Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15912 discussions

[2.4.0] Checkmk Werk 16643 created: Licensing: Introduce grace period for unlicensed state

by Checkmk werks level 1

[//]: # (werk v2) # Licensing: Introduce grace period for unlicensed state key | value ---------- | --- date | 2024-03-27T15:55:26+00:00 version | 2.4.0b1 class | fix edition | cce component | wato level | 1 compatible | yes To lessen the impact of a setup becoming unlicensed, there is now a 7 day grace period before becoming unlicensed. In this time only warnings will be shown so that users have the opportunity to fix the licensing issues.

5 months, 2 weeks

[2.2.0] Checkmk Werk 16605 created: check_wmi_webservices: fix CurrentConnections monitoring

by Checkmk werks level 1

Title: check_wmi_webservices: fix CurrentConnections monitoring Class: fix Compatible: compat Component: checks Date: 1712040247 Edition: cre Level: 1 Version: 2.2.0p25 The CurrentConnections metric was calculated "per second". We now directly show the number of connections returned by the service.

5 months, 2 weeks

[2.2.0] Checkmk Werk 15026 created: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission

by Checkmk werks level 1

Title: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission Class: fix Compatible: compat Component: wato Date: 1710499061 Edition: cre Level: 1 Version: 2.2.0p25 Without the "add_or_modify_executables" permission users do not have the right to change any executable run by checkmk, either on the site or via the agent. The agent config options "python_plugins" and "lnx_remote_alert_handlers" have not yet checked for that permission. In the UI "python_plugins" and "lnx_remote_alert_handlers are called "Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.

5 months, 2 weeks

[2.4.0] Checkmk Werk 16665 created: Crash when accessing overridden built-in dashboard

by Checkmk werks level 1

[//]: # (werk v2) # Crash when accessing overridden built-in dashboard key | value ---------- | --- date | 2024-04-03T12:32:28+00:00 version | 2.4.0b1 class | fix edition | cre component | multisite level | 1 compatible | yes Accessing a built-in dashboard after overriding it with a custom dashboard could cause certain dashlets to crash. For example, you could access the built-in dashboard by clicking the link in Customize > Dashboards > Built-in. Another way to access the built-in dashboard is for example by having a bookmark to it. Now this crash no longer occurs and all dashlets render correctly.

5 months, 2 weeks

[2.4.0] Checkmk Werk 16605 created: check_wmi_webservices: fix CurrentConnections monitoring

by Checkmk werks level 1

[//]: # (werk v2) # check_wmi_webservices: fix CurrentConnections monitoring key | value ---------- | --- date | 2024-04-02T06:44:07+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes The CurrentConnections metric was calculated "per second". We now directly show the number of connections returned by the service.

5 months, 2 weeks

[2.4.0] Checkmk Werk 16615 created: Remove websphere_mq plugin

by Checkmk werks level 1

[//]: # (werk v2) # Remove websphere_mq plugin key | value ---------- | --- date | 2024-03-11T11:09:48+00:00 version | 2.4.0b1 class | security edition | cre component | checks level | 1 compatible | yes With this Werk the `websphere_mq` plugin is removed for security reasons. In this plugin the output of `ps` is used to determine an argument for `runmqsc`. This meant that anybody who can launch processes with an arbitrary command line could manipulate one argument to `runmqsc`. The plugin was already superseded by the agent plugin `ibm_mq` and deprecated with Werk [10752](https://checkmk.com/werk/10752) and version 2.0.0. Since this plugin is already deprecated and it was not configurable via the *agent bakery* we assumed that this plugin is not frequently used. Therefore we decided to not fix the issue but to push the removal. We found this vulnerability internally. __Affected versions__: * 2.3.0 * 2.2.0 * 2.1.0 * 2.0.0 __Mitigations__: Migrate to the `ibm_mq` plugin. __Vulnerability Management__: We have rated the issue with a CVSS Score of 6.5 (Medium) with the following CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N`. We assigned CVE-2024-3367 to this vulnerability. __Changes__: The plugin was removed.

