Title: Linux remote alert handlers not running under non-root user
Class: fix
Compatible: compat
Component: agents
Date: 1710234878
Edition: cee
Level: 1
Version: 2.2.0p24
In the ruleset <em>Remote alert handlers (Linux)</em>, you have to specify
a user under that the remote alert handler will be executed on agent side.
This user is set to <em>root</em> by default, but it's possible to choose
an arbitrary user.
But, when choosing a non-root user, the alert handlers previously
failed to execute, because the handler files got deployed with root-ownership
and were not readable by others.
To fix the problem, the ownership of the files now get changed to the specified
user.
Security note:
In general, it's important that all internal files of the Checkmk
agent have root ownership, as they might be read/executed by the Checkmk agent
under root.
However, this is not the case for remote alert handlers, as they
always get executed under the specified user.
As an additional security measure, the dispatcher on agent side
checks the ownership of installed remote alert handlers, and refuses to execute
non-root owned handlers when called via SSH with root rights.
Title: jolokia metrics: restores 'default product' behavior
Class: fix
Compatible: compat
Component: checks
Date: 1710165014
Edition: cre
Level: 1
Version: 2.2.0p24
The check plugin no longer showed any metrics if a product was not specified in the ruleset configuration.
This werk restores the original behaviour, using as a default product the one reported in the info section of the agent output.
[//]: # (werk v2)
# Publish permission handling for various components
key | value
---------- | ---
compatible | no
version | 2.4.0b1
date | 2024-03-14T09:54:25+00:00
level | 1
class | fix
component | multisite
edition | cre
Werk 13498 introduced the possibility to set limit publish permissions
to certain contact groups, sites etc. Still, the permission "Publish views"
(e.g. for publishing views) was needed to see the published views. With
Werk 16320 this has been fixed for dashboards, views and reports.
This werk fixes the behavior for the remaining components (Bookmarks, Graphs,
SLAs and Reports).
Note: Please check the respective publish configuration.
[//]: # (werk v2)
# Make LDAP connection test errors more explicit
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-03-07T16:34:41+00:00
level | 1
class | feature
component | wato
edition | cre
The LDAP connection test does not give enough information
about which DN configured results in an error.
This werk adds identifying information for the DN to the
error message to make it easier to identify the problem.
[//]: # (werk v2)
# Cisco Meraki: Levels for last reported time of devices is now configurable
key | value
---------- | ---
date | 2024-03-13T15:52:30+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 1
compatible | yes
[//]: # (werk v2)
# Linux remote alert handlers not running under non-root user
key | value
---------- | ---
date | 2024-03-12T09:14:38+00:00
version | 2.4.0b1
class | fix
edition | cee
component | agents
level | 1
compatible | yes
In the ruleset *Remote alert handlers (Linux)*, you have to specify
a user under that the remote alert handler will be executed on agent side.
This user is set to *root* by default, but it's possible to choose
an arbitrary user.
But, when choosing a non-root user, the alert handlers previously
failed to execute, because the handler files got deployed with root-ownership
and were not readable by others.
To fix the problem, the ownership of the files now get changed to the specified
user.
Security note:
In general, it's important that all internal files of the Checkmk
agent have root ownership, as they might be read/executed by the Checkmk agent
under root.
However, this is not the case for remote alert handlers, as they
always get executed under the specified user.
As an additional security measure, the dispatcher on agent side
checks the ownership of installed remote alert handlers, and refuses to execute
non-root owned handlers when called via SSH with root rights.
[//]: # (werk v2)
# Change default setting for usage to use community translated languages
key | value
---------- | ---
date | 2024-03-13T14:44:24+00:00
version | 2.4.0b1
class | feature
edition | cre
component | multisite
level | 1
compatible | yes
The default setting for "Enable community translated languages" was previously disabled.
It is now enabled by default.
The names of the community translated languages have also been changed.
[//]: # (werk v2)
# Robotmk: Add Inventory
key | value
---------- | ---
date | 2024-03-13T10:26:52+00:00
version | 2.4.0b1
class | feature
edition | cee
component | checks
level | 1
compatible | yes
This Werks adds a HW/SW inventory for Robotmk. The content is under active development.