ID: 6849
Title: Analyze configuration: Fixed wrong results for liveproxyd and persistent connection tests
Component: WATO
Level: 1
Class: Bug fix
Version: 1.6.0i1
Previously all analyze configuration tests were executed locally on each site.
In case of the liveproxyd tests and persistent connection tests this was wrong
because the tests have to check the connection configuration for a specific
site on the central site.
ID: 6846
Title: More secure password hashing
Component: Multisite
Level: 2
Class: Security fix
Version: 1.6.0i1
Passwords of local users of the Check_MK GUI are now hashed using SHA256
(salted, 535000 rounds) to increase the security of the stored user logon
passwords.
All existing users will still be able to login using their already hashed
passwords. Once a user changes his password or a new user is created, these
will be hashed using the new algorithm.
Why SHA256? Check_MK supports different authentication frontends for verifying
the local credentials: a) basic authentication (done by apache) and b) the GUI
form + cookie based authentication.
The default is b). This option is toggled with the "omd config" option
MULTISITE_COOKIE_AUTH. In case the basic authentication is chosen it is only
possible to use hashing algorithms that are supported by apache which
performs the authentication in this situation.
For best compatibility in all mentioned situations we use the SHA256 scheme.
ID: 6671
Title: WATO Web API: Now able to configured rulesets with boolean settings
Component: WATO
Level: 1
Class: Bug fix
Version: 1.6.0i1
Rules with a configurable positive/negative outcome where incorrectly translated
in a <tt>get_ruleset</tt> API call. Furthermore, <tt>set_ruleset</tt> had an error when
validating these kind of rules.
ID: 6507
Title: Fixed 100% CPU usage of the CMC after writing to its command pipe
Component: Core & setup
Level: 2
Class: Bug fix
Version: 1.6.0i1
After writing to its command pipe tmp/run/nagios.cmd, the CMC's CPU usage
went up to 100%. This has been fixed.
ID: 5516
Title: cmk-update-agent: Catch HTTPS redirect
Component: agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
A communication between the Agent Updater and the Check_MK-Server
won't succeed if the communication protocol is configured to HTTP
while the server enforces HTTPS. The reason is that the POST data
sent by the Agent Updater will be lost on the redirect.
So far, this is normal HTTP behavior. Nonetheless, the Agent Updater
now handles this situation by detecting the redirect and directly
sending its data via (unverified) HTTPS.
A warning will therefore be displayed to the user respectively written
to log.
ID: 6645
Title: Solaris Agent: Correctly separate cputime and elapsed time in agent info
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
The process information delivered by the agent has been upgrated multiple times by requirements of users or information available from the OS. The ps agent tracked the memory outilization of a process by its name, but could not access information of process id and the time of life(elapsed time) of a running process, as such information was misplaced by the agent and thus ignored by the check. This fix brings this data into consideration by the check.
ID: 6834
Title: df: Optionally produce metrics compatible to unix df command
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.6.0i1
Add an option to exclude space reserved for the <tt>root</tt> user from
the calculation of used space, to produce metrics matching the ouput of
the unix df command.
By default Check_MK treats space that is reserved for the <tt>root</tt> user on
Linux and Unix as used space. Usually, 5% are being reserved for root when a new
filesystem is being created.
With this new option in the ruleset "Filesystem (used space and growth)" you can
have Check_MK exclude the current amount of reserved but yet unused space from
the calculations regarding the used space (absolute and percentage).
ID: 5515
Title: Allow Configuration of TMPDIR environment variable in the context of Check_MK Agent
Component: agents
Level: 1
Class: New feature
Version: 1.6.0i1
It is now possible so set the environment variable TMPDIR in the context of the execution
of the Check_MK Agent. This can be configured within the Agent ruleset "Installation paths
for agent files (Linux, UNIX).
Some agent commands or plugins may follow the environment variable TMPDIR for storage of
temporary files. For some reasons, you might want to adapt this path. Namely, the agent
updater won't work with a "\tmp" dir that is mounted with a "noexec"-flag. Please note
that the Check_MK Agent does no automatic cleaning on this custom path.
ID: 6844
Title: mknotifyd: Fixed parse exception when failed to open listen socket
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
When a mknotifyd instance fails to open it's listen socket the parse
function of the check was unable to process the agent output of the
mknotifyd. This resulted in a crash, e.g. during service discovery.