Checkmk werks level1 August 2024

checkmk-werks-lvl1@lists.checkmk.com

1 participants
228 discussions

[2.2.0] Checkmk Werk 16710 created: Better handling of notification result in case of timeout

by Checkmk werks level 1

Title: Better handling of notification result in case of timeout Class: fix Compatible: compat Component: notifications Date: 1717580562 Edition: cre Level: 1 Version: 2.2.0p33 Werk #16707 added useful log information to failed notifications in case of a timeout. In some cases, this log contained also script output. We now show the timeout message within "Summary" of the notification result and, if available, the last output of the notification plugin followed by the timeout message within the "Comment" column. Both are separated by "--".

3 weeks

[2.2.0] Checkmk Werk 17161 created: Fix link of "Open this Aggregation"

by Checkmk werks level 1

Title: Fix link of "Open this Aggregation" Class: fix Compatible: compat Component: multisite Date: 1723468942 Edition: cre Level: 1 Version: 2.2.0p33 If you used the option "Open this Aggregation" in the burger menu of a check based on "Check State of BI Aggregation", the link lead to a none existing page.

3 weeks

[2.2.0] Checkmk Werk 16615 adapted: Remove websphere_mq plugin

by Checkmk werks level 1

Werk 16615 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: Remove websphere_mq plugin Class: security Compatible: incomp Component: checks Date: 1710155388 Edition: cre Level: 1 Version: 2.2.0p26 With this Werk the <code>websphere_mq</code> plugin is removed for security reasons. In this plugin the output of <code>ps</code> is used to determine an argument for <code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary command line could manipulate one argument to <code>runmqsc</code>. The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0. Since this plugin is already deprecated and it was not configurable via the agent bakery we assumed that this plugin is not frequently used. Therefore we decided to not fix the issue but to push the removal. We found this vulnerability internally. Affected versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: Migrate to the <code>ibm_mq</code> plugin. Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>. We assigned CVE-2024-3367 to this vulnerability. Changes: The plugin was removed. ------------------------------------<diff>------------------------------------------- Title: Remove websphere_mq plugin Class: security - Compatible: compat ? -- + Compatible: incomp ? ++ Component: checks Date: 1710155388 Edition: cre Level: 1 Version: 2.2.0p26 With this Werk the <code>websphere_mq</code> plugin is removed for security reasons. In this plugin the output of <code>ps</code> is used to determine an argument for <code>runmqsc</code>. This meant that anybody who can launch processes with an arbitrary command line could manipulate one argument to <code>runmqsc</code>. The plugin was already superseded by the agent plugin <code>ibm_mq</code> and deprecated with Werk <a href="https://checkmk.com/werk/10752">10752</a> and version 2.0.0. Since this plugin is already deprecated and it was not configurable via the agent bakery we assumed that this plugin is not frequently used. Therefore we decided to not fix the issue but to push the removal. We found this vulnerability internally. Affected versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 LI: 2.0.0 Mitigations: Migrate to the <code>ibm_mq</code> plugin. Vulnerability Management: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N</code>. We assigned CVE-2024-3367 to this vulnerability. Changes: The plugin was removed.

3 weeks

[2.2.0] Checkmk Werk 17160 created: Opsgenie: Better error handling

by Checkmk werks level 1

Title: Opsgenie: Better error handling Class: fix Compatible: compat Component: notifications Date: 1723465965 Edition: cre Level: 1 Version: 2.2.0p33 In earlier versions some errors (like authentication failures) lead to a traceback. Errors should be shown in a better way now.

3 weeks

[2.2.0] Checkmk Werk 17188 created: Check Point plug-ins: increase detection sensitivity

by Checkmk werks level 1

Title: Check Point plug-ins: increase detection sensitivity Class: fix Compatible: compat Component: checks Date: 1723122722 Edition: cre Level: 1 Version: 2.2.0p32 Some Check Point devices have not been discovered as expected. We now additionally consider all devices where the system object identifier points to Check Points enterprise SNMP tree ".1.3.6.1.4.1.2620".

