Checkmk werks level1 April 2024

checkmk-werks-lvl1@lists.checkmk.com

1 participants
306 discussions

[2.2.0] Checkmk Werk 15331 adapted: postgres_stat_database_size: Don't discover 'access_to_shared_objects'

by Checkmk werks level 1

Werk 15331 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: postgres_stat_database_size: Don't discover 'access_to_shared_objects' Class: fix Compatible: incomp Component: checks Date: 1713251421 Edition: cre Level: 1 Version: 2.2.0p26 Checkmk discovered Services like "PostgreSQL DB MAIN/access_to_shared_objects Size" but the Services only showed "Database size not available" and a WARN status. Those Services are no longer discovered. ------------------------------------<diff>------------------------------------------- Title: postgres_stat_database_size: Don't discover 'access_to_shared_objects' Class: fix Compatible: incomp Component: checks Date: 1713251421 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ Checkmk discovered Services like "PostgreSQL DB MAIN/access_to_shared_objects Size" but the Services only showed "Database size not available" and a WARN status. Those Services are no longer discovered.

5 months

[2.2.0] Checkmk Werk 15321 adapted: Fix "State if specific check plugins receive no monitoring data" of Rule "Status of the Checkmk service"

by Checkmk werks level 1

Werk 15321 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Fix "State if specific check plugins receive no monitoring data" of Rule "Status of the Checkmk service" Class: fix Compatible: compat Component: checks Date: 1706532543 Edition: cre Level: 1 Version: 2.2.0p26 Rule "Status of the Checkmk service" provides a setting called "State if specific check plugins receive no monitoring data" where you can specify a regular expression to match specific check plugins, and assign a status for the "Check_MK" service if this check plugins receives no data. The feature did work correctly if you specified a Status worse than "WARN". But the "Check_MK" service went to "WARN" even if there was an rule to set the status to "OK" if the specific section did not receive any data. This is fixed now. ------------------------------------<diff>------------------------------------------- Title: Fix "State if specific check plugins receive no monitoring data" of Rule "Status of the Checkmk service" Class: fix Compatible: compat Component: checks Date: 1706532543 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ Rule "Status of the Checkmk service" provides a setting called "State if specific check plugins receive no monitoring data" where you can specify a regular expression to match specific check plugins, and assign a status for the "Check_MK" service if this check plugins receives no data. The feature did work correctly if you specified a Status worse than "WARN". But the "Check_MK" service went to "WARN" even if there was an rule to set the status to "OK" if the specific section did not receive any data. This is fixed now.

5 months

[2.2.0] Checkmk Werk 15332 adapted: Inventory: Add Windows support for Hardware > System > Uuid

by Checkmk werks level 1

Werk 15332 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Inventory: Add Windows support for Hardware > System > Uuid Class: feature Compatible: compat Component: inv Date: 1713272987 Edition: cre Level: 1 Version: 2.2.0p26 This element is already available for Linux, now the windows agent also supports reading this value. You have to update <code>mk_inventory.vbs</code> on the monitored host, to provide the necessary data. ------------------------------------<diff>------------------------------------------- Title: Inventory: Add Windows support for Hardware > System > Uuid Class: feature Compatible: compat Component: inv Date: 1713272987 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ This element is already available for Linux, now the windows agent also supports reading this value. You have to update <code>mk_inventory.vbs</code> on the monitored host, to provide the necessary data.

5 months

[2.2.0] Checkmk Werk 15198 adapted: Brute-force protection ineffective for some login methods

by Checkmk werks level 1

Werk 15198 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Brute-force protection ineffective for some login methods Class: security Compatible: compat Component: wato Date: 1712665452 Edition: cre Level: 1 Version: 2.2.0p26 Prior to this Werk, the mechanism to lock user accounts after too many failed login attempts was only effective for the web form login method. Login attempts via the REST API and basic authentication did not count towards the lockout mechanism. As a result, an attacker could try to brute-force user passwords without triggering the lockout mechanism. This Werk adds the same locking mechanism to login via the REST API and basic authentication for human user accounts. Note that automation accounts are remain unaffected by the lockout mechanism to avoid having them locked by malicious intent. It is therefore important to use long, random automation secrets. This issue was found during internal review. Affected Versions: LI: 2.3.0 (beta) LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL) Mitigations: If updating is not possible, the brute-force attempts can be hindered by using a strong password policy. Vulnerability Management: We have rated the issue with a CVSS Score of 5.9 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</code> and assigned CVE <code>CVE-2024-28825</code>. ------------------------------------<diff>------------------------------------------- Title: Brute-force protection ineffective for some login methods Class: security Compatible: compat Component: wato Date: 1712665452 Edition: cre Level: 1 - Version: 2.2.0p25 ? ^ + Version: 2.2.0p26 ? ^ Prior to this Werk, the mechanism to lock user accounts after too many failed login attempts was only effective for the web form login method. Login attempts via the REST API and basic authentication did not count towards the lockout mechanism. As a result, an attacker could try to brute-force user passwords without triggering the lockout mechanism. This Werk adds the same locking mechanism to login via the REST API and basic authentication for human user accounts. Note that automation accounts are remain unaffected by the lockout mechanism to avoid having them locked by malicious intent. It is therefore important to use long, random automation secrets. This issue was found during internal review. Affected Versions: LI: 2.3.0 (beta) LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL) Mitigations: If updating is not possible, the brute-force attempts can be hindered by using a strong password policy. Vulnerability Management: We have rated the issue with a CVSS Score of 5.9 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</code> and assigned CVE <code>CVE-2024-28825</code>.

