ID: 0165
Title: ups checks now supports also GE devices (Thanks to Andy Taylor)
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i3
Thanks to a patch from Andy Taylor, our ups checks now supporting devcies from GE.
ID: 0927
Title: windows agent: now able to evaluate logfiles written in unicode (2 bytes per character)
Component: Checks & Agents
Level: 2
Class: New Feature
Version: 1.2.5i3
The windows agent was unable to process logfiles which were written as unicode. Those files
had binary zeros every other byte, rendering the normal "readline" logfile processing useless.<br>
The agent can now read unicode files correctly, convert each line to a multibyte representation
(most of the time it is only a single byte) and apply the configured logfile patterns accordingly.
ID: 0164
Title: symantec_av_progstate,symantec_av_quarantine, symantec_av_updates: New checks for Symantec Anti Virus on Linux
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i3
ID: 0163
Title: kaspersky_av_quarantine,kaspersky_av_tasks,kaspersky_av_updates: New checks for kaspersky anti virus on linux
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i3
ID: 0926
Title: windows agent: local / plugin scripts now get the REMOTE_HOST as environment variable
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i3
ID: 0925
Title: ps: improved/fixed calculation of CPU utilization
Component: Checks & Agents
Level: 2
Class: New Feature
Version: 1.2.5i3
Previously, the CPU utilization value was taken from the output <tt>pcpu</tt> from
the ps command. This value didn't reflect the exact utilization since the last check
because its definition is <br>
<pre>
CPU usage is currently expressed as the percentage of time spent running
during the entire lifetime of a process. This is not ideal, and it does not
conform to the standards that ps otherwise conforms to. CPU usage is
unlikely to add up to exactly 100%.
</pre>
The evaluation of the <tt>pcpu</tt> field has been removed and got replaced
by the field <tt>cputime</tt>, which reflects the number of cpu seconds since program start.
With the <tt>cputime</tt> we are able to determine the correct value.
To utilize this new calculation method, you need to update the check_mk_agent on the target host.
The ps check itself is able to handle both formats, <tt>pcpu</tt> and <tt>cputime</tt>.
ID: 0978
Title: Fix security issue with mk-job on Linux
Component: Checks & Agents
Level: 2
Class: Incompatible Change
Version: 1.2.5i3
By use of symlinks or hardlinks normal users could inject files to be read
with root permissions. This was due to the fact that <tt>/var/lib/check_mk_agent/job</tt>
was installed with the permissions <tt>1777</tt>, just as <tt>/tmp</tt>. That way
a normal user could have placed a symlink to a file there that is only readable
by <tt>root</tt>. The content of that file would then appear in the agent output.
This has been fixed by not longer using <tt>/var/lib/check_mk_agent/job</tt> directly,
but by creating a separate subdirectory below that for each user. This is done by
a new version of <tt>/usr/bin/mk-job</tt>, so please make sure that if you update
the agent that you also update <tt>mk-job</tt>.
Also you now have to create job subdirectories for non-<tt>root</tt> jobs manually.
If you have a job running as user <tt>foo</tt>, then do:
C+:
RP:mkdir -p /var/lib/check_mk_agent/job
RP:chown foo.foo /var/lib/check_mk_agent/job
C-:
If you update the Check_MK Agent with RPMs/DEB from the new agent bakery or by
an RPM/DEB created from the source code with <tt>make rpm</tt> or <tt>make deb</tt>
then the permissions of <tt>/var/lib/check_mk_agent/job</tt> are automatically
fixed.
If you have installed the agent manually then please make sure that the permissions
of the job directory are set properly:
C+:
RP:chmod 755 /var/lib/check_mk_agent/job
C-:
ID: 0978
Title: Fix security issue with mk-job on Linux
Component: Checks & Agents
Level: 2
Class: Incompatible Change
Version: 1.2.5i3
By use of symlinks or hardlinks normal users could inject files to be read
with root permissions. This was due to the fact that <tt>/var/lib/check_mk_agent/job</tt>
was installed with the permissions <tt>1777</tt>, just as <tt>/tmp</tt>. That way
a normal user could have placed a symlink to a file there that is only readable
by <tt>root</tt>. The content of that file would then appear in the agent output.
This has been fixed by not longer using <tt>/var/lib/check_mk_agent/job</tt> directly,
but by creating a separate subdirectory below that for each user. This is done by
a new version of <tt>/usr/bin/mk-job</tt>, so please make sure that if you update
the agent that you also update <tt>mk-job</tt>.
Also you now have to create job subdirectories for non-<tt>root</tt> jobs manually.
If you have a job running as user <tt>foo</tt>, then do:
C+:
RP:mkdir -p /var/lib/check_mk_agent/job
RP:chown foo.foo /var/lib/check_mk_agent/job
C-:
ID: 0960
Title: libelle_business_shadow.archive_dir: New check for the Archive Dir of Libelle Business Shadow
Component: Checks & Agents
Level: 1
Class: New Feature
Version: 1.2.5i3
checks the total / used capacity