3 weeks

[2.2.0] Checkmk Werk 16866 created: azure: Handle Azure API rate limit

by Checkmk werks level 1

Title: azure: Handle Azure API rate limit Class: fix Compatible: compat Component: checks Date: 1723021006 Edition: cre Level: 1 Version: 2.2.0p32 After the changes in Azure API rate limits, the Azure agent requests to the API were getting throttled for the big Azure environments. This fix introduces handling for throttled requests. If the rate limit is reached, the agent will repeat the request after 5 s. If it fails again, the agent will repeat the request after another 10 s. Additionally, the default limits for 'Lower levels for remaining API reads' in the 'Azure Agent Info' monitoring rule are removed.

3 weeks

[2.2.0] Checkmk Werk 16772 created: brocade_fcport: fix operating speed conversion

by Checkmk werks level 1

Title: brocade_fcport: fix operating speed conversion Class: fix Compatible: compat Component: checks Date: 1720516941 Edition: cre Level: 1 Version: 2.2.0p32 This werk affects anyone monitoring Brocade fibre channel ports by comparing current or average throughput to certain absolute or percentage levels via the Brocade FibreChannel ports rule. In the plugin the current operating speed of the interface, read from the SNMP interface data, was not properly converted to GByte/s, the unit of measurement displayed in the interface. This resulted in an erroneous comparison of values and the related service states.

3 weeks

[2.2.0] Checkmk Werk 17229 created: CPU utilization checking: Alert if utilization is exactly at threshold for too long

by Checkmk werks level 1

Title: CPU utilization checking: Alert if utilization is exactly at threshold for too long Class: fix Compatible: compat Component: checks Date: 1723014220 Edition: cre Level: 1 Version: 2.2.0p32 Many CPU utilization checks can be configured to alert if the utilization is too high for too long (configuration options Levels over an extended time period on total CPU utilization and Levels over an extended time period on a single core CPU utilization). Before, Checkmk alerted only if the utilization was above the threshold for too long. As of this werk, Checkmk alerts if the utilization is above or exactly at the threshold for too long. This is consistent with the general behavior of Checkmk to check against upper thresholds with a "greater than or equal to" operation.

3 weeks

[2.2.0] Checkmk Werk 16249 created: mk_informix: Follow up for Werk 16198

by Checkmk werks level 1

Title: mk_informix: Follow up for Werk 16198 Class: security Compatible: compat Component: checks Date: 1721978318 Edition: cre Level: 1 Version: 2.2.0p32 <a href="https://checkmk.com/werk/16198">Werk #16198</a> addressed potential priviledge escalation by the agent plugin <code>mk_informix</code>. However, a few callsites to the binaries <code>dbaccess</code> and <code>onstat</code> where missing the safe execution. Those binaries are now also called in a safe way. Vulnerability Management: We have rated the issue with a CVSS Score of 5.2 (Medium) with the following CVSS vector: <code>CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H</code> and assigned CVE <code>CVE-2024-28829</code>.

3 weeks

[2.2.0] Checkmk Werk 16887 created: mk_job: MK_VARDIR defaults not being set in bakery

by Checkmk werks level 1

Title: mk_job: MK_VARDIR defaults not being set in bakery Class: fix Compatible: compat Component: checks Date: 1721972847 Edition: cre Level: 1 Version: 2.2.0p32 Due to a different way to set in <code>MK_VARDIR</code> in <code>mk_job</code>, default values would not be baked into <code>mk_job</code> and derivates. This change adds a replacement rule for the way <code>MK_VARDIR</code> gets assigned in <code>mk_job</code> and also separates assignment and export in order to avoid known problems with Solaris.

3 weeks

← Newer
1
2
3
4
5
6
7
8
9
...
23
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 August 2024