ID: 4683
Title: New permission: Clear audit log
Component: WATO
Level: 1
Class: New feature
Version: 1.5.0i1
With this new permission you can configure read only access to the audit log to
users.
ID: 4661
Title: msexch_isstore, msexch_isclienttype: Split up check files. Second one needs its own check plugin file if using Nagios core
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.5.0i1
This incompatible change relates only to Check_MK installations using
Nagios core. In this case please perform a re-discovery on affected hosts.
ID: 4682
Title: Add permission "Can add or modify executables" to be able to fine tune access rights
Component: WATO
Level: 1
Class: Security fix
Version: 1.5.0i1
It is now possible to explicitly allow/deny users of WATO to add or modify executables.
This done with the new permission <i>Can add or modify executables</i>. By default
only users with the role <i>Administrator</i> have this permission.
There are different places in Check_MK where an admin, the user of the configuration
GUI, can use the GUI to add executable code to Check_MK.
For example when configuring datasource programs, the user inserts a command line for
gathering monitoring data. This command line is then executed during monitoring by
Check_MK.
Another example is the upload of extension packages (MKPs).
These functions have in common that the user provides data that is executed by Check_MK
later in the context of Check_MK.
If you want to ensure that your WATO users can not "inject" arbitrary executables
into your Check_MK installation, you only need to revoke this permission.
This permission is needed in addition to the other component related permissions.
For example you need the <tt>wato.rulesets</tt> permission together with the new
permission to be able to configure rulesets where bare command lines are configured.
These things are protected by the new permission at the moment:
<ul>
<li>Ruleset: Classical active and passive monitoring checks</li>
<li>Ruleset: Datasource programs</li>
<li>Ruleset: Configuring custom host check command</li>
<li>Host diagnostic page: Setting arbritary command line as datasource program</li>
<li>Configure event console actions</li>
<li>
<strong>Incompatible</strong>: User with the role <i>Users</i> are allowed to edit rulesets
for the WATO folders they are permitted on. In previous versions they were also able to
insert arbitrary commands into the rulesets mentioned above. This has now been removed
(by default) for security reasons. If you still need this functionality, you need to
set the new permission to <i>yes</i> for this role.
ID: 4660
Title: win_os: Fixed wrong OS information if eg. ESX is installed on Windows host
Component: HW/SW Inventory
Level: 1
Class: Bug fix
Version: 1.5.0i1
ID: 4658
Title: Fixed permissions in BI packs using rules from other packs
Component: BI
Level: 1
Class: Bug fix
Version: 1.5.0i1
If users use rules with node rules from other BI packs for which they have
no permissions, these parent rules could be damaged by editing them. Now they
get an error message and editing is not allowed any more.
ID: 4698
Title: netapp_api_volumes: Changed service description for clustermode volumes
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.5.0i1
The service description for clustermode volumes now always consists of the SVM name and the
volume name. The old description used the node name and the volume name, which was not sufficient
to uniquely identify the volume.