ID: 10432
Title: cmk-update-agent.exe: Fix security issue on Windows
Component: agents
Level: 2
Class: Security fix
Version: 1.7.0i1
Recently, a vulnerability of PyInstaller, that we use to compile
the cmk-update-agent.exe executable on windows to one file, has been
discovered, see
<a href=https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7f…>here</a>.
Only the windows version of the cmk-update-agent binary is affected. Unix versions and the python script
are not affected.
We fix this issue by updating to PyIntaller 3.6.
ID: 10619
Title: Improve error-handling in poller
Component: Notifications
Level: 1
Class: Bug fix
Version: 1.7.0i1
Errors from poll(2) were handled inconsistently and
could possibly freeze the main loop of the core.
ID: 10633
Title: skype: fixed magnitude of latency value
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
The state falsely changed to warning. A missing conversion to the correct magnitude for a value in the Skype Sproc latency check,
caused this wrong state change.
ID: 10680
Title: Windows Agent section systemtime adds '\n' at the end of the output
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
This fix provides compatibility with special agents, like the agent for
VMWare VSphere
ID: 10787
Title: Fix missing new line in ESX agent which may break various sections and services may go UNKNOWN
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
ID: 10581
Title: fortigate_memory_base: Wrong interpretation of levels other than 'percent used'
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
Using the WATO rule "Main memory usage (UNIX / Other Devices)", users could specify levels
as absolute values or percent and on used or free memory.
Previously only the 'percent used' combination worked correctly.
ID: 10579
Title: logwatch: Invalid check parameter: Undefined key 'pre_comp_group_patterns'
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
When configuring logwatch groups the above error could be displayed in
the WATO service configuration (however, the service functionality was not affected).
ID: 10677
Title: Windows plugins and local checks can be called using non-system account
Component: Checks & agents
Level: 2
Class: New feature
Version: 1.7.0i1
Previously the plugins and local check were always called using <i>Windows
System account</i>. Such approach could restrict access to some resources,
for example, network shares. Now this problem has been resolved.
The new ruleset in Bakery <tt>Run plugins and local checks using non-system
account</tt> gives the possibility to run any Windows script using a given
user account.
There are two modes of the rule:
<i>group mode</i>, in this case Windows Agent provides its own internal
user in the requested group to run a script.
<i>user mode</i>, in this case the credentials for the given user account
must be fully specified.
The <i>group mode</i> is more secure, because no credentials need to be
stored anywhere, except in the agent internally. When using the
<i>user mode</i>, the provided credentials are stored on all Checkmk
servers to which the configuration is applied. Also, the credentials will
be baked into the distributed to target systems agent bakery
packages(MSI files).
The same functionality in Raw Edition can be achieved using Agent configuration
file.
To set <i>group mode</i> for desired plugin pattern you should assign
the name of the local group to the key <tt>group</tt>. To set <i>user mode</i>
for desired plugin pattern you should assign string with user name and password
separated with one space to the key <tt>user</tt>. Detailed example you may found
in the provided configuration file.
We highly recommend using the <i>group mode</i> whenever possible.
ID: 10679
Title: Windows Agent installs correctly cap file with empty files inside
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.7.0i1
Previously the installation of the plugins.cap file with zero size files
was not possible.
Now the problem has been solved.
ID: 10758
Title: redis_info.persistence: New check to monitor Redis persistence
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.7.0i1
With this check you can monitor Redis instances. The check gets input from
the redis-cli command "info" and the resulting "Persistence" section. It
outputs the state of the last RDB (Redis Database Backup) save and AOF (Append
Only File) rewrite operation. Furthermore the time of the last successful RDB
save and the number of changes since the last dump.
Needs the agent plugin "mk_redis" to be installed.