[//]: # (werk v2)
# mk_oracle: Follow-up to privilege escalation fix
key | value
---------- | ---
compatible | no
version | 2.4.0b1
date | 2024-04-04T07:59:38+00:00
level | 2
class | fix
component | checks
edition | cre
You might be affected by this Werk if you use <tt>mk_oracle</tt> on a unix
system.
You might be affected by this Werk if you use oracle wallet to connect to your
database.
You are definitively affected by this Werk if you use oracle wallet to connect to your
database and used the instructions of our official documentation to setup your
configuration.
This Werk fixes connection problems introduced with 2.1.0p41, 2.2.0p24 and 2.3.0b4.
Since <a href="https://checkmk.com/werk/16232">Werk #16232</a> we switch to a
unprivileged user when executing oracle binaries. This causes problems when
using an oracle wallet as the unprivileged user might not be able to access
files defining the connection details and credentials.
We introduced an additional permission check to the <code>-t</code> "Just check
the connection" option of <code>mk_oracle</code>. It should help you modifying
the permissions to continue using <code>mk_oracle</code> with oracle wallet.
You can execute it with the following command:
<pre>
MK_CONFDIR=/etc/check_mk/ MK_VARDIR=/var/lib/check_mk_agent /usr/lib/check_mk_agent/plugins/mk_oracle --no-spool -t
</pre>
The path to mk_oracle might be different if you execute it asynchronously. For a
60 second interval the path would be <code>/usr/lib/check_mk_agent/plugins/60/mk_oracle</code>
The script will test permissions of the files needed to connect to the database. It boils down to the following:
<code>mk_oracle</code> will switch to the owner of
<code>$ORACLE_HOME/bin/sqlplus</code> before executing <code>sqlplus</code>. So
this user has to have the following permissions:
<ul>
<li>read <code>$TNS_ADMIN/sqlnet.ora</code></li>
<li>read <code>$TNS_ADMIN/tnsnames.ora</code></li>
<li>execute the wallet folder (<code>/etc/check_mk/oracle_wallet</code> if followed the official documentation)</li>
<li>read files inside the wallet folder (<code>/etc/check_mk/oracle_wallet/*</code> if followed the official documentation)</li>
</ul>
Beside that we also fixed some bash syntax errors we introduced with
<a href="https://checkmk.com/werk/16232">Werk #16232</a>.
See <a href="https://checkmk.atlassian.net/wiki/spaces/KB/pages/70582273/Troubleshooting…">Troubleshooting mk_oracle for Windows and Linux</a>
for more information about troubleshooting this problem.
[//]: # (werk v2)
# mk_oracle: report failed login
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-04-10T08:38:00+00:00
level | 1
class | fix
component | checks
edition | cre
Due to fixes introduced with
<a href="https://checkmk.com/werk/16234">Werk #16234</a> a failed login to the
oracle database was not reported as critical, but the services were going
stale. This is now fixed.
[//]: # (werk v2)
# Deprecate "Asynchronous execution of plug-ins" rule
key | value
---------- | ---
date | 2024-04-22T06:19:27+00:00
version | 2.4.0b1
class | fix
edition | cee
component | setup
level | 1
compatible | yes
Th rule "Asynchronous execution of plug-ins" has no affect on the execution of the scrips
therefore it is being deprecated.
This means it will eventually be removed in future versions.
[//]: # (werk v2)
# Re-enable inline SNMP for SNMPv1
key | value
---------- | ---
date | 2024-04-20T13:55:35+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Due to a memory leak in the underlying library, Checkmk was using the
'classic' SNMP backend for all SNMPv1 hosts regardless of the user
configuration.
This memory leak has since been fixed, so we remove the fallback.
[//]: # (werk v2)
# Handle the uptime of Docker containers across time zones
key | value
---------- | ---
date | 2024-04-12T09:35:03+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
As of version 2.3, the uptime monitoring service for Docker containers could crash if the container's start time was later than the current CheckMk site's current time. This resulted in a negative uptime calculation error (ValueError: "Cannot render negative timespan").
This could occur in situations where the host system and the container had different configured timezones.
We now correctly handle all timestamps, ensuring accurate uptime calculations regardless of timezone configurations.
