Checkmk werks level1 September 2022

checkmk-werks-lvl1@lists.checkmk.com

28 participants
98 discussions

Checkmk Werk 14781: Monitor systemd sockets as single services

by Timotheus Bachinger

ID: 14781 Title: Monitor systemd sockets as single services Component: Checks & agents Level: 1 Class: New feature Version: 2.2.0i1 Previously, Systemd's services could be monitored as single service only. With this werk, Systemd's sockets can be monitored as a single check, similar to Systemd's services.

1 year, 10 months

Checkmk Werk 14731: super_server: Reenable "Checkmk agent network service (Linux)" ruleset

by Andreas Umbreit

ID: 14731 Title: super_server: Reenable "Checkmk agent network service (Linux)" ruleset Component: agents Level: 1 Class: Bug fix Version: 2.2.0i1 This is a regression since Checkmk 2.1. The agent package install scripts didn't recognize the <tt>/etc/check_mk/super_server.cfg</tt> correctly. As a result, the super server, if configured other than "auto", wasn't set correctly. In order to apply this fix, an agent update or reinstallation has to be done on affected hosts.

1 year, 10 months

Checkmk Werk 13019: Update requests module

by Konstantin Baikov

ID: 13019 Title: Update requests module Component: config Level: 1 Class: Bug fix Version: 2.2.0i1 Update requests module to fix an upstream bug with proxy authentication. Fixed parsing issue that resulted in the auth component being dropped from proxy URLs. (#6028)

1 year, 10 months

Checkmk Werk 14801: Improve detection when OMD runs in a container

by External contributor

ID: 14801 Title: Improve detection when OMD runs in a container Component: Site Management Level: 1 Class: Bug fix Version: 2.2.0i1 Only for docker and podman we could reliably detect if OMD is running in a container. The official docker image now sets a CMK_CONTAINERIZED=TRUE environment variable that is checked in omd. This works independent of the container runtime used.

1 year, 10 months

Checkmk Werk 14610: super_server: Missing systemd units/xinetd services after agent update (RPM)

by Andreas Umbreit

ID: 14610 Title: super_server: Missing systemd units/xinetd services after agent update (RPM) Component: agents Level: 1 Class: Bug fix Version: 2.2.0i1 After agent update to a 2.1 linux agent (prepackaged and bakery versions) on RPM based systems, the agent installation may end up with missing systemd units or a missing xinetd service file. As a workaround, or to recover from an agent installtion with broken super-server, agents can be reinstalled once manually with <tt>cmk-update-agent --reinstall</tt> or <tt>cmk-update-agent --force</tt> to restore the missing file(s). Subsequent agent updates won't run into the same problem again. With this Werk, the initial agent update to version 2.1 won't run into the problem in the first place.

1 year, 10 months

Checkmk Werk 14609: super_server: Cleanup config files when installing a bakery package

by Andreas Umbreit

ID: 14609 Title: super_server: Cleanup config files when installing a bakery package Component: agents Level: 1 Class: Bug fix Version: 2.2.0i1 This Werk will be compatible for most users. See below for details. When using the prepackaged agent package on DPKG or RPM based systems, some xinetd/system files are marked as config files and won't be removed on uninstallation/update. This leads to problems when updating from a prepackaged agent package to a bakery agent package, as leftover service or unit files would occupy the listening agent port. Bakery agent packages will now remove all deprecated systemd/xinetd files that may be leftover from old installations before activating the new super server coming from the new package. Please be aware that, starting with this Werk, agent packages from the agent bakery will discard changes made to xinetd/systemd files from a previously installed prepackaged/raw edition agent package. While this is expected behavior for bakery packages, it may still change some agent installations in an unexpected way, because this was done inconsequently in the past.

1 year, 10 months

Checkmk Werk 14747: Fix duplicate history log while processing spoolfiles

by Ronny Bruska

ID: 14747 Title: Fix duplicate history log while processing spoolfiles Component: Notifications Level: 1 Class: Bug fix Version: 2.2.0i1 Werk #13114 fixed missing history log entries for direct local delivery of notifications. If notification spooling was used afterwards, there was a duplicate message logged. Now only one message will be logged also for spoolfiles.

1 year, 10 months

Checkmk Werk 14695: azure_traffic_manager: Monitor Azure Traffic Manager

by Sofia Colakovic

ID: 14695 Title: azure_traffic_manager: Monitor Azure Traffic Manager Component: Checks & agents Level: 1 Class: New feature Version: 2.2.0i1 It's now possible to monitor Azure Traffic Manager in Checkmk. Two new checks have been added: <ul> <li>Microsoft Azure Traffic Manager: Qps</li> <li>Microsoft Azure Traffic Manager: Probe State</li> </ul> The new services will be automatically discovered if you have an Azure Traffic Manager Profile in the resource group already monitored in Checkmk.

1 year, 10 months

Checkmk Werk 14433: KUBE: New workload resource: CronJobs

by LukaRacic

ID: 14433 Title: KUBE: New workload resource: CronJobs Component: Checks & agents Level: 1 Class: New feature Version: 2.2.0i1 This werk introduces CronJobs to the Kubernetes agent. Similar to other Kubernetes objects, Checkmk creates a piggyback host for each CronJob. The CronJob host supports: - Memory resources - CPU resources - Info

1 year, 10 months

Checkmk Werk 14384: Fix command injection in livestatus query headers

by Hannes Rantzsch

ID: 14384 Title: Fix command injection in livestatus query headers Component: Livestatus Level: 1 Class: Security fix Version: 2.2.0i1 Prior to this Werk it was possible to inject livestatus commands in Checkmk's livestatus wrapper and python API. Attackers could add additional commands in the AuthUser query header using newline characters. This allowed running arbitrary livestatus commands, including external commands to the core. The issue could only be exploited by attackers from localhost, where the tampered header could be injected in a request to graph data. We thank Stefan Schiller (SonarSource) for reporting this issue. Affected Versions: All currently supported versions are affected: 1.6, 2.0, and 2.1. Mitigations: Immediate mitigations are not available. Indicators of Compromise: Review the logs of Nagios / CMC for suspicious commands. Vulnerability Management: We have rated the issue with a CVSS Score of 6.8 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L</tt>. A CVE has been requested. Changes: This Werk adds sanitization for the AuthUser header field.

1 year, 10 months

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 September 2022