Checkmk werks level2 July 2024

checkmk-werks-lvl2@lists.checkmk.com

1 participants
23 discussions

[2.3.0] Checkmk Werk 15244 adapted: New agent configuration: Push mode

by Checkmk werks level 2

Werk 15244 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: New agent configuration: Push mode Class: feature Compatible: compat Component: agents Date: 1678199258 Edition: cce Knowledge: undoc Level: 2 Version: 2.3.0b1 Users of the Checkmk Cloud Edition now have a new mode of operation for the agent controller at their disposal: The "Push mode". In the push mode, the Checkmk agent sends the monitoring data to the Checkmk server once per minute. The agent pushes the data transmission on its own and does not wait for a request from the server. The push mode is always required if the Checkmk server cannot access the network in which the host to be monitored and its agent are located, for example, in a cloud-based configuration. More on the setup can be found in our <a href="https://docs.checkmk.com/2.2.0/en/agent_linux.html">user manual</a>. ------------------------------------<diff>------------------------------------------- Title: New agent configuration: Push mode Class: feature Compatible: compat Component: agents Date: 1678199258 - Edition: cre ? ^ + Edition: cce ? ^ Knowledge: undoc Level: 2 Version: 2.3.0b1 Users of the Checkmk Cloud Edition now have a new mode of operation for the agent controller at their disposal: The "Push mode". In the push mode, the Checkmk agent sends the monitoring data to the Checkmk server once per minute. The agent pushes the data transmission on its own and does not wait for a request from the server. The push mode is always required if the Checkmk server cannot access the network in which the host to be monitored and its agent are located, for example, in a cloud-based configuration. More on the setup can be found in our <a href="https://docs.checkmk.com/2.2.0/en/agent_linux.html">user manual</a>.

2 months, 1 week

[2.2.0] Checkmk Werk 16437 adapted: omd: Improve Runtime with Many Sites

by Checkmk werks level 2

Werk 16437 was adapted. The following is the new Werk, a diff is shown at the end of the message. Title: omd: Improve Runtime with Many Sites Class: fix Compatible: compat Component: omd Date: 1720082692 Edition: cre Level: 2 Version: 2.2.0p31 With this Werk, all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements mostly affect hosts, which have a high number of sites. ------------------------------------<diff>------------------------------------------- Title: omd: Improve Runtime with Many Sites Class: fix Compatible: compat Component: omd Date: 1720082692 Edition: cre Level: 2 Version: 2.2.0p31 - With this Werk, the all invocations of the <tt>omd</tt> command line tool are faster. ? ---- + With this Werk, all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements - should largely affect hosts, which have a high number of sites. ? ^^^^^^^^^^^ + mostly affect hosts, which have a high number of sites. ? ++ ^

2 months, 1 week

[2.3.0] Checkmk Werk 16437 adapted: omd: Improve Runtime with Many Sites

by Checkmk werks level 2

Werk 16437 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # omd: Improve Runtime with Many Sites key | value ---------- | --- compatible | yes version | 2.3.0p10 date | 2024-07-04T08:44:52+00:00 level | 2 class | fix component | omd edition | cre With this Werk, all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements mostly affect hosts, which have a high number of sites. ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) # omd: Improve Runtime with Many Sites key | value ---------- | --- compatible | yes version | 2.3.0p10 date | 2024-07-04T08:44:52+00:00 level | 2 class | fix component | omd edition | cre - With this Werk, the all invocations of the <tt>omd</tt> command line tool are faster. ? ---- + With this Werk, all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements - should largely affect hosts, which have a high number of sites. ? ^^^^^^^^^^^ + mostly affect hosts, which have a high number of sites. ? ++ ^ +

2 months, 1 week

[2.3.0] Checkmk Werk 16437 created: omd: Improve Runtime with Many Sites

by Checkmk werks level 2

[//]: # (werk v2) # omd: Improve Runtime with Many Sites key | value ---------- | --- compatible | yes version | 2.3.0p10 date | 2024-07-04T08:44:52+00:00 level | 2 class | fix component | omd edition | cre With this Werk, the all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements should largely affect hosts, which have a high number of sites.

2 months, 1 week

[2.4.0] Checkmk Werk 16437 adapted: omd: Improve Runtime with Many Sites

by Checkmk werks level 2

Werk 16437 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # omd: Improve Runtime with Many Sites key | value ---------- | --- compatible | yes version | 2.4.0b1 date | 2024-07-04T08:44:52+00:00 level | 2 class | fix component | omd edition | cre With this Werk, all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements mostly affect hosts, which have a high number of sites. ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) # omd: Improve Runtime with Many Sites key | value ---------- | --- compatible | yes version | 2.4.0b1 date | 2024-07-04T08:44:52+00:00 level | 2 class | fix component | omd edition | cre - With this Werk, the all invocations of the <tt>omd</tt> command line tool are faster. ? ---- + With this Werk, all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements - should largely affect hosts, which have a high number of sites. ? ^^^^^^^^^^^ + mostly affect hosts, which have a high number of sites. ? ++ ^ +

2 months, 1 week

[2.4.0] Checkmk Werk 16437 created: omd: Improve Runtime with Many Sites

by Checkmk werks level 2

[//]: # (werk v2) # omd: Improve Runtime with Many Sites key | value ---------- | --- compatible | yes version | 2.4.0b1 date | 2024-07-04T08:44:52+00:00 level | 2 class | fix component | omd edition | cre With this Werk, the all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements should largely affect hosts, which have a high number of sites.

