Checkmk werks level2

checkmk-werks-lvl2@lists.checkmk.com

1 participants
1349 discussions

Check_MK Werk 0784: Improved security of WATO bulk inventory by using transaction ids

by Andreas Boesl

ID: 0784 Title: Improved security of WATO bulk inventory by using transaction ids Component: WATO Level: 2 Class: New Feature Version: 1.2.5i3

10 years, 5 months

Check_MK Werk 0752: FIX: compute correct state transitions for notifications

by Mathias Kettner

ID: 0752 Title: FIX: compute correct state transitions for notifications Component: Notifications Level: 2 Class: Bug Fix Version: 1.2.5i3 This fixes a problem with the combination of <ul> <li>Rule based notifications</li> <li>Maximum check attempts > 1</li> <li>Rule conditions based on the <i>original</i> state of a host or service</li> </ul> When a service got CRIT while having more than one check attempt, the previous (soft) state would be displayed as CRIT, while it is OK in fact. This has been fixed natively when using the Check_MK Micro Core. When using Nagios then during the notification the previous hard state is not always known. In doubt a notification is being sent out rather then omitted.

10 years, 5 months

Check_MK Werk 0781: host diag page: fixed problem with update of diagnose subwindows

by Andreas Boesl

ID: 0781 Title: host diag page: fixed problem with update of diagnose subwindows Component: WATO Level: 2 Class: Bug Fix Version: 1.2.5i3 The subwindows in the host diagnostic page did not get updated properly, because of an incorrect transaction handling.

10 years, 5 months

Check_MK Werk 0747: livestatus table hostsbygroup: fixed bug with group_authorization strict

by Andreas Boesl

ID: 0747 Title: livestatus table hostsbygroup: fixed bug with group_authorization strict Component: Livestatus Level: 2 Class: Bug Fix Version: 1.2.5i3 On calling the livestatus table hostsbygroup with an AuthUser the table did not hide the entire hostsgroup in case the group_authorization was set to <tt>strict</tt> and one host in the group was not a contact for the AuthUser. This has been fixed. With the group_authorization <tt>strict</tt> setting the AuthUser now needs to be a contact of every host in the hostgroup, otherwise the hostgroup is not shown at all.

10 years, 5 months

Check_MK Werk 0767: Signing and verification of WATO snapshot (addresses CVE-2014-2330)

by Lars Michelsen

ID: 0767 Title: Signing and verification of WATO snapshot (addresses CVE-2014-2330) Component: WATO Level: 2 Class: Bug Fix Version: 1.2.5i2 This change addresses possible attacks against Check_MK using the WATO "Backup & Restore" module, known as CVE-2014-2330. In previous versions there were no checksum verifications or signings of the snapshots contents implemented. This has been changed now. The files within the snapshot which contain Check_MK configuration files and definitions of check commands etc. are now verified using checksums and signed. When you import / export a snapshot on a