ID: 13194
Title: Add several security HTTP headers
Component: Setup
Level: 1
Class: New feature
Version: 2.1.0i1
This werk adds the following security headers:
LI:<tt>X-Frame-Options: sameorigin</tt> Only websites hosted on the same domain are allowed to include CMK as an frame. The <i>Content-Security-Policy</i> already constrains this.
LI:<tt>X-XSS-Protection: 1; mode=block</tt> Enables the browser buitin XSS protection.
LI:<tt>X-Permitted-Cross-Domain-Policies: none</tt> We do not ship cross-domain policies so we disable them with this header.
LI:<tt>Referrer-Policy: origin-when-cross-origin</tt> Only send the origin as Referer to other sites.
You can overwrite these settings in the Apache config if you need to.
ID: 13228
Title: Checkmk agent with systemd creates dedicated system user
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.1.0i1
The installation of a systemd based agent package now creates a system user named <b>cmk-agent</b>.
Failing to create (or find) such a user will cause the installation to fail.
This user will allow for upcoming architectural changes.
In particular it will be running helper processes for new agent-to-site communication modes.
Also, the created user will be the only user allowed to read the agent output locally.
The users home directory will be <i>/etc/check-mk-agent/cmk-agent</i>, it will have neither a login password nor a login shell.
Note that the user is not removed if the package is uninstalled, as you may still have files belonging to that user, and we do not want the UID to be reassigned to a different user by chance.
ID: 11820
Title: Extend HP Proliant checks to HP Synergy
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.1.0i1
HP Synergy devices are now detected.
ID: 13129
Title: set correct access rights on Linux TGZ data structure
Component: agents
Level: 1
Class: Bug fix
Version: 2.1.0i1
This is a regression since Werk #10429.
With Werk #10429, it was prevented that the Linux TGZ package overwrites
access rights of existing directories.
However, this fix only works for 1.6 releases, while unfortunately it does
not take effect in Checkmk 2.0 releases.
Therefore the desired behavior is supplied with this Werk.
ID: 13358
Title: Explicit hosts input field no longer replaces + (plus)
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.1.0i1
When entering a plus sign in "Explicit hosts" input field
it was replaced by a whitespace.
ID: 13089
Title: Fixed logging with microsecond timestamps
Component: cmc
Level: 3
Class: Bug fix
Version: 2.1.0i1
Checkmk 1.6.0 introduced a small regression where log lines in cmc.log were
missing a space when logging with microseconds was enabled. Lines like
2021-10-13 10:24:51696.318 [5] [core 12345] Foo bar happened.
should really read:
2021-10-13 10:24:51 696.318 [5] [core 12345] Foo bar happened.
This has been fixed.