Checkmk werks level1

checkmk-werks-lvl1@lists.checkmk.com

1 participants
15953 discussions

Checkmk Werk 15279: Expose version and edition via HTTP-headers

by Benedikt Seidl

ID: 15279 Title: Expose version and edition via HTTP-headers Component: REST API Level: 1 Class: New feature Version: 2.3.0b1 The HTTP-headers "x-checkmk-edition" and "x-checkmk-version" are used to expose the checkmk version and edition on all authenticated REST-API HTTP-responses.

1 year, 7 months

Checkmk Werk 14586: gcp_status: Monitor GCP Status

by Solomon Jacobs

ID: 14586 Title: gcp_status: Monitor GCP Status Component: Checks & agents Level: 1 Class: New feature Version: 2.3.0b1 With this werk, it is possible to monitor the GCP Health Dashboard, available at https://status.cloud.google.com/. Since this site is publicly available, no authentication is required for this monitoring. This feature consists of a special agent, agent_gcp_status, and a new check, gcp_status. The special agent can be configured via the rule Google Cloud Platform (GCP) Status.

1 year, 7 months

Checkmk Werk 15068: Fix improper certificate validation in agent updater

by Maximilian Wirtz

ID: 15068 Title: Fix improper certificate validation in agent updater Component: agents Level: 1 Class: Security fix Version: 2.3.0b1 The compiled version of the agent-updater uses its own collection of trusted Certificate Authorities. This collection comes from the Python package certifi and is based on the collection of Mozilla Firefox. The used Python package and therefore the collection was outdated and is subject to CVE-2022-23491. This collection included a CA certificate of TrustCor which is not considered trustworthy anymore. (See: https://security.googleblog.com/2023/01/sustaining-digital-certificate-secu…) If an attacker was able to create certificates for arbitrary domains signed by this CA, machine-in-the-middle attacks could be possible. To mitigate this vulnerability please update and rollout the agent-updater (typical agent-update is sufficient). If an update is currently not possible one can set the <tt>Certificates for HTTPS verification</tt> option for the agent updater. If this option is set a custom list of trusted certificates is used to verify the HTTPS connection instead of the CA collection. All versions up to 1.6 are vulnerable. This vulnerability was found internally. We calculated a CVSS 3.1 score of 6.2 (medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:R Please note that we rate this rather low since this is more a hypothetical attack and no wrong-doing of the CA was ever proven.

1 year, 7 months

Checkmk Werk 15067: Show if user is locked

by Maximilian Wirtz

ID: 15067 Title: Show if user is locked Component: Setup Level: 1 Class: Bug fix Version: 2.3.0b1 With this Werk a user that is locked will be informed that the account is locked. Previously it was only shown that the login was invalid and lead users to more login attempts.

1 year, 7 months

Checkmk Werk 13628: Dashboards: New cloud dashboards for storage services on AWS, Azure and GCP

by Marcel Arentz

ID: 13628 Title: Dashboards: New cloud dashboards for storage services on AWS, Azure and GCP Component: Multisite Level: 1 Class: New feature Version: 2.3.0b1

1 year, 7 months

Checkmk Werk 15152: Fix crash in mk-job.solaris

by Sofia Colakovic

ID: 15152 Title: Fix crash in mk-job.solaris Component: agents Level: 1 Class: Bug fix Version: 2.3.0b1 mk-job.solaris started crashing in version 2.1.p1 with an error: "exit: : numeric argument required".

1 year, 7 months

Checkmk Werk 15149: agent_azure: Fix crash if the metric isn't found

by Sofia Colakovic

ID: 15149 Title: agent_azure: Fix crash if the metric isn't found Component: agents Level: 1 Class: Bug fix Version: 2.3.0b1 The Azure agent would crash if the metric wasn't available for a resource. Now, the agent doesn't crash and retries to fetch available metrics.

1 year, 7 months

Checkmk Werk 15253: Abort CMC startup if state file could not be read or parsed

by Sven Panne

ID: 15253 Title: Abort CMC startup if state file could not be read or parsed Component: cmc Level: 1 Class: Bug fix Version: 2.3.0b1 This avoids simply continuing and creating a new state file, which loses all comments, ad hoc downtimes, acknowledgements, etc. Note that it is still OK when there is no state file at all, which is e.g. the case when the CMC starts for the first time.

1 year, 7 months

Checkmk Werk 15384: check_mk_agent: handle tabs when reading definitions from mrpe.cfg

by Wontek Hong

ID: 15384 Title: check_mk_agent: handle tabs when reading definitions from mrpe.cfg Component: agents Level: 1 Class: Bug fix Version: 2.3.0b1 Prior to this werk, the Checkmk agent for linux, solaris and aix was not able to handle tabs in the service definitions in the mrpe.cfg file. This werk resolves this issue and correctly identifies the service description, command and optionally the time interval.

1 year, 7 months

Checkmk Werk 15238: Too restrictive permission checking in service discovery

by Moritz Kiemer

ID: 15238 Title: Too restrictive permission checking in service discovery Component: Setup Level: 1 Class: Bug fix Version: 2.3.0b1 On the service discovery page some permissions where checked to restrictive. For instance: A user that was not allowed to add "ignored" services, would also be prevented from adding services to the monitoring.

1 year, 7 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1