ID: 14827
Title: Re-work agent plugin for monitoring SSH daemon configuration
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The agent plugin for monitoring the SSH daemon configuration (<tt>mk_sshd_config</tt>) has been
re-worked. The previous version of the plugin used the contents of <tt>/etc/ssh/sshd_config</tt> to
monitor the daemon configuration. This is problematic in multiple ways:
LI: Include directives, such as <tt>Include /etc/ssh/sshd_config.d/*.conf</tt>, are not taken into account, resulting in potentially wrong monitoring results.
LI: Match directives are evaluated incorrectly, leading to monitoring results such as "PasswordAuthentication: noyes".
LI: Defaults are not taken into account properly. For example, under Ubuntu, the default is that password authentication is enabled if not explictly configured differently.
The re-worked version of the agent plugin reports the effective daemon configuration queried via
<tt>sshd -T</tt>. This evaluates include directives and takes into daemon defaults, but does
explicitly not evaluate Match directives. Hence, as an example, even if Checkmk reports that
password authentication is off, this does not garantuee that no user can ssh into the system using a
password.
This werk is marked as incompatible for two reasons:
LI: The behavioural changes listed above.
LI: <tt>sshd -T</tt> will likely require root permissions to execute successfully. Hence, the new version of the plugin will likely not work on systems where the agent is executed as non-root.
Finally, note that the configuration option <tt>ChallengeResponseAuthentication</tt> is deprecated
and has been replaced with <tt>KbdInteractiveAuthentication</tt>. If configured to monitor this
option, Checkmk now checks for both keys and only alerts if neither of the two is found.
ID: 14975
Title: mk_postgres.py: correct UNIX socket not found when instances are configured
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
You are affected by this werk if you have configured one or more PostgreSQL
instances that should be monitored by an agent plugin of Checkmk version >
1.6.0. This means that you are using the rule "Instances settings" in the
ruleset "PostgreSQL database nd sessions (Linux, Windows)". In order to apply
this fix, the agent plugin must be reinstalled on the host.
When PostgreSQL instances are configured explicity via the respective .env and
.pgpass config files, the agent plugin was no longer able to determine the
correct "psql" binary to use in order to run SQL queries via the commandline.
This lead to an error message similar to:
<br>
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.123"
failed: No such file or directory
<br>
This has been fixed.
ID: 13967
Title: "Topic" attribute for host tags is now optional in REST API
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
When creating a host tag group using the REST API, it is now optional to specify a topic.
When reading a host tag group without a specifically set topic, it will be displayed as "Tags".
This matches the behaviour of the GUI.
ID: 13968
Title: Unknown sites in host_config endpoints will now be marked as such
Component: REST API
Level: 1
Class: Bug fix
Version: 2.2.0i1
Having a host configured with an unknown site would return a 500 status code error on endpoints such as "/domain-types/host_config/collections/all".
This is common in a distributed monitoring environment.
Instead the site field under the "extensions" and "attributes" key will now return the site id prefixed with "Unknown Site:".
This matches the behaviour of the GUI.
ID: 13442
Title: sap_hana_connect crashed on missing SERVERDB
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
sap_hana_connect crashed with
AttributeError ('NoneType' object has no attribute 'group')
when the connect string did not contain a SERVERDB entry.
ID: 15037
Title: Fix Veeam CDP job monitoring for disabled jobs
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The Windows agent plugin for monitoring Veeam jobs (<tt>veeam_backup_status.ps1</tt>) crashed if
there was a disabled CDP job on the target system. This has been fixed, hence, disabled jobs will
now be discovered as services in Checkmk. Their monitoring status is <i>OK</i> and they don't report
the time since the last CDP run, which is not available for disabled jobs.
Note that users have to update the agent plugin on affected hosts in order to benefit from this
werk.
ID: 14635
Title: postgres_stat_database: Check plugin used to crash if database size was an empty string
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The check plugin used to crash if the database size was an empty string.
This has now been fixed.
>From now on if the database size is an empty string, the check state will turn to WARN and in the summary it will say that the database size is not available.
ID: 15012
Title: Add outlet label for raritan px outlet check
Component: Checks & agents
Level: 1
Class: New feature
Version: 2.2.0i1
We now add the outlet label in the "raritan_px_outlets" check.
ID: 14999
Title: Fix wrong choices in "Service Contact Group" filter
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
The filter "Service Contact Group" showed service groups instead of contact
groups as choices.