Checkmk werks level1 January 2022

checkmk-werks-lvl1@lists.checkmk.com

19 participants
56 discussions

Checkmk Werk 13286: WATO WebAPI: Added additional user permission checks for various calls

by Andreas Boesl

ID: 13286 Title: WATO WebAPI: Added additional user permission checks for various calls Component: Setup Level: 1 Class: Security fix Version: 2.1.0i1 Stricter permissions checking has been introduced for the following calls <ul> <li>get_folder</li> <li>add_folder</li> <li>edit_folder</li> <li>delete_folder</li> <li>get_all_folders</li> <li></li> <li>add_host</li> <li>add_hosts</li> <li>edit_host</li> <li>edit_hosts</li> <li>get_hosts</li> <li>delete_host</li> <li>delete_hosts</li> <li>get_all_hosts</li> <li></li> <li>get_all_contactgroups</li> <li>delete_contactgroup</li> <li>add_contactgroup</li> <li>edit_contactgroup</li> <li>get_all_hostgroups</li> <li>delete_hostgroup</li> <li>add_hostgroup</li> <li>edit_hostgroup</li> <li>get_all_servicegroups</li> <li>delete_servicegroup</li> <li>add_servicegroup</li> <li>edit_servicegroup</li> <li></li> <li>get_all_users</li> <li>delete_users</li> <li>add_users</li> <li>edit_users</li> <li></li> <li>activate_changes</li> </ul> If your WebAPI automation user is lacking a specific permission, it will be shown in the response message.

2 years, 7 months

Checkmk Werk 13513: check_http: Fix replacement of HOSTALIAS in service description

by Ronny Bruska

ID: 13513 Title: check_http: Fix replacement of HOSTALIAS in service description Component: Core & setup Level: 1 Class: Bug fix Version: 2.1.0i1 If you used the macro "$HOSTALIAS$" in section "Service name" of the rule "Check HTTP service", the macro was not replaced by the hosts alias, the service description showed "HTTP $HOSTALIAS$" instead.

2 years, 7 months

Checkmk Werk 13510: omd cleanup: Always use "/omd/versions"

by Ronny Bruska

ID: 13510 Title: omd cleanup: Always use "/omd/versions" Component: RPM Packaging Level: 1 Class: Bug fix Version: 2.1.0i1 The real path (canonical path, eliminating any symbolic links ) was used before, leading to unfound packages in special situations.

2 years, 7 months

Checkmk Werk 13483: Checkmk Dockerfile: Enable authentication for relay_host

by External contributor

ID: 13483 Title: Checkmk Dockerfile: Enable authentication for relay_host Component: Site Management Level: 1 Class: New feature Version: 2.1.0i1 This werk adds the package libsasl2-modules to the docker dependencies to enable authentication for relay_host.

2 years, 7 months

Checkmk Werk 13456: apt: Discover updates with ESM support

by Sofia Colakovic

ID: 13456 Title: apt: Discover updates with ESM support Component: Checks & agents Level: 1 Class: New feature Version: 2.1.0i1 Previously, apt service wouldn't be discovered if there was an ESM support warning indicating an outdated Linux distribution. Now, updates are shown if ESM support is enabled. If ESM support isn't enabled, apt service reports an error.

2 years, 7 months

Checkmk Werk 13612: Predictive levels preview plot on incomplete data

by Óscar Nájera

ID: 13612 Title: Predictive levels preview plot on incomplete data Component: Checks & agents Level: 1 Class: Bug fix Version: 2.1.0i1 The predictive levels preview would crash upon encountering incomplete data.

2 years, 7 months

Checkmk Werk 13524: <tt>ntp_peer</tt>: Fix "TypeError (tuple indices must be integers or slices, not str)"

by Joerg Herbel

ID: 13524 Title: <tt>ntp_peer</tt>: Fix "TypeError (tuple indices must be integers or slices, not str)" Component: Checks & agents Level: 1 Class: Bug fix Version: 2.1.0i1 The check plugin <tt>ntp_peer</tt> crashed with "TypeError (tuple indices must be integers or slices, not str)" when using user-defined parameters.

2 years, 7 months

Checkmk Werk 13631: NagVis: Updated to 1.9.30

by Lars Michelsen

ID: 13631 Title: NagVis: Updated to 1.9.30 Component: Other Components Level: 1 Class: Bug fix Version: 2.1.0i1

2 years, 7 months

Checkmk Werk 13478: Mitigate wrong converion of disabled service rules on update

by Moritz Kiemer

ID: 13478 Title: Mitigate wrong converion of disabled service rules on update Component: Setup Level: 1 Class: Bug fix Version: 2.1.0i1 During <tt>cmk-update-config</tt> some disabled services rules are being broken by introducing an undesired escaping. This werk reduces the number of cases in which this happens. Users "Disabled Services" rules were affected if they fullfilled all of the following criteria: <ul> <li>They have exactly one host condition (explicit or pattern)</li> <li>They have no tag based conditions</li> <li>All their patterns for the service name end in "<tt>$</tt>"</li> </ul> After this werk, only rules will be affected if they additionally <ul> <li> have exactly one explicit host condition (not a regular expression)</li> <li> contain both quoted and unquoted special characters</li> in their service name pattern </ul> For instance: "<tt>Foo[12]$</tt>" and "<tt>Foo\[12\]$</tt>" will remain unchanged, whereas "<tt>Foo\[1\][2]$</tt>" will be changed to "<tt>Foo\[1\]\[2\]$</tt>". If this still affects you, you can avoid meeting the above criteria. For instance try to replace "<tt>my_hostname</tt>" by "<tt>~^my_hostname$</tt>" or to craft a service name pattern that does not require the trailing "<tt>$</tt>".

2 years, 7 months

Checkmk Werk 13325: Two-factor authentication via FIDO2/WebAuthn

by Lars Michelsen

ID: 13325 Title: Two-factor authentication via FIDO2/WebAuthn Component: Multisite Level: 2 Class: New feature Version: 2.1.0i1 With this change users of the Checkmk user interface can now configure Checkmk to ask for a second factor during user authentication. The new two-factor authentication is based on FIDO2/WebAuthn. You can use authenticators such as the YubiKey, a USB token, a smart phone, Apple’s Touch ID, and Windows Hello. To enable the new feature, login to the GUI and open the "User" mega menu on the bottom left of the screen. Then select "Two-factor authentication". On the opened page, you first need to click on "Add credential". Once you click that, your browser will ask you to activate your authenticator. Once done, the registration with your user account should be complete and a new registered credential is displayed. With this step you have enabled the two-factor authentication for your user account. Future logins will only be possible with the activated authenticator. If you don't have your authenticator at hand, you can use backup codes. It is recommended to generate these backup codes right away by clicking on "Regenerate backup codes". The resulting page will show you a list of 10 backup codes. Store them in a save place. Administrators can see that a user has the two-factor authentication enabled in the users list of the Setup. The Authentication column displays "Password (+2FA)" for these users. Admins can disable two-factor authentication for users to help them in case they don't have access to their second factor. This can be done via "Setup > Users > Edit user > Disable two-factor authentication". Please note that the WebAuthn standard makes this feature only usable in case you access the GUI using HTTPS. The WebAuthn two-factor authentication is also restrictive on the type of host address you use to access the GUI. It will be used as relying party identifier (https://www.w3.org/TR/webauthn-2/#relying-party-identifier) and has to be a valid domain string (https://url.spec.whatwg.org/#valid-domain-string). You will have to either use a simple host name or a full qualified domain name. Please note that you need to be consistent in the domain you use for the two-factor authentication to work.

2 years, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 January 2022