From checkmk-werks-lvl1@lists.checkmk.com Wed Apr 17 12:57:28 2024 From: Checkmk werks level 1 To: checkmk-werks-lvl1@lists.checkmk.com Subject: [2.2.0] Checkmk Werk 15843 adapted: mk_oracle(ps1): Follow-up to privilege escalation fix Date: Wed, 17 Apr 2024 12:57:27 +0000 Message-ID: <1713358647.154671.1058.nullmailer@localhost> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4098573138288413549==" --===============4098573138288413549== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Werk 15843 was adapted. The following is the new Werk, a diff is shown at the= end of the message. Title: mk_oracle(ps1): Follow-up to privilege escalation fix Class: fix Compatible: incomp Component: checks Date: 1712314947 Edition: cre Level: 2 Version: 2.2.0p25 You might be affected by this Werk if you use mk_oracle on Windows. Werk Werk #16232 introduced a = regression, thereby disrupting Oracle monitoring on Windows. This Werk addresses above mentioned issue that affects versions 2.1.0p41,=20 2.2.0p24, and 2.3.0b4. Since this release, Oracle monitoring on Windows is fully supported under either of the following conditions: 1. The monitoring is performed using an account without administrator rights. 2. Specific Oracle executable binaries =E2=80=94 namely, sqlplus.exe, tnsping.exe and, if presented, crsctl.exe - are not modifia= ble by non-admin users. If you are still unable to monitor Oracle, for example, you can't use an unprivileged account for monitoring and changing of permission is not possibl= e, consider one of the following actions: 1. Enable Run as local group for group Administrators in Run plugins and local checks using non-system account ruleset. 2. Adjust Oracle Binaries Permissions Check settings in ORACLE = databases (Linux, Solaris, AIX, Windows) ruleset. More information about can be found at here. -----------------------------------------------------------------------= -------- Title: mk_oracle(ps1): Follow-up to privilege escalation fix Class: fix Compatible: incomp Component: checks Date: 1712314947 Edition: cre Level: 2 Version: 2.2.0p25 =20 You might be affected by this Werk if you use mk_oracle on Windows. =20 Werk Werk #16232 introduced = a=20 regression, thereby disrupting Oracle monitoring on Windows. =20 This Werk addresses above mentioned issue that affects versions 2.1.0p41,=20 2.2.0p24, and 2.3.0b4. =20 - Since this release, Oracle monitoring on Windows is fully supported under=20 ? - + Since this release, Oracle monitoring on Windows is fully supported under - condition you use an account without administrator rights or the certain=20 - executable binaries, sqlplus.exe, tnsping.exe and, if=20 - presented, crsctl.exe are write-protected, with the possible=20 - exception being the Administrator. + either of the following conditions: + 1. The monitoring is performed using an account without administrator right= s. + 2. Specific Oracle executable binaries =E2=80=94 namely, sqlplus.exe, + tnsping.exe and, if presented, crsctl.exe - are not modif= iable + by non-admin users. =20 - If you are unable or prefer not to use an unprivileged account then you may= =20 - need to adjust permissions for above mentioned binaries: remove Write,=20 - Full Control and Modify permissions for any non-Administr= ator=20 - user and group. + If you are still unable to monitor Oracle, for example, you can't use an + unprivileged account for monitoring and changing of permission is not possi= ble, + consider one of the following actions: + 1. Enable Run as local group for group Administrators in + Run plugins and local checks using non-system account ruleset. + 2. Adjust Oracle Binaries Permissions Check settings in ORACL= E databases (Linux, + Solaris, AIX, Windows) ruleset. =20 More information about can be found at here. +=20 --===============4098573138288413549==--