[//]: # (werk v2)
# Nutanix agent: resolve verify error when environment REQUEST_CA_BUNDLE is set
key | value
---------- | ---
date | 2024-06-08T22:17:32+00:00
version | 2.4.0b1
class | fix
edition | cee
component | checks
level | 1
compatible | yes
Due to a specific behaviour in the requests Python library, the SSL verify disable
option does not work when the REQUEST_CA_BUNDLE environment variable is set. This
also affected the Nutanix agent. This werk resolves the error and therefore always
respects the no-cert-check flag. In addition, this werk also improves the error
message in case the agent fails when requesting the Nutanix API.
[//]: # (werk v2)
# Bruteforce protection for two factor authentication
key | value
---------- | ---
date | 2024-06-06T17:19:18+00:00
version | 2.3.0p6
class | security
edition | cre
component | core
level | 1
compatible | yes
Prior to this werk, Two Factor Authentication failures could not trigger account lockout. All three methods will now count towards failed login attempts against a user's account.
As a result, an attacker could try to brute-force and therefore bypass user's two factor protections without triggering the lockout mechanism.
This vulnerability was identified in a commissioned penetration test conducted by PS Positive Security GmbH.
*Affected Versions*:
* 2.3.0
*Indicators of Compromise*:
Failed two factor authentication attempts can be identified within a Checkmk site's security log file (~/var/log/security.log).
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 5.9 (Medium) with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N</code>
and assigned CVE <code>CVE-2024-28833</code>.
[//]: # (werk v2)
# mk-sql ensures instance name is correct
key | value
---------- | ---
date | 2024-06-05T11:27:42+00:00
version | 2.3.0p6
class | feature
edition | cee
component | checks
level | 2
compatible | no
The plugin verifies whether the name of the instance at the
specified address matches the name indicated in the config.
If the name specified in the config does not match the
instance name that responds, the monitoring of this instance
will return an error.
Example: The config mistakenly indicates that the `SQLEXPRESS`
instance is located at `localhost:1433`, whereas the `MSSQLSERVER`
instance is actually located at this address.
Previously, the instance `MSSQLSERVER` were mistakenly monitored
as `SQLEXPRESS`.
Starting from this release, this error has been corrected.
You need to correct the config if your config contained bad
data.
[//]: # (werk v2)
# diskstat: Use WWN as service description for physical disks
key | value
---------- | ---
date | 2024-06-04T11:51:10+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
Previously, device name was used as service description for physical disks.
Device names aren't persistent, which led to services starting to receive
metrics of another device if device names get switched. This could happen
after an update or a reboot.
Now, it's possible to configure WWN (World Wide Name) to be used as service
description in the `Disk IO discovery` rule, in `Physical disks` configuration.
Old `Physical disks` configurations will continue to use device name as service
description to preserve compatibility. For the new configurations using WWN
will be the default.
Werk 16839 was deleted. The following Werk is no longer relevant.
[//]: # (werk v2)
# mk-sql ensures instance name is correct
key | value
---------- | ---
date | 2024-06-05T11:27:42+00:00
version | 2.3.0p6
class | feature
edition | cee
component | checks
level | 2
compatible | no
The plugin verifies whether the name of the instance at the
specified address matches the name indicated in the config.
If the name specified in the config does not match the
instance name that responds, the monitoring of this instance
will return an error.
Example: The config mistakenly indicates that the `SQLEXPRESS`
instance is located at `localhost:1433`, whereas the `MSSQLSERVER`
instance is actually located at this address.
Previously, the instance `MSSQLSERVER` were mistakenly monitored
as `SQLEXPRESS`.
Starting from this release, this error has been corrected.
You need to correct the config if your config contained bad
data.
[//]: # (werk v2)
# mk-sql ensures instance name is correct
key | value
---------- | ---
date | 2024-06-05T11:27:42+00:00
version | 2.3.0p6
class | feature
edition | cee
component | checks
level | 2
compatible | no
The plugin verifies whether the name of the instance at the
specified address matches the name indicated in the config.
If the name specified in the config does not match the
instance name that responds, the monitoring of this instance
will return an error.
Example: The config mistakenly indicates that the `SQLEXPRESS`
instance is located at `localhost:1433`, whereas the `MSSQLSERVER`
instance is actually located at this address.
Previously, the instance `MSSQLSERVER` were mistakenly monitored
as `SQLEXPRESS`.
Starting from this release, this error has been corrected.
You need to correct the config if your config contained bad
data.
Title: Fix checkmk errors appearing at the bottom of the page
Class: fix
Compatible: compat
Component: wato
Date: 1716912326
Edition: cre
Level: 1
Version: 2.2.0p28
A certain class of errors, including time out errors appeared at
the bottom of a page, making the error difficult to notice, especially
when viewing large tables. With this werk, these error messages
will appear on top of the page like all other errors.
Werk 16430 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# veeam_jobs: Always Monitor Result of Last Backup
key | value
---------- | ---
date | 2024-06-05T14:36:09+00:00
version | 2.3.0p6
class | fix
edition | cee
component | checks
level | 1
compatible | yes
Previously, the check plugin `veeam_jobs` would not always check the result of
the last backup job to determine the monitoring state. If the creation time was
an empty string, it would show `item not found`. Moreover, if the last
state of the plugin was `Starting`, `Working` or `Postprocessing`, then the
check would be OK, even if the last backup failed.
The check now shows all the information available unconditionally. Moreover,
* a Success result is OK,
* a Warning result is WARN,
* a Failed result is CRIT,
* a None result is OK or UNKNOWN. There is no change in behaviour in this case.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# veeam_jobs: Always Monitor Result of Last Backup
key | value
---------- | ---
date | 2024-06-05T14:36:09+00:00
version | 2.3.0p6
class | fix
edition | cee
component | checks
level | 1
compatible | yes
Previously, the check plugin `veeam_jobs` would not always check the result of
the last backup job to determine the monitoring state. If the creation time was
- an empty string, it would show `item not found` in case. It will now show all
- the information available and the correct monitoring state.
+ an empty string, it would show `item not found`. Moreover, if the last
+ state of the plugin was `Starting`, `Working` or `Postprocessing`, then the
+ check would be OK, even if the last backup failed.
+ The check now shows all the information available unconditionally. Moreover,
+ * a Success result is OK,
+ * a Warning result is WARN,
+ * a Failed result is CRIT,
+ * a None result is OK or UNKNOWN. There is no change in behaviour in this case.
+