ID: 6604
Title: mssql_backup.per_type: Discover MSSQL backup services per type
Component: Checks & agents
Level: 1
Class: New feature
Version: 1.6.0i1
With the ruleset {{Discovery of MSSQL backup}} two choices
for monitring MSSQL backups are available.
Either a summary service per instance can be
discovered. This service monitors all or a subset of
"database", "database diff", "log", "file or filegroup",
"file diff", "partial", "partial diff" or "unspecific"
backup types.
Or MSSQL backup services per backup type and instance are
created.
ID: 6737
Title: docker_node_network: Wrong API implementation caused a lot of small inventory history files
Component: HW/SW Inventory
Level: 1
Class: Bug fix
Version: 1.6.0i1
ID: 6737
Title: docker_node_network: Wrong API implementation caused a lot of small inventory historie files
Component: HW/SW Inventory
Level: 1
Class: Bug fix
Version: 1.6.0i1
ID: 5512
Title: cmk-update-agent: Make executable-Format-rule relevant for Linux only
Component: agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
After introducing the binary Format for the agent updater, we added a rule to the
agent updater ruleset that enables the user to choose the format of
the cmk-update-agent executable.
Hence the packaged binary format is only runnable on Linux, this rule now gets ignored
for all other OSes.
Please note: If you want to enable automatic updates on Linux hosts that run on an
architecture other than x86-64 or x86, you have to explicitibly choose to deploy the
python script format, since the binary formats are not runnable on these architectures.
ID: 6410
Title: Determine the parent process more reliably
Component: Site Management
Level: 1
Class: Bug fix
Version: 1.6.0i1
Previously, the parent process was determined by parsing
/proc/{PID}/stat and columns where assumed to be separated by space.
This was unreliable because the filename in the second
column may contain a space as well. If omd was issued e.g. from tmux
the process name "tmux: server" was used. This resulted in a traceback
during e.g. omd rm. Now the psutil module is used to determine the
parent process.
ID: 6733
Title: veeam_backup_status: Plugin is bakeable
Component: agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
If no 64-bit Windows agent is used you have to create a wrapper batch script,
eg. {{veeam_backup_status.bat}} which calls the {{veeam_backup_status.ps1}}.
In this case the powershell script needs to be put somewhere else (see example
here) and is called from this .bat script with the 64 bit powershell:
<code>
@ECHO OFF
%systemroot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted " & ""C:\scripts\veeam_backup_status.ps1"""
</code>
ID: 6770
Title: Showing graph metric values at mouse position now
Component: metrics
Level: 2
Class: New feature
Version: 1.6.0i1
When moving the mouse pointer on Check_MK graphs a hover popup will be shown at
the mous position that contains the date and time of the current mouse
position together with the values of the single metrics.
ID: 6774
Title: Add Content-Security-Policy header to prevent some cross site scripting and injection attacks
Component: Multisite
Level: 1
Class: Security fix
Version: 1.6.0i1
When requesting pages from the GUI a <tt>Content-Security-Policy</tt> is now been set in the HTTP
response. Using this mechanism the application can tell the browser which things are allowed to
be done by the web page in the context of the browser.
We are now, for example limiting the URLs where AJAX calls can be made to or the URLs which can
be used as form targets. This helps to prevent some XSS and other injection attacks.
The configuration of this policy is made in the apache configuration file
<tt>etc/apache/conf.d/security.conf</tt>. In case you want to have a look at the details or
want to extend the policy somehow you may edit the file in the context of your site configuration.
To apply the changes you need to restart your site apache using <tt>omd restart apache</tt>.
In case of trouble please let us know. We can probably adapt the default configuration to solve
common issues with this policy for all users.
One thing that may affect users that include Check_MK pages on other web pages using frames or
iframes: We set the <tt>frame-ancestors</tt> option to <tt>'self'</tt> which means that only pages
with the same protocol, url and port as the Check_MK page may refer to Check_MK pages. You can
extend this statement with the URLs you want to allow.
ID: 6772
Title: LDAP: Only save users on changed configuration
Component: Multisite
Level: 1
Class: Bug fix
Version: 1.6.0i1
The LDAP synchronization was rewriting the user configuration during
every synchronization, even when no change has been made to the user
configuration.
This needless operation resulted in subsequent load because some
processes, like the Check_MK alert and notify helper were reloading
their configuration in case of a changed Check_MK config file.