[//]: # (werk v2)
# service_discovery/bulk_discovery: reformulate documentation for mode option
key | value
---------- | ---
date | 2024-03-12T10:32:47+00:00
version | 2.3.0b3
class | fix
edition | cre
component | rest-api
level | 1
compatible | yes
Previously, the single service discovery and the bulk discovery shared the same
documentation for the mode field. This covers the use cases for the bulk discovery
to a certain degree. This werk fixes this. In addition, this werk also
resolves previously non working modes 'fix_all' and 'tabula_rasa'.
[//]: # (werk v2)
# Make LDAP connection test errors more explicit
key | value
---------- | ---
compatible | yes
version | 2.3.0b3
date | 2024-03-07T16:34:41+00:00
level | 1
class | feature
component | wato
edition | cre
The LDAP connection test does not give enough information
about which DN configured results in an error.
This werk adds identifying information for the DN to the
error message to make it easier to identify the problem.
[//]: # (werk v2)
# Cisco Meraki: Levels for last reported time of devices is now configurable
key | value
---------- | ---
date | 2024-03-13T15:52:30+00:00
version | 2.3.0b3
class | feature
edition | cre
component | checks
level | 1
compatible | yes
[//]: # (werk v2)
# Linux remote alert handlers not running under non-root user
key | value
---------- | ---
date | 2024-03-12T09:14:38+00:00
version | 2.3.0b3
class | fix
edition | cee
component | agents
level | 1
compatible | yes
In the ruleset *Remote alert handlers (Linux)*, you have to specify
a user under that the remote alert handler will be executed on agent side.
This user is set to *root* by default, but it's possible to choose
an arbitrary user.
But, when choosing a non-root user, the alert handlers previously
failed to execute, because the handler files got deployed with root-ownership
and were not readable by others.
To fix the problem, the ownership of the files now get changed to the specified
user.
Security note:
In general, it's important that all internal files of the Checkmk
agent have root ownership, as they might be read/executed by the Checkmk agent
under root.
However, this is not the case for remote alert handlers, as they
always get executed under the specified user.
As an additional security measure, the dispatcher on agent side
checks the ownership of installed remote alert handlers, and refuses to execute
non-root owned handlers when called via SSH with root rights.
[//]: # (werk v2)
# Ignore CAs with negative serial numbers
key | value
---------- | ---
date | 2024-03-11T10:43:27+00:00
version | 2.3.0b3
class | fix
edition | cre
component | core
level | 1
compatible | no
When Checkmk is configured to *Trust system wide configured CAs* the system CA store is traversed and the certificates are added to the trusted CAs.
With RFC 5280 certificate serial numbers are required to be positive. Unfortunately there are CA certificates out from before this RFC and the might contain negative serial numbers.
One we encountered several times while testing is:
commonName = EC-ACC
organizationalUnitName = Jerarquia Entitats de Certificacio Catalanes
organizationalUnitName = Vegeu https://www.catcert.net/verarrel (c)03
organizationalUnitName = Serveis Publics de Certificacio
organizationName = Agencia Catalana de Certificacio (NIF Q-0801176-I)
countryName = ES
Our underlying library we use for handling certificates announced to no longer support certificates with negative serial numbers in one of the next versions. Therefore we decided to ignore certificates with negative serial numbers so we can update this library during the lifetime of this Checkmk release without changing this behaviour.
Since the mentioned `EC-ACC` certificate was encountered multiple times during testing and is not widely used the fact that this certificate was encountered and is ignored is NOT logged.
If you use certificates issued by CA certificates with negative serial numbers you can add them manually to your list of trusted certificates via the UI.
This might cause warnings appearing in console outputs and in logfiles and may stop to work in the future.
[//]: # (werk v2)
# Change default setting for usage to use community translated languages
key | value
---------- | ---
date | 2024-03-13T14:44:24+00:00
version | 2.3.0b3
class | feature
edition | cre
component | multisite
level | 1
compatible | yes
The default setting for "Enable community translated languages" was previously disabled.
It is now enabled by default.
The names of the community translated languages have also been changed.
[//]: # (werk v2)
# jolokia metrics: restores 'default product' behavior
key | value
---------- | ---
date | 2024-03-11T13:50:14+00:00
version | 2.3.0b3
class | fix
edition | cre
component | checks
level | 1
compatible | yes
The check plugin no longer showed any metrics if a product was not specified in the ruleset configuration.
This werk restores the original behaviour, using as a default product the one reported in the info section of the agent output.
[//]: # (werk v2)
# Change default OS dashboards "Linux hosts" and "Windows hosts"
key | value
---------- | ---
date | 2024-03-12T07:58:50+00:00
version | 2.3.0b3
class | feature
edition | cee
component | multisite
level | 1
compatible | yes
We change the default dashboards "Linux hosts" and "Windows hosts" (Monitor > Overview) to a new layout and partly to new dashboard elements.
This change shall improve user experience and provide the most relevant Linux/Windows host information on these boards.
[//]: # (werk v2)
# Ruleset API: Help text for SimpleLevels, Levels
key | value
---------- | ---
date | 2024-03-13T09:20:05+00:00
version | 2.3.0b3
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Previously the help text configured for SimpleLevels and Levels was not shown in the UI, this is now fixed.