ID: 13749
Title: Support Diagnostics: Add file size information
Component: Setup
Level: 1
Class: New feature
Version: 2.2.0i1
The Support Diagnostics dumps now contain a csv file that lists the file sizes for all files in the site.
That is relevant for support cases related to performance issues.
ID: 14113
Title: Fix arrangement of search results using "Show all results" in monitoring search
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If many search results were found, the results were shown in multiple columns,
leading to unreadable entries because of the menu width.
This was now changed to one column with scrollbar.
ID: 13680
Title: Agent Bakery: Make package compression optional
Component: agents
Level: 1
Class: New feature
Version: 2.2.0i1
Compression of baked agent packages is now turned off by default.
Recently, all agent packages got packaged with default compression options
of the respective packaging system. This resulted in a gzip-level-9-compression
of <tt>.rpm</tt>, <tt>.deb</tt>, and <tt>.tar.gz</tt> packages.
However, as all large files (larger than a few kb) that are shipped with Checkmk
are already precompressed, the influence to the package size was minimal, while
there was a noticeable impact to the baking performance.
Hence, the gzip compression is now deactivated by default (level set to 0),
while you can activate it with the agent ruleset "Agent bakery package compression"
ID: 14111
Title: Dynamic host management: Fix MKAPIError
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0i1
If the global option "Connection to the Web API" was changed, the error
"MKAPIError: {"title": "You need to be authenticated to use the REST API.",
"status": 401}" occurred.
ID: 14112
Title: Fix non functional "Show all results" button in monitoring search
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
Even if used, the same mount of search results was shown.
ID: 14109
Title: SLA: Fix reclassifying states to OK
Component: Multisite
Level: 1
Class: Bug fix
Version: 2.2.0i1
If you reclassified host or service states to OK, the change had no effect.
ID: 14142
Title: mk_zypper: Missing data in agent output
Component: agents
Level: 1
Class: Bug fix
Version: 2.2.0i1
The mk_zypper agent plugin would not output the necessary data
needed for the check plugin.
ID: 14089
Title: Checkmk agent TLS encryption and compression
Component: Checks & agents
Level: 2
Class: New feature
Version: 2.2.0i1
In Checkmk version 2.1 the monitoring data sent from the monitored host to the monitoring server is TLS encrypted and compressed by default.
This is realized by a new component on the monitored hosts:
The Checkmk agent controller <tt>cmk-agent-ctl</tt>.
The added executable is called <tt>cmk-agent-ctl</tt>.
On Linux systems, the agent controller will be run as a dedicated user <i>cmk-agent</i>, which is added during installation.
As a result the process listening on the TCP port will have limited privileges, and the agent output is not available to any other local user.
While upgraded setups will continue to work as before, in order to enable TLS encryption an additional registration step is required.
More information on the registration step, the installation and the provided commands can be found <a href="https://docs.checkmk.com/master/en/agent_linux.html">in our online documentation</a>.
ID: 13902
Title: Secure path for OMD hooks
Component: OMD
Level: 1
Class: Security fix
Version: 2.2.0i1
OMD executes several hooks to determine configuration options (e.g. which port
to use for the site apache). These hooks are version dependent, so OMD executed
these hooks via a symlink in the site to get the hooks matching the version of
the site.
The symlinks belong to the site user in order to be able to update
the version. Since a <i>OMD status</i> executes those hooks as root, it was
possible for a site user to create a malicious hook and execute code as root.
All maintained versions (>=1.6) are subject to this vulnerability. It is likely
that also previous versions were vulnerable.
CVE will be added later here.
CVSS: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 8.2
We thank Timo Klecker for reporting this issue!