Werk 16320 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Publish permission handling
Class: fix
Compatible: incomp
Component: multisite
Date: 1709641954
Edition: cre
Level: 1
Version: 2.2.0p26
Werk 13498 introduced the possibility to set publish permissions independently
of each other.
Still, the permission "Publish views" (e.g. for publishing views) was needed
to see the published views.
This has been fixed.
Note: Please check your publish configuration in views, dashboards, etc.
------------------------------------<diff>-------------------------------------------
Title: Publish permission handling
Class: fix
Compatible: incomp
Component: multisite
Date: 1709641954
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Werk 13498 introduced the possibility to set publish permissions independently
of each other.
Still, the permission "Publish views" (e.g. for publishing views) was needed
to see the published views.
This has been fixed.
Note: Please check your publish configuration in views, dashboards, etc.
Werk 16239 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Extend devices found by apc_ats_status
Class: fix
Compatible: compat
Component: checks
Date: 1709123851
Edition: cre
Level: 1
Version: 2.2.0p26
This werk affects you, in case you try to monitor your APC Rack Automatic Transfer Switch with <tt>apc_ats_status</tt>.
Previously some devices were not discovered due to a too strict scan function.
Futher, we enable monitoring other power supplies available at such devices as for example 1V and 3.3V.
This was fixed now.
------------------------------------<diff>-------------------------------------------
Title: Extend devices found by apc_ats_status
Class: fix
Compatible: compat
Component: checks
Date: 1709123851
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
This werk affects you, in case you try to monitor your APC Rack Automatic Transfer Switch with <tt>apc_ats_status</tt>.
Previously some devices were not discovered due to a too strict scan function.
Futher, we enable monitoring other power supplies available at such devices as for example 1V and 3.3V.
This was fixed now.
Werk 16321 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Fix metric history painter with inherit time range option
Class: fix
Compatible: compat
Component: reporting
Date: 1709800537
Edition: cee
Level: 1
Version: 2.2.0p26
If you used the option “Inherit from report time range” for the painter "Metric
history" in report content elements, an error was shown in the report.
This affected all previous 2.2 versions.
------------------------------------<diff>-------------------------------------------
Title: Fix metric history painter with inherit time range option
Class: fix
Compatible: compat
Component: reporting
Date: 1709800537
Edition: cee
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
If you used the option “Inherit from report time range” for the painter "Metric
history" in report content elements, an error was shown in the report.
This affected all previous 2.2 versions.
Werk 16373 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: metrics: allow dots in metric ids
Class: fix
Compatible: compat
Component: rest-api
Date: 1709109314
Edition: cre
Level: 1
Version: 2.2.0p26
Before this Werk, the REST API was not able to access metrics named after IP addresses. This Werk fixes that and allows user to access metrics containing dots on the id
------------------------------------<diff>-------------------------------------------
Title: metrics: allow dots in metric ids
Class: fix
Compatible: compat
Component: rest-api
Date: 1709109314
Edition: cre
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
Before this Werk, the REST API was not able to access metrics named after IP addresses. This Werk fixes that and allows user to access metrics containing dots on the id
Werk 16355 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Graph oject lists: Avoid strange help texts in list views (non-English only)
Class: fix
Compatible: compat
Component: multisite
Date: 1713176416
Edition: cee
Level: 1
Version: 2.2.0p26
When using Checkmk in a language other than English, the list views for graph collections, graph
tunings, custom graphs and forecast graphs might have displayed strange help texts such as
"Project-Id-Version: Checkmk user interface translation 0.1 ...".
This happened only for graph objects with empty descriptions and only if the inline help was
activated for the corresponding page.
------------------------------------<diff>-------------------------------------------
Title: Graph oject lists: Avoid strange help texts in list views (non-English only)
Class: fix
Compatible: compat
Component: multisite
Date: 1713176416
Edition: cee
Level: 1
- Version: 2.2.0p25
? ^
+ Version: 2.2.0p26
? ^
When using Checkmk in a language other than English, the list views for graph collections, graph
tunings, custom graphs and forecast graphs might have displayed strange help texts such as
"Project-Id-Version: Checkmk user interface translation 0.1 ...".
This happened only for graph objects with empty descriptions and only if the inline help was
activated for the corresponding page.