ID: 1069
Title: Replaced insecure auth.secret mechanism
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.5i7
We replaced a insecure mechanism of generating the auth.secret which
is used during construction of the authentication cookies when a user
logs into the Check_MK Web GUI to make the authentication cookie only
valid for an individual site or a group of sites connected in a
distributed setup.
What you have to know about:
When the first user accesses the Web GUI after the update to this version,
all currently valid auth cookies of all users will be invalidated. As a
result all users will need to login again.
In distributed setups you will also need to do a replication from the
master site (which generated a new secret) to all slave sites (which
generated another secret themselfs). The replication will synchronize
the new secret of the master to all slaves which should make the
transparent authentication between all sites work again.
ID: 1500
Title: Preventing livestatus injections in different places
Component: Multisite
Level: 2
Class: Security Fix
Version: 1.2.5i7
In some places strings provided by the users, e.g. by filling values into a form,
are used to construct livestatus queries. This is, for example, done when filtering
views or executing commands.
Previous versions were directly using the strings provided by the user without
escaping or filtering characters which could lead into some trouble. This has
been fixed now. The strings provided by the user are now filtered before using
them in livestatus queries.
For the moment the only implemented action is to remove all newline (\n) characters
from the values to prevent injections of non intended livestatus queries / commands.
ID: 1433
Title: Quicksearch: no longer shows an invalid search result when looking for multiple hosts
Component: Multisite
Level: 2
Class: Bug Fix
Version: 1.2.5i7
The quicksearch used the wrong search filter for the given pattern: <i>host</i>
instead of <i>host_regex</i>
ID: 1489
Title: Added iCalendar import for generating timeperiods e.g. for holidays
Component: WATO
Level: 2
Class: New Feature
Version: 1.2.5i7
The timeperiod management module of WATO has been extended with an import
mode vor iCalendar (*.ics) files. This can be used to easily create timeperiods
for holidays which then can be used to exclude them from your other timeperiods.
There are a lot of pages on the internet which provide you with iCalendar including
the appointments for either the holidays of specific years. They might also contain
appointments which have a recurrence configured, e.g. on a yearly base. The import
currently deals with monthly and yearly recurrences of appointments by resolving them
for the configured time horizon.
After interpreting the iCalendar file, you will be redirected to the timeperiod
creation dialog where you can either modify the prefilled values or just confirm
the dialog to finally create the timeperiod.
ID: 1508
Title: Allow input of plugin output and perfdata when faking check results
Component: Multisite
Level: 2
Class: New Feature
Version: 1.2.5i7
The command <i>Fake check results</i> on hosts and services now allows
to optionally specify the plugin output and the performance data of
the check. It is allowed to leave both new input field empty - then
everying behaves like before.
The extension now allows to send check results to the monitoring
via HTTP. Please refer to the documentation about using Multisite
as a webservice (Automation).
ID: 1507
Title: New optional parse_function for check API
Component: Checks & Agents
Level: 2
Class: New Feature
Version: 1.2.5i7
When developing your own checks you sometimes need to deal
with more complex agent output that needs first to be parsed
before that actual inventory or check logic can begin to do
its works. Many checks therefore have something like a parse
function. Now you can define a <tt>"parse_function"</tt> in
the <tt>check_info</tt>. If you do that, then all agent
output (the parameter <tt>info</tt>) will always be processed
by that function before it is passed to the inventory or
check function.
Note: this is also a performance benefit since the parsing
needs now only be done once and not again for each single
check item.
Please refer to the developer documentation for more
details.
ID: 1486
Title: mk_oracle: completely overhauled ORACLE monitoring
Component: Checks & Agents
Level: 3
Class: New Feature
Version: 1.2.5i7
Check_MK now comes with a completely overhauled ORACLE monitoring. The
new agent plugins <tt>mk_oracle</tt> and <tt>mk_oracle.aix</tt> are ready
for use. The previous version of the Linux agent plugin has moved to
<tt>doc/treasures/mk_oracle.old</tt>.
Note: You do not need to update your already deployed plugins to the
new version immediately. The check plugins are compatible with the
output of both the old and the new agent.
The new agent has several advantages:
<ul>
<li>It comes with many additional checks.</li>
<li>It now correctly supports all ORACLE versions starting from 9.2.</li>
<li>It supports authentication via the ORACLE password wallet.</li>
<li>It is much faster: it only needs two logins into each database -
one of which is being done only every 10 minutes.</li>
</ul>
We are preparing an update of the documentation as well.
ID: 1479
Title: liveproxyd: new function for collecting remote inventory data
Component: HW/SW-Inventory
Level: 2
Class: New Feature
Version: 1.2.5i7
The Livestatus Proxy Daemon has now a new function for collecting HW/SW-Data
from remote sites. This needs up-to-date versions of Nagios or CMC on these
sites, otherwise the proxy daemon will fail to consider these sites as up! So
if you update the liveproxd you also need to update your remote sites!
Note: The new feature only works in OMD based installations. After updating
all sites to the new version, HW/SW-Inventory data collected on remote
sites that are connected via liveproxyd will automatically be transferred
to the central site.
ID: 1429
Title: Disabled snmp checktypes are now sorted out before Check_MK contacts the snmp host
Component: Core & Setup
Level: 2
Class: Bug Fix
Version: 1.2.5i6
Behaviour in the previous version: If a snmp host should be inventorized it was checked
with the full palette of all available snmp inventory functions. The filtering of unwanted checktypes
was done afterwards. This caused needless snmp queries towards the snmp host.
The filtering of unwanted checktypes is now done before the snmp host is contacted.
Note: This only applies to the WATO rule <i>Disabled checktypes</i> respectively the parameters
<tt>ignored_checktypes</tt> and <tt>ignored_checks</tt>, but not to <i>Disabled services</i>.
The latter one matches to service descriptions which are the result of a successful inventory.
ID: 1423
Title: Host HW-inventory: now longer generates an exception on displaying the BIOS date
Component: HW/SW-Inventory
Level: 2
Class: Bug Fix
Version: 1.2.5i6