[//]: # (werk v2)
# USV UPS: discover devices with .1.3.6.1.4.1.43943 as sysObjectID
key | value
---------- | ---
date | 2024-09-04T15:40:34+00:00
version | 2.3.0p15
class | feature
edition | cre
component | checks
level | 1
compatible | yes
USV UPSs use OID .1.3.6.1.4.1.43943 as sysObjectID. These devices are currently not discovered or
monitored. This has now been changed and they will be discovered.
[//]: # (werk v2)
# Support Diagnostics: More detailled list of site's files
key | value
---------- | ---
date | 2024-09-04T08:33:23+00:00
version | 2.3.0p15
class | feature
edition | cre
component | wato
level | 1
compatible | yes
The file "filesize.csv" contains a list of all files insided a site. It is always included in the dump.
From now on, it has additional columns:
Before:
* size
* file path
Now:
* size (in Bytes)
* file path
* owner
* group
* mode (the file's access rights)
* changed (the date/time of the last content change)
[//]: # (werk v2)
# Support Diagnostics: Include information about the Checkmk Appliance
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-08-30T11:26:26+00:00
level | 1
class | feature
component | wato
edition | cre
The Support Diagnostics dump now contains information about the Checkmk Appliance, when it's
used on an Appliance.
This includes the model and product name of the hardware, and the version of the installed firmware.
[//]: # (werk v2)
# USV UPS: discover devices with .1.3.6.1.4.1.43943 as sysObjectID
key | value
---------- | ---
date | 2024-09-04T15:40:34+00:00
version | 2.4.0b1
class | feature
edition | cre
component | checks
level | 1
compatible | yes
USV UPSs use OID .1.3.6.1.4.1.43943 as sysObjectID. These devices are currently not discovered or
monitored. This has now been changed and they will be discovered.
[//]: # (werk v2)
# Support Diagnostics: More detailled list of site's files
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-09-04T08:33:23+00:00
level | 1
class | feature
component | wato
edition | cre
The file "filesize.csv" contains a list of all files insided a site. It is always included in the dump.
From now on, it has additional columns:
Before:
* size
* file path
Now:
* size (in Bytes)
* file path
* owner
* group
* mode (the file's access rights)
* changed (the date/time of the last content change)
[//]: # (werk v2)
# agent_kube: requests.SSLError raised on connection using self signed certificates
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-09-02T12:01:17+00:00
level | 1
class | fix
component | checks
edition | cre
Newer versions of `requests` don't take `REQUESTS_CA_BUNDLE` into account, resulting in
```
requests.exceptions.SSLError: \
HTTPSConnectionPool(host='<collector>', port=443): \
Max retries exceeded with url: \
/metadata (Caused by SSLError( \
SSLCertVerificationError(1, \
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: \
self signed certificate in certificate chain (_ssl.c:1006)')))
```
being raised if running `agent_kube` against instances using self signed certificates.
This change invokes `session.merge_environment_settings()` to take `REQUESTS_CA_BUNDLE` into
account again.
See
[GitHub: 2807: Use merge_environment_settings method in sessions.send method](https://github.com/psf/requests/issues/2807)
and
[GitHub: 3626: HTTP Proxy with prepared request (honouring env. var.)](https://github.com/psf/requests/issues/3626)
Title: Persist known host keys for checks that use SSH
Class: security
Compatible: compat
Component: checks
Date: 1724662564
Edition: cre
Level: 1
Version: 2.1.0p48
When using the special agent <em>VNX quotas and filesystems</em> or the active check <em>Check SFTP Service</em> the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular <code>known_hosts</code> file is used that is stored in <code>/omd/sites/$SITENAME/.ssh/known_hosts</code>.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.
Title: Persist known host keys for checks that use SSH
Class: security
Compatible: compat
Component: checks
Date: 1724662564
Edition: cre
Level: 1
Version: 2.2.0p33
When using the special agent <em>VNX quotas and filesystems</em> or the active check <em>Check SFTP Service</em> the host keys were not properly checked.
If an attacker would get into a machine-in-the-middle position he could intercept the connection and retrieve information e.g. passwords.
As of this Werk the host key check is properly done.
In order to store known host keys a regular <code>known_hosts</code> file is used that is stored in <code>/omd/sites/$SITENAME/.ssh/known_hosts</code>.
If a host key changes an error is now raised that requires manual edit of this file.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 6.3 Medium CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N and assigned CVE-2024-6572.