_MK}} service reports {{Unexpected allowed IP ranges}}. This option was introduced in Checkmk version 1.6.0 and not handled by the {{Check_MK}} service, ie. the configure state of this option had no effect.

4 years

Checkmk Werk 11371: mk_oracle: Fixed failed login with specific credentials

by Marcel Arentz

ID: 11371 Title: mk_oracle: Fixed failed login with specific credentials Component: Checks & agents Level: 1 Class: Bug fix Version: 1.7.0i1 With werk #10850 we introduced a fix for possible problems with upper and lower case instances in 1.6.0p15. It made a match possible where the process is lower case but the specific login variable definition in the configuration file is upper case - or vice versa. This fix is incompatible with Bash versions that are older than 4.0 and has been enhanced with this werk. You need to replace the plugin only if you are running Oracle Databases on an OS that uses an older version of Bash and you noticed a failed login after upgrading to 1.6.0p15. Otherwise there is no need for interaction.

4 years

Checkmk Werk 10785: Metric History Painter can directly inherit their time range from report

by Óscar Nájera

ID: 10785 Title: Metric History Painter can directly inherit their time range from report Component: Reporting & Availability Level: 1 Class: New feature Version: 1.7.0i1 When configuring a Metric History column on a view on your report additional to the predefined fixed time ranges it is now possible to inherit from the report time range.

4 years

Checkmk Werk 11400: Linux agent service: IP Access List support for systemd

by Andreas Umbreit

ID: 11400 Title: Linux agent service: IP Access List support for systemd Component: agents Level: 1 Class: New feature Version: 1.7.0i1 Previously, an IP restriction for the access to the Checkmk agent, as configured in WATO ruleset "Allowed agent access via IP address", could only be realized with the help of an "only_from" entry at the xinetd service that is shipped with a baked agent package. With this Werk, the restriction is also realizable via "IP Access Lists" for the Checkmk agent systemd service/socket. Depending on the configuration of the "Checkmk agent network service" WATO ruleset, a configured IP restriction will be realized activating either the systemd service/socket, or the xinetd service, with the systemd service/socket being the default. There is no action needed to activate this new behavior. The benefit of this change is, that you won't need to install xinetd any more to realize an IP restriction, but can rely on systemd, that is standard on most Linux distributions. <b>Note</b>: The feature "IP Access Lists" is supported by systemd versions >= 235 only. The agent installation will check for a sufficient version and prevent the systemd service/socket from being activated, if the check fails. Depending on the "Checkmk agent network service" configuration, the installation will try to fall back to the xinetd service, see also Werk #10431.

4 years

Checkmk Werk 11342: postgres_instances: Set status to CRIT in case no instance is running

by Timotheus Bachinger

ID: 11342 Title: postgres_instances: Set status to CRIT in case no instance is running Component: Checks & agents Level: 1 Class: Bug fix Version: 1.7.0i1

4 years

Checkmk Werk 11304: mysql.connections: extended plugin to show currently open connections in addition to maximum parallel connections

by Lisa Pichler

ID: 11304 Title: mysql.connections: extended plugin to show currently open connections in addition to maximum parallel connections Component: Checks & agents Level: 1 Class: New feature Version: 1.7.0i1 The plugin mysql.connections shows the maximum number of parallel connections since the server was started in relation to the maximum number of parallel connections allowed. We have extended this plugin to include the number of currently open connections to the server. This value is shown by the MySQL status variable 'Threads_connected'.

4 years

Checkmk Werk 11239: Check_MK Discovery: Revert werks 10534 and 11229

by Simon Jess

ID: 11239 Title: Check_MK Discovery: Revert werks 10534 and 11229 Component: Checks & agents Level: 1 Class: Bug fix Version: 1.7.0i1 The original werks 10534 (1.6.0p11) and 11229 (1.6.0p16) tried to fix the following situation: The "Check_MK discovery" check was unable to discover entirely new check_types. The discovery phase always relies on cached data, if available. Since the SNMP datasource only fetches the data it actually needs, there is no guarantee that all services will be discovered. So the "Check_MK discovery" service failed to discover any interfaces, if the snmp host did not have any interfaces beforehand. Through WATO however, the discovery was successfull, since this mechanism may bypass the snmp caching entirely. We have to revert these werk because they did not have the effect to fix above situation. In one of the next patch releases we will really fix this behaviour. Sorry for that.. :(

4 years

Checkmk Werk 11362: rmon_stats: new, separate discovery ruleset

by Joerg Herbel

ID: 11362 Title: rmon_stats: new, separate discovery ruleset Component: Checks & agents Level: 1 Class: New feature Version: 1.7.0i1 The discovery of the services provided by the check <tt>rmon_stats</tt>, which monitors RMON statistics, used to be configured via the ruleset "Network Interface and Switch Port Discovery". However, <tt>rmon_stats</tt> does not honor any of the other settings provided by this ruleset. Therefore, the service discovery for <tt>rmon_stats</tt> is now configured via the new, separate ruleset "Monitor RMON statistics". This werk is marked as incompatible because users who configured <tt>rmon_stats</tt> to be discovered have to adjust their rulesets accordingly. This is done by activating the discovery of <tt>rmon_stats</tt> for the corresponding hosts using the new ruleset "Monitor RMON statistics". Without this step, the corresponding services will continue to work but will disappear if a re-discovery is performed.

4 years

Checkmk Werk 11263: Fix piggyback path traversal

by Lars Michelsen

ID: 11263 Title: Fix piggyback path traversal Component: Core & setup Level: 2 Class: Security fix Version: 1.7.0i1 In previous versions it was possible to create files in the querying Checkmk site by modifying or extending an agent on a monitored system. So an attacker who gained rights on a monitored system to extend the agent could create and modify files in the monitoring Checkmk site with certain modifications of the agent. The creation or modification of files in the Checkmk site was done with rights of the Checkmk site user. This problem is now solved by a better validation of hostnames of piggybacked hosts. With this change only these characters are allowed in Piggybacked hostnames: <tt>0-9a-zA-Z_.-</tt>. These are exactly the same characters that Checkmk normally allows when creating hostnames. A special feature of Piggyback hostnames is that all illegal hostnames are replaced by "_". This change means that Piggyback hosts created with now invalid characters will have to be created differently after this change so that they can continue to be monitored.

4 years

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 August 2020