Checkmk werks level1 February 2023

checkmk-werks-lvl1@lists.checkmk.com

26 participants
104 discussions

Checkmk Werk 15094: HW/SW Inventory: Fix crash while filtering the operational status in network interfaces views

by Simon Jess

ID: 15094 Title: HW/SW Inventory: Fix crash while filtering the operational status in network interfaces views Component: Multisite Level: 1 Class: Bug fix Version: 2.3.0b1 The crash shows C+: KeyError (invinterface_oper_status) ... File "/omd/sites/gotamedia/lib/python3/cmk/gui/query_filters.py", line 947, in _add_row if (filter_key := "%s_%d" % (ident, row["invinterface_oper_status"])) in values: C-:

1 year, 7 months

Checkmk Werk 15275: apache_status.py: autodetection for processes with long pids

by Benedikt Seidl

ID: 15275 Title: apache_status.py: autodetection for processes with long pids Component: agents Level: 1 Class: Bug fix Version: 2.3.0b1 In certain cases (processes with long pids) the autodetection of apache instances did not work correctly. The functionality was broken since Werk #14679 and should now be fixed.

1 year, 7 months

Checkmk Werk 15179: <tt>logwatch</tt> agent plugin: Always encode output in UTF-8

by Joerg Herbel

ID: 15179 Title: <tt>logwatch</tt> agent plugin: Always encode output in UTF-8 Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 This werk is only incompatible if you monitor logfiles containing non-ASCII characters with the <tt>logwatch</tt> agent plugin. As of this werk, the <tt>logwatch</tt> agent plugin always encodes its ouput in UTF-8. Before, the encoding depended on the system settings. This werk is marked as incompatible because it can have an unexpected side effect: On some systems, users might now have to explicitly configure the encoding of the monitored log files. The reason for this is that if not explicitly configured, the <tt>logwatch</tt> plugin tries to guess the encoding. If the wrong encoding is guessed, log files are decoded incorrectly, however, before this werk, this error might have cancelled out due to <tt>logwatch</tt> using the same encoding both for decoding logfiles and encoding its output. Since the latter is now always done using UTF-8, this cancellation will not happen anymore. If you are affected by this, you will either see the replacement character `�` appearing in your log messages or your log messages will contain random non-ASCII characters which do not make sense. As a positive side effect, correcting this issue enables the matching of patterns containing non- ASCII characters. Before, using the wrong encoding to decode the logfiles prevented this, effectively leading to overlooked messages.

1 year, 7 months

Checkmk Werk 15180: <tt>logwatch</tt> agent plugin on Windows: Enable monitoring of log files with non-ASCII characters in their paths

by Joerg Herbel

ID: 15180 Title: <tt>logwatch</tt> agent plugin on Windows: Enable monitoring of log files with non-ASCII characters in their paths Component: Checks & agents Level: 1 Class: Bug fix Version: 2.2.0i1 Before this werk, the <tt>logwatch</tt> agent plugin crashed with C+: UnicodeEncodeError: 'ascii' codec can't encode character ...: ordinal not in range(128) C-: for log files whose paths contained non-ASCII characters.

1 year, 7 months

Checkmk Werk 14184: Fixed broken hostname filter for parent/child topology

by Andreas Boesl

ID: 14184 Title: Fixed broken hostname filter for parent/child topology Component: Multisite Level: 1 Class: Bug fix Version: 2.3.0b1

1 year, 7 months

Checkmk Werk 14183: Added parent/child topology link to host page menu

by Andreas Boesl

ID: 14183 Title: Added parent/child topology link to host page menu Component: Multisite Level: 1 Class: New feature Version: 2.3.0b1

1 year, 7 months

Checkmk Werk 14965: Dedicated CA for agent certificates

by Andreas Umbreit

ID: 14965 Title: Dedicated CA for agent certificates Component: Checks & agents Level: 1 Class: Security fix Version: 2.2.0b1 On agent registration, the contacted site issues an x509 certificate to the requesting agent controller. Previously, this agent certificate has been signed by the site-local CA, that's also used to issue certificates used for distributed monitoring, and to issue the agent receiver's certificate. Starting with this Werk, each Checkmk site will use a dedicated agent CA to issue certificates to requesting agent controllers. This change slighly improves security, as agent receiver and agent controller can't be authenticated with the same root certificate anymore, making it impossible to act as each other. While this situation has effectively been prevented before, this is now assured already on transport level, rather than on application level. To prevent locking out registered agents, preexisting (Created with a Checkmk version prior to this Werk) Checkmk sites will still accept certificates issued by the site CA in parallel to the new agent CA. New sites will only accept certificates issued by the agent CA. This change is also loosely coupled with the new certificate lifetime mentioned in Werk #14964. Since active agent controllers will automatically renew their certificate to a new lifetime-limited one, this also means that they will migrate to new new CA automatically. As an additional benefit, experienced users now can replace the agent signing CA with their own one. This has to be done directly at the site's home directory, though. The new agent CA is located at <tt>~/etc/ssl/agents/ca.pem</tt> and can be replaced with a new one in the same format. To migrate from one CA to another, it's also possible to add additional trusted root certificates to <tt>~/etc/ssl/agents/</tt>. Even though this Werk is related to security, it does not fix any exploitable issue. To aid automatic scanners, we assign a CVSS score of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).

1 year, 7 months

Checkmk Werk 14964: Agent controller certificate lifetime

by Andreas Umbreit

ID: 14964 Title: Agent controller certificate lifetime Component: Checks & agents Level: 1 Class: New feature Version: 2.3.0b1 The TLS encryption for agent communication (introduced with Checkmk 2.1) makes use of x509 Certificates to authenticate the agent against the Checkmk site. Therefore, the Checkmk site issues a certificate to the agent controller of a host on agent registration. Previously, these certificates used to have a virtually unlimited expiration period. Starting with this Werk, agent certificates will only be issued with a limited expiration period. This period is configurable with the global setting "Site management/Agent certificates" and defaults to 5 years. You can choose from various values, with a minumum of 3 months and a maximum of 50 years. The agent controller will automatically renew the agent certificate in time before it expires, provided that it's running. The same holds true for legacy certificates with a too-long validity period. That said, inactive TLS agents (agent controller daemon(Linux)/Checkmk agent service(Windows) not running) will actually lose their registration on certificate expiration. To resume agent communication, you'll then have to re-register the agent.

1 year, 7 months

Checkmk Werk 15220: time period: put endpoint now returns 200 with edited time period config

by Gav

ID: 15220 Title: time period: put endpoint now returns 200 with edited time period config Component: REST API Level: 1 Class: Bug fix Version: 2.2.0b1 The time period put endpoint previously returned a 204 and no data response. This werk is a fix to return the time period object along with a status code of 200 to align with our other put endpoints.

1 year, 7 months

Checkmk Werk 15382: service: remove non functioning endpoint example from swagger-ui

by Wontek Hong

ID: 15382 Title: service: remove non functioning endpoint example from swagger-ui Component: REST API Level: 1 Class: Bug fix Version: 2.2.0i1 The "Try out" in Swagger-UI does not work for endpoint examples which make use of the "query" query parameter. The change must be adapted on the Swagger side. In the meantime, such endpoints will be removed to avoid any confusion and the user should refer to the examples in the ReDoc instead.

1 year, 7 months

← Newer
1
2
3
4
5
6
7
8
...
11
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 February 2023