2 months, 1 week

[2.2.0] Checkmk Werk 16437 created: omd: Improve Runtime with Many Sites

by Checkmk werks level 2

Title: omd: Improve Runtime with Many Sites Class: fix Compatible: compat Component: omd Date: 1720082692 Edition: cre Level: 2 Version: 2.2.0p31 With this Werk, the all invocations of the <tt>omd</tt> command line tool are faster. This Werk should not affect behaviour in any other way. The performance improvements should largely affect hosts, which have a high number of sites.

2 months, 2 weeks

[2.1.0] Checkmk Werk 16845 created: fix a privilege escalation vulnerability in the Checkmk Windows Agent

by Checkmk werks level 2

Title: fix a privilege escalation vulnerability in the Checkmk Windows Agent Class: security Compatible: compat Component: checks Date: 1719843798 Edition: cre Level: 2 Version: 2.1.0p45 This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the <code>ProgramData\checkmk\agent</code> directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. Affected Versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 Mitigations: If updating is not possible, you can manually remove write access for non-admin users on the <code>ProgramData\checkmk\agent</code> folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. Vulnerability Management: We have rated the issue with a CVSS Score of 8.8 High (<code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</code>) and assigned <code>CVE-2024-28827</code>.

2 months, 2 weeks

[2.2.0] Checkmk Werk 16845 created: fix a privilege escalation vulnerability in the Checkmk Windows Agent

by Checkmk werks level 2

Title: fix a privilege escalation vulnerability in the Checkmk Windows Agent Class: security Compatible: compat Component: checks Date: 1719843798 Edition: cre Level: 2 Version: 2.2.0p29 This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the <code>ProgramData\checkmk\agent</code> directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. Affected Versions: LI: 2.3.0 LI: 2.2.0 LI: 2.1.0 Mitigations: If updating is not possible, you can manually remove write access for non-admin users on the <code>ProgramData\checkmk\agent</code> folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. Vulnerability Management: We have rated the issue with a CVSS Score of 8.8 High (<code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</code>) and assigned <code>CVE-2024-28827</code>.

2 months, 2 weeks

[2.3.0] Checkmk Werk 16845 adapted: fix a privilege escalation vulnerability in the Checkmk Windows Agent

by Checkmk werks level 2

Werk 16845 was adapted. The following is the new Werk, a diff is shown at the end of the message. [//]: # (werk v2) # fix a privilege escalation vulnerability in the Checkmk Windows Agent key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 class | security edition | cre component | checks level | 2 compatible | yes This Werk fixes a privilege escalation vulnerability in the Checkmk Windows Agent. Prior to this Werk, it was possible for authenticated users on the monitored Windows host to execute commands as administrator account that is used to run the Agent, allowing them to elevate their privileges. The reason for this issue were excessive write permissions on the `ProgramData\checkmk\agent` directory. Note that you must update Checkmk as well as the agent in order to apply this fix. This issue was found in a commissioned penetration test conducted by modzero GmbH. *Affected Versions*: * 2.3.0 * 2.2.0 * 2.1.0 *Mitigations*: If updating is not possible, you can manually remove write access for non-admin users on the `ProgramData\checkmk\agent` folder. To do this, navigate to the folder's property settings and make sure to verify the special permissions and advanced permission settings in addition to the basic permission settings. *Vulnerability Management*: We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) and assigned `CVE-2024-28827`. ------------------------------------<diff>------------------------------------------- [//]: # (werk v2) - # reserved + # fix a privilege escalation vulnerability in the Checkmk Windows Agent key | value ---------- | --- date | 2024-07-01T14:23:18+00:00 version | 2.3.0p8 - class | fix ? ^ ^ + class | security ? ^^^^^ ^^ edition | cre component | checks level | 2 compatible | yes - reserved + This Werk fixes a privilege escalation vulnerability in the Checkmk Windows + Agent. + Prior to this Werk, it was possible for authenticated users on the monitored + Windows host to execute commands as administrator account that is used to run + the Agent, allowing them to elevate their privileges. + The reason for this issue were excessive write permissions on the + `ProgramData\checkmk\agent` directory. + + Note that you must update Checkmk as well as the agent in order to apply this + fix. + + This issue was found in a commissioned penetration test conducted by modzero + GmbH. + + *Affected Versions*: + + * 2.3.0 + * 2.2.0 + * 2.1.0 + + *Mitigations*: + + If updating is not possible, you can manually remove write access for non-admin + users on the `ProgramData\checkmk\agent` folder. + To do this, navigate to the folder's property settings and make sure to verify + the special permissions and advanced permission settings in addition to the + basic permission settings. + + *Vulnerability Management*: + + We have rated the issue with a CVSS Score of 8.8 High (`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`) + and assigned `CVE-2024-28827`. +

2 months, 2 weeks

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level2 July 2024