Checkmk werks level1 September 2022

checkmk-werks-lvl1@lists.checkmk.com

28 participants
98 discussions

Checkmk Werk 14744: Fix reload of graph dashlets in dashboards

by Ronny Bruska

ID: 14744 Title: Fix reload of graph dashlets in dashboards Component: Multisite Level: 1 Class: Bug fix Version: 2.2.0i1 Graph dashlets used in dashboards were not refreshed correctly since 2.1 if the graph used a timerange option with "The last".

1 year, 10 months

Checkmk Werk 14678: mk_docker is docker >=6.0.0 compatible

by External contributor

ID: 14678 Title: mk_docker is docker >=6.0.0 compatible Component: agents Level: 1 Class: Bug fix Version: 2.2.0i1 The mk_docker plugin now works with docker version 6 or later. Previously, the plugin would fail with a message that the module docker.version was not json serializable.

1 year, 10 months

Checkmk Werk 14680: Fix crash in heartbeat_crm plugin

by External contributor

ID: 14680 Title: Fix crash in heartbeat_crm plugin Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 The heartbeat_crm check would crash with a KeyError when the rule "Heartbeat CRM general status" was not set.

1 year, 10 months

Checkmk Werk 14385: Fix limited SSRF in agent-receiver API

by Hannes Rantzsch

ID: 14385 Title: Fix limited SSRF in agent-receiver API Component: Core & setup Level: 1 Class: Security fix Version: 2.2.0i1 Prior to this Werk attackers could use the host registration API for Server Side Request Forgery. An attacker would have been able to make the Checkmk server issue local requests to endpoints that should only be accessible from localhost. In order to exploit this vulnerability attackers would have needed the privileges to register hosts. This vulnerability was caused by insufficient sanitization of the hostname of the host to be registered. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: 2.1 Mitigations: The affected API can be disabled using <tt>omd stop agent-receiver</tt>. Note however, that this makes it impossible to register new hosts. Vulnerability Management: We have rated the issue with a CVSS Score of 5.0 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N</tt>. A CVE has been requested. Changes: This Werk adds validation for the hostname and ensures hostnames are escaped in requests to the REST API.

1 year, 10 months

Checkmk Werk 14677: Remove item_name and item_help keywords from CheckParameterRulespecWithItem

by Max Linke

ID: 14677 Title: Remove item_name and item_help keywords from CheckParameterRulespecWithItem Component: Setup Level: 1 Class: Bug fix Version: 2.2.0i1 This change might break existing MKPs. The CheckParameterRulespecWithItem class does not accept the item_name and item_help keywords any longer. Instead item_spec should be used. Before this werk the following was valid to register a new rulespec. C+: rulespec_registry.register( CheckParameterRulespecWithItem( check_group_name="a_check", item_name="fitting item name", item_help="inline help test", group=RulespecGroupCheckParametersApplications, parameter_valuespec=_parameter_valuespec_network, title=lambda: "A good title", ) ) C-: This should be rewritten as: C+: rulespec_registry.register( CheckParameterRulespecWithItem( check_group_name="a_check", item_spec=lambda: TextInput(title="fitting item name", help="inline help text"), group=RulespecGroupCheckParametersApplications, parameter_valuespec=_parameter_valuespec_network, title=lambda: "A good title", ) ) C-:

1 year, 10 months

Checkmk Werk 14766: mk_mongodb.py: mongodb_instace section shows information from a different host

by Lisa Pichler

ID: 14766 Title: mk_mongodb.py: mongodb_instace section shows information from a different host Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 The agent plugin "mk_mongodb.py" creates the section "mongodb_instance". In some cases, this section contains information from a different host (i.e. replica) from within the MongoDB cluster than the one on which the agent plugin is located. The problem was that the connection settings did not specify to connect to the host directly. Therefore, requests were distributed across the cluster by MongoDB. This has been fixed. If this fix is required, the agent plugin must be redeployed to the hosts.

1 year, 10 months

Checkmk Werk 14765: mk_mongodb.py: primary host is listed under active secondaries

by Lisa Pichler

ID: 14765 Title: mk_mongodb.py: primary host is listed under active secondaries Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 The plugin "mk_mongodb.py" provides the section "mongodb_replica", which contains information on the MongoDB primary, secondaries, and arbiters. The primary host was listed as both primary and active secondary. This is also shown in the corresponding check, "mongodb_replica". This has been fixed. The fix requires that the agent plugin, "mk_mongodb.py", is updated on the relevant hosts.

1 year, 10 months

Checkmk Werk 14741: Use internal folder ID in audit log on moving hosts

by Ronny Bruska

ID: 14741 Title: Use internal folder ID in audit log on moving hosts Component: Setup Level: 1 Class: Bug fix Version: 2.2.0i1 If hosts were moved between folders, the audit log uses the ID of the folder. This could lead to unclear log entries if folder were renamed in the past, because the ID does not change on folder renaming. We now added the internal ID of the folder for a better understanding of this log entries. For example: "Moved host from "Main directory" (ID: 21016475a7554c11afca66ae620b4c52) to "myfolder1/myfolder2" (ID: fffa1507d66248cd9da17ac3cc5103d5)"

1 year, 10 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 September 2022