5 months

[2.2.0] Checkmk Werk 16799 created: Custom & forecast graphs: More descriptive error messages in case of missing user input when configuring metrics

by Checkmk werks level 1

Title: Custom & forecast graphs: More descriptive error messages in case of missing user input when configuring metrics Class: fix Compatible: compat Component: metrics Date: 1713524269 Edition: cee Level: 1 Version: 2.2.0p26 When configuring the metrics rendered in custom and forecast graphs, users have to select a host, a service and a metric. Previously, if any of these fields were missing, the Checkmk UI displayed the message "Cannot calculate graph recipes" and an uninformative traceback. As of this werk, the UI instead displays a descriptive error message.

5 months

[2.4.0] Checkmk Werk 16689 created: Decommission legacy check API

by Checkmk werks level 1

[//]: # (werk v2) # Decommission legacy check API key | value ---------- | --- date | 2024-04-17T06:27:51+00:00 version | 2.4.0b1 class | feature edition | cre component | checks level | 1 compatible | no This werk only affects users and maintainers of custom check plugins developed against the API that was replaced in Checkmk 2.0.0. The old API for the plugins residing in `local/share/check_mk/checks` will no longer be stable in Checkmk version 2.3. Plugins not maintained by Checkmk will almost certainly be incompatible and therefore ignored. Compatible plugins _will_ be considered, but the notion of what constitutes a compatible plugin may change any time. As of Checkmk version 2.2 plugins in that folder generated a warning on the commandline and resulted in an "Analyze Configuration" test issueing a WARNING. We now escalate this to CRITICAL. Incompatible plugins are reported during `omd update`. If you maintian such plugins, please migrate them to the new API before upgrading to Checkmk 2.3. You can find a blog post on how to migrate these plugins [here](https://checkmk.com/blog/migrating-check-plug-ins-to-checkmk-2-0). A comprehensive guide on how to write plugins is found [in our documentation](https://docs.checkmk.com/2.3.0-beta/en/devel_check_plugins.h…. Please also refer to the APIs documentation found in your site (Help -> Check plugin API reference). Commandline call plugins for special agents and active checks in this folder will still work, but we provide a new API for those as well now (see [Werk #16259](https://checkmk.com/werk/16259)). They will stop working in Checkmk 2.4.

5 months

[2.4.0] Checkmk Werk 16799 created: Custom & forecast graphs: More descriptive error messages in case of missing user input when configuring metrics

by Checkmk werks level 1

[//]: # (werk v2) # Custom & forecast graphs: More descriptive error messages in case of missing user input when configuring metrics key | value ---------- | --- date | 2024-04-19T10:57:49+00:00 version | 2.4.0b1 class | fix edition | cee component | metrics level | 1 compatible | yes When configuring the metrics rendered in custom and forecast graphs, users have to select a host, a service and a metric. Previously, if any of these fields were missing, the Checkmk UI displayed the message "Cannot calculate graph recipes" and an uninformative traceback. As of this werk, the UI instead displays a descriptive error message.

5 months

[2.1.0] Checkmk Werk 16424 created: omd start redis: Don't Start If Process Already Running

by Checkmk werks level 1

Title: omd start redis: Don't Start If Process Already Running Class: fix Compatible: compat Component: omd Date: 1713456408 Edition: cre Level: 1 Version: 2.1.0p42 With this Werk, <code>omd start</code> will no longer create a new redis process if redis is already started. This aligns the behaviour with the other services of a site.

5 months

[2.1.0] Checkmk Werk 15198 created: Brute-force protection ineffective for some login methods

by Checkmk werks level 1

Title: Brute-force protection ineffective for some login methods Class: security Compatible: compat Component: wato Date: 1712665452 Edition: cre Level: 1 Version: 2.1.0p42 Prior to this Werk, the mechanism to lock user accounts after too many failed login attempts was only effective for the web form login method. Login attempts via the REST API and basic authentication did not count towards the lockout mechanism. As a result, an attacker could try to brute-force user passwords without triggering the lockout mechanism. This Werk adds the same locking mechanism to login via the REST API and basic authentication for human user accounts. Note that automation accounts are remain unaffected by the lockout mechanism to avoid having them locked by malicious intent. It is therefore important to use long, random automation secrets. This issue was found during internal review. Affected Versions: LI: 2.3.0 (beta) LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 (EOL) Mitigations: If updating is not possible, the brute-force attempts can be hindered by using a strong password policy. Vulnerability Management: We have rated the issue with a CVSS Score of 5.9 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</code> and assigned CVE <code>CVE-2024-28825</code>.

5 months

[2.2.0] Checkmk Werk 16424 created: omd start redis: Don't Start If Process Already Running

by Checkmk werks level 1

Title: omd start redis: Don't Start If Process Already Running Class: fix Compatible: compat Component: omd Date: 1713456408 Edition: cre Level: 1 Version: 2.2.0p25 With this Werk, <code>omd start</code> will no longer create a new redis process if redis is already started. This aligns the behaviour with the other services of a site.

5 months

← Newer
1
...
15
16
17
18
19
20
21
...
31
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 April 2024