ID: 11239
Title: Check_MK Discovery: Revert werks 10534 and 11229
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
The original werks 10534 (1.6.0p11) and 11229 (1.6.0p16) tried to fix the
following situation:
The "Check_MK discovery" check was unable to discover entirely new check_types.
The discovery phase always relies on cached data, if available. Since the SNMP
datasource only fetches the data it actually needs, there is no guarantee that
all services will be discovered.
So the "Check_MK discovery" service failed to discover any interfaces, if the
snmp host did not have any interfaces beforehand. Through WATO however, the
discovery was successfull, since this mechanism may bypass the snmp caching
entirely.
We have to revert these werk because they did not have the effect to fix above
situation. In one of the next patch releases we will really fix this behaviour.
Sorry for that.. :(
ID: 11362
Title: rmon_stats: new, separate discovery ruleset
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.7.0i1
The discovery of the services provided by the check <tt>rmon_stats</tt>,
which monitors RMON statistics, used to be configured via the ruleset
"Network Interface and Switch Port Discovery". However, <tt>rmon_stats</tt>
does not honor any of the other settings provided by this ruleset. Therefore,
the service discovery for <tt>rmon_stats</tt> is now configured via the new,
separate ruleset "Monitor RMON statistics".
This werk is marked as incompatible because users who configured
<tt>rmon_stats</tt> to be discovered have to adjust their rulesets
accordingly. This is done by activating the discovery of <tt>rmon_stats</tt>
for the corresponding hosts using the new ruleset "Monitor RMON statistics".
Without this step, the corresponding services will continue to work but will
disappear if a re-discovery is performed.
ID: 11263
Title: Fix piggyback path traversal
Component: Core & setup
Level: 2
Class: Security fix
Version: 1.7.0i1
In previous versions it was possible to create files in the querying Checkmk
site by modifying or extending an agent on a monitored system.
So an attacker who gained rights on a monitored system to extend the agent
could create and modify files in the monitoring Checkmk site with certain
modifications of the agent. The creation or modification of files in the
Checkmk site was done with rights of the Checkmk site user.
This problem is now solved by a better validation of hostnames of piggybacked
hosts. With this change only these characters are allowed in Piggybacked
hostnames: <tt>0-9a-zA-Z_.-</tt>. These are exactly the same characters that
Checkmk normally allows when creating hostnames. A special feature of Piggyback
hostnames is that all illegal hostnames are replaced by "_".
This change means that Piggyback hosts created with now invalid characters will
have to be created differently after this change so that they can continue to
be monitored.
ID: 11341
Title: Make omd restore work with hardlinks in local dir
Component: Site Management
Level: 1
Class: Bug fix
Version: 1.7.0i1
In case a backup file was created from a site which contained hardlinks in the local directory, the restore mechnism will crash with the following message:
<code>KeyError: "linkname 'SITE-NAME/local/LINK-NAME' not found"</code>
This werk will enable resolving hard links which reside under the local directory.
ID: 11303
Title: mem.linux: false CRIT status when VmallocChunk is set to 0 kB
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
On Linux kernel 5.3 and newer versions, VmallocChunk is not set (i.e. set to
0 kB). This causes the plugin to report a false CRIT status when evaluating the
status of 'Largest Free VMalloc Chunk'. We have amended the plugin to ignore
Vmalloc Chunk if it is set to 0 kB.
ID: 11262
Title: Activate changes: Asking for activation comment can now be configured
Component: Multisite
Level: 1
Class: New feature
Version: 1.7.0i1
The comment that can be added before activating the pending changes is now
configurable using the global setting "Ask for a comment for activation of changes".
You can either choose to enforce your users to provide a comment, ask for an
optional comment or completely skip the question for a comment.
The default has been set to: "Do not ask for a comment".
ID: 11302
Title: Azure Storage: egress data levels wrongly labelled on user interface
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
The egress data levels parameters of the Azure Storage plugin were labelled
'ingress data'. This has been fixed.
ID: 11261
Title: Fix performance regression caused by too many live status queries between EC and core
Component: Event Console
Level: 2
Class: Bug fix
Version: 1.7.0i1
The version 1.6.0p14 introduced an issue affecting the Event Console and it's
Livestatus communication with the local monitoring core.
Instead of querying static configuration related information, which is needed
by the Event Console only once per core restart, these information were not
cached as intended. This resulted in these queries being made over and over
again.
The query was executed in the following situations:
<ul>
<li>Multiple times when querying the "eventconsolestatus" table (Once for each host known by the Event Console)</li>
<li>Once for each created event</li>
</ul>
ID: 10544
Title: Quicksearch: Fixed incorrect result page when querying host tags
Component: Multisite
Level: 1
Class: Bug fix
Version: 1.7.0i1
The filter <tg:> was incorrectly evaluated when the result set included mulitple hosts.
ID: 11360
Title: juniper_temp: Discover on additional devices
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.7.0i1
The check <tt>juniper_temp<\tt>, which monitors the temperatures
of modules of Juniper devices, is now discovered on additional
devices such as EX3400-48t switches.