Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

15941 discussions

Checkmk Werk 15283: solaris: Fix cleanup of temporary statgrab files

by Benedikt Seidl

ID: 15283 Title: solaris: Fix cleanup of temporary statgrab files Component: agents Level: 1 Class: Bug fix Version: 2.1.0p27 Solaris Checkmk agent creates a temporary file /tmp/statgrab.XYZ where XYZ is the process id. This file was not always cleaned up.

1 year, 5 months

Checkmk Werk 15284: solaris: Add timeout to statgrab command

by Benedikt Seidl

ID: 15284 Title: solaris: Add timeout to statgrab command Component: agents Level: 1 Class: Bug fix Version: 2.1.0p27 When the executable "timeout" is available on the system the Checkmk agent is executed, the statgrab command is executed with a 20 second timeout. It is known that on certain systems, the "statgrab mem." command takes up to two minutes.

1 year, 5 months

Checkmk Werk 13753: Support Diagnostics: Collect dump only from local site

by Lars Getwan

ID: 13753 Title: Support Diagnostics: Collect dump only from local site Component: setup Level: 1 Class: Bug fix Version: 2.2.0b5 Previously, it was possible to select a remote site in the Support Diagnostics UI, where the data was then copied from. This worked in cases where the amount of data to be transferred was rather small. In other cases, it crashed regularly, or ran into timeouts, because the transfer took too long. Now, the Support Diagnostics can only be collected from the local site. To collect data from a remote site, you have to enable the configuration via Setup on this site and log in locally.

1 year, 5 months

Checkmk Werk 15466: autodiscovery: Show site changes made by Periodic service discovery

by Sofia Colakovic

ID: 15466 Title: autodiscovery: Show site changes made by Periodic service discovery Component: Setup Level: 2 Class: Bug fix Version: 2.3.0b1 The werk is incompatible because it removes the 'cmk --discover-marked-hosts' command. We consider this command an internal one. So it's likely that you don't not need to do anything. However, if you need access to this command, please let us know. Previously, if 'Periodic service discovery' was used with 'Automatically update service configuration' enabled and 'Do not activate changes' activation option, the services would be discovered but the change wasn't visible in 'Activate pending changes' or in the audit log. This made it impossible to know whether there are any discovered changes that need to be activated and what these changes are. Now, when changes get automatically discovered but not activated, they appear in 'Activate pending changes' and the action is logged to the audit log. In case of automatic discovery with activation, the action will be logged to the audit log.

1 year, 5 months

Checkmk Werk 15671: SAML: use RSA-SHA256 to sign authentication requests

by Lisa Pichler

ID: 15671 Title: SAML: use RSA-SHA256 to sign authentication requests Component: setup Level: 1 Class: New feature Version: 2.3.0b1 Checkmk would sign its authentication requests with RSA-SHA512. However, some identity providers (e.g. some versions of Microsoft ADFS) do not support any signature algorithms beyond SHA256. As a result, the authentication requests would be rejected with an error message similar to "Error details: MSIS7093: The message is not signed with expected signature algorithm. Message is signed with signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha512. Expected signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256." For this reason, Checkmk now uses RSA-SHA256 to sign its authentication requests.

1 year, 5 months

Checkmk Werk 15190: Allow agent registration using an IP address as hostname

by Hannes Rantzsch

ID: 15190 Title: Allow agent registration using an IP address as hostname Component: Checks & agents Level: 1 Class: Bug fix Version: 2.1.0p27 IP addresses can now be used as hostnames again when registering new agents with the Agent Controller. This fixes a regression that was introduced with Checkmk 2.1.0p12 / Werk #14385.

1 year, 5 months

Checkmk Werk 15560: Drop support for Debian-9

by External contributor

ID: 15560 Title: Drop support for Debian-9 Component: Site Management Level: 1 Class: Bug fix Version: 2.2.0b6 Checkmk won't be built anymore for Debian-9 (stretch) from 2.2.0 and upwards as Debian-9's LTS support ended on June 30, 2022: https://wiki.debian.org/LTS The support from our side was already dropped during the beta phase with <tt>2.2.0b5</tt>.

1 year, 5 months

Checkmk Werk 15189: Don't log automation user credentials when generating performance graph diagnostics

by Hannes Rantzsch

ID: 15189 Title: Don't log automation user credentials when generating performance graph diagnostics Component: Reporting & Availability Level: 1 Class: Security fix Version: 2.1.0p27 Prior to this Werk, creating a Support Diagnostic report including the option "Performance Graphs of Checkmk Server" caused the automation secret of the user "automation" to be logged to the site Apache access log file (<tt>var/log/apache/access_log</tt>). This affected both creating the diagnostic report via the GUI (<tt>Setup > Maintenance > Support diagnostics</tt>) and via the command line (<tt>cmk --create-diagnostics-dump --performance-graphs</tt>). With this Werk the credentials are no longer written to the log file. Note that no automatic sanitization of the log file is attempted by applying this patch. This issue was discovered during internal review. Affected Versions: LI: 2.2.0 (beta) LI: 2.1.0 LI: 2.0.0 Mitigations: Users are advised to change the secret of the user "automation" via the User Management UI. If this is not an option for you, delete or manually sanitize the Apache access log file and any backup of the file. Remove any line that contains a <tt>POST</tt> to <tt><your site URL>/report.py?_username=automation&_secret=<...></tt>. Refrain from using the affected functionality before applying this patch or manually sanitize the file afterwards. Vulnerability Management: We have rated the issue with a CVSS Score of 4.4 (Medium) with the following CVSS vector: <tt>CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</tt>. We have assigned CVE-2023-31207.

1 year, 5 months

Checkmk Werk 15393: cisco_meraki_org_device_info: Add more information to HW/SW inventory

by Simon Jess

ID: 15393 Title: cisco_meraki_org_device_info: Add more information to HW/SW inventory Component: HW/SW Inventory Level: 1 Class: New feature Version: 2.3.0b1 The following fields of a device are added: <ul> <li>Address</li> <li>Product type (if available)</li> <li>Organisation ID</li> <li>Organisation name</li> </ul>

1 year, 5 months

Checkmk Werk 15664: <tt>inv_cisco_vlans</tt>: Fix <tt>'list' object has no attribute 'id_'</tt>

by Joerg Herbel

ID: 15664 Title: <tt>inv_cisco_vlans</tt>: Fix <tt>'list' object has no attribute 'id_'</tt> Component: Checks & agents Level: 1 Class: Bug fix Version: 2.3.0b1 The inventory plugin <tt>inv_cisco_vlans</tt> crashed with C+: 'list' object has no attribute 'id_' C-: This error was shown in the service output of the HW/SW inventory service of affected hosts.

1 year, 5 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1