5 months, 2 weeks

[2.4.0] Checkmk Werk 16552 created: Crash on activate changes when re-registering agents

by Checkmk werks level 1

[//]: # (werk v2) # Crash on activate changes when re-registering agents key | value ---------- | --- date | 2024-03-28T15:50:10+00:00 version | 2.4.0b1 class | fix edition | cre component | checks level | 1 compatible | yes When re-registering agents, a call to activate changes could crash with an error message like ``` [Errno 2] No such file or directory: '/omd/sites/<site>/var/agent-receiver/received-outputs/<uuid> ```

5 months, 2 weeks

[2.4.0] Checkmk Werk 16180 adapted: Ruleset API: Datamodel changes for Proxy FormSpec

by Checkmk werks level 1

Werk 16180 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # Ruleset API: Datamodel changes for Proxy FormSpec key | value ---------- | --- date | 2024-03-28T13:45:23+00:00 version | 2.4.0b1 class | feature edition | cre component | checks level | 1 compatible | yes This only affects plugin developers using the new API `cmk.rulesets.v1`. The datamodel for the `Proxy`, `Levels`, `TimePeriod` and `Password` Formspecs is changed. Use the `migrate_to_...` migration function to update your stored configurations to the newer datamodel. ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) # Ruleset API: Datamodel changes for Proxy FormSpec key | value ---------- | --- date | 2024-03-28T13:45:23+00:00 version | 2.4.0b1 class | feature edition | cre component | checks level | 1 compatible | yes - This only affects plugin developers. - The datamodel for the `Proxy` Formspec is changed. + This only affects plugin developers using the new API `cmk.rulesets.v1`. + The datamodel for the `Proxy`, `Levels`, `TimePeriod` and `Password` Formspecs is changed. - Use the `migrate_to_proxy` migration function to update your stored configurations to the newer datamodel. ? ^^^^^ + Use the `migrate_to_...` migration function to update your stored configurations to the newer datamodel. ? ^^^

5 months, 2 weeks

[2.4.0] Checkmk Werk 15026 created: Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission

by Checkmk werks level 1

[//]: # (werk v2) # Disallow python_plugins and lnx_remote_alert_handlers agent config options for users without the "add_or_modify_executables" permission key | value ---------- | --- date | 2024-03-15T10:37:41+00:00 version | 2.4.0b1 class | fix edition | cre component | wato level | 1 compatible | yes Without the "add_or_modify_executables" permission users do not have the right to change any executable run by checkmk, either on the site or via the agent. The agent config options "python_plugins" and "lnx_remote_alert_handlers" have not yet checked for that permission. In the UI "python_plugins" and "lnx_remote_alert_handlers are called "Python agent plugin execution (UNIX)" and "Remote alert handler (Linux)" respectively.

5 months, 2 weeks

[2.1.0] Checkmk Werk 15843 created: mk_oracle(ps1): Follow-up to privilege escalation fix

by Checkmk werks level 1

Title: mk_oracle(ps1): Follow-up to privilege escalation fix Class: fix Compatible: incomp Component: checks Date: 1712314947 Edition: cre Level: 2 Version: 2.1.0p42 You might be affected by this Werk if you use <tt>mk_oracle</tt> on Windows. Werk <a href="https://checkmk.com/werk/16232">Werk #16232</a> introduced a regression, thereby disrupting Oracle monitoring on Windows. This Werk addresses above mentioned issue that affects versions 2.1.0p41, 2.2.0p24, and 2.3.0b4. Since this release, Oracle monitoring on Windows is fully supported under condition you use an account without administrator rights or the certain executable binaries, <tt>sqlplus.exe</tt>, <tt>tnsping.exe</tt> and, if presented, <tt>crsctl.exe</tt> are write-protected, with the possible exception being the Administrator. If you are unable or prefer not to use an unprivileged account then you may need to adjust permissions for above mentioned binaries: remove <tt>Write</tt>, <tt>Full Control</tt> and <tt>Modify</tt> permissions for any non-Administrator user and group. More information about can be found at <a href="https://checkmk.atlassian.net/wiki/x/AQA1B">here</a>.

5 months, 3 weeks

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1