ID: 15450
Title: mk-job: improvements to state file persistence
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
The mk-job agent plugin saves information about a job's running and completed
states in files under $MK_VARDIR/job. These files were written dynamically and
this could give rise to situations in which the state file was read while
information was being written to it. The information within the <<<job>>>
section could therefore be confusing and incomplete. This has been improved by
introducing atomic operations: files are now either present and complete, or
absent altogether.
ID: 15666
Title: mk-job.solaris: do not add artificial metrics
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
The mk-job agent plugin for Solaris would add 0 values as placeholders for
metrics that cannot be retrieved using the /usr/bin/time command. This is
misleading and incorrect. The affected metrics are: 'reads', 'writes',
'max_res_kbytes', 'navg_mem_kbytes', 'invol_context_switches', and
'vol_context_switches'. This has been fixed.
The mk-job.solaris plugin needs to be rolled out to the host in order to apply
this fix.
ID: 13266
Title: Wrong password propagation for check_mail and check_mail_loop
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p27
A new authentication data format shared among check_mail* active checks was not properly handled
by check_mail and check_mail_loop argument generators, resulting in messages like
WARNING: The stored password "('password', '<SOME_PASSWORD>')" used by service "<SERVICE-NAME>" on host "<HOST-NAME>" does not exist (anymore)
This change applies these missing changes to the command line generators as already done in v2.2.0+
ID: 13267
Title: AttributeError: 'Namespace' object has no attribute 'fetch_client_id' in check_mail and check_mail_loop
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p27
Trying to hide EWS related command line arguments from check_mail and check_mail_loop active checks
(which don't support EWS yet) led to exceptions being raised due to invalid access to now
non-existing arguments.
This change makes those arguments visible again with a hint about EWS not being available.
ID: 15600
Title: group_config: return the correct collection response for host/service/contact_group endpoints
Component: REST API
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk introduces a fix to collection responses for host, service
and contact group_config endpoints.
For bulk-create and bulk-update calls, the link object in the
responses did not align with the expected schema. Now we return
the expected schema.
ID: 14954
Title: Windows tasks plugin ignores only tasks from the Microsoft folder
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
As a result of the change, the user will see some important,
critical tasks, such as "Windows Edge update" task.
Otherwise, the behavior of the plugin is the same: tasks
related to internal processing of Microsoft applications will
be ignored.
ID: 13981
Title: Permission checks in REST-API service downtimes
Component: REST API
Level: 1
Class: Security fix
Version: 2.3.0b1
Prior to this Werk it was possible for users to schedule downtimes for services of any host via the REST API, even if they didn't have the permissions to do so.
The REST API will now correctly check the users permissions when putting a service into downtime.
That not only includes the permission "wato.downtimes" but also access to the effected host and service.
<b>Affected Versions</b>:
LI: 2.2.0 (beta)
LI: 2.1.0
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 4.3 (Medium) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N</tt>.
and assigned CVE <tt>CVE-2023-2020</tt>.
ID: 15463
Title: mk_filestats: Make combination of file grouping and single file aggregation more usable
Component: agents
Level: 1
Class: Bug fix
Version: 2.3.0b1
This werk is incompatible for users that use file grouping and single file aggregation
and have "%s" in the section name.
It's now possible to define a name containing "%s" in both section and group names when
using single file aggregation.
In that case, the services of files that don't belong to a group will be named
"<SECTION NAME> <FILE NAME>" and the services of grouped files
"<SECTION NAME> <GROUP NAME> <FILE NAME>".
ID: 15657
Title: Agent controller: Changes in the output format of the status command
Component: agents
Level: 1
Class: New feature
Version: 2.3.0b1
This werk is only incompatible for users who process the json output of the agent controller status
command (<tt>cmk-agent-ctl status --json</tt>). For all other users, this werk is purely
informational.
The human-readable output of the status command has changed as follows:
LI: The section about the remote status of a connection does not report `Registration state: operational` anymore, since this was redundant information. If the host is registered, we now simply report hostname and connection mode.
LI: If the host is not registered anymore at the monitoring site, we now report `Not registered`. Before, the controller reported a 404 error with a description stating that the host is not registered.
These changes are also reflected in the new json schema for the remote status, which reads
C+:
{"status": "Registered", "hostname": "...", "connection_mode": "..."}
C-:
for registered hosts and
C+:
{"status":"NotRegistered"}
C-:
for hosts which are not registered.
ID: 15658
Title: Agent auto-registration: Re-register if registration at monitoring site is gone
Component: agents
Level: 1
Class: New feature
Version: 2.3.0b1
When starting, the agent controller checks if the <a href="https://docs.checkmk.com/master/en/hosts_autoregister.html">auto-registration</a>
(introduced in <a href="https://checkmk.com/werk/15243">werk 15243</a>) is configured. If this is
the case, the controller proceeds to register at the configured site, but only if it is not already
registered there according to its local configuration.
As of this werk, if the connection to the configured site is found in the local configuration, we
additionally check if the configured site also reports that the host is registered. If this is not
the case, we proceed with the registration in order to re-establish the connection.
This feature is relevant in scenarios where hosts are temporarily shut down and removed from the
monitoring site. Once these hosts re-boot, they will re-register st. they are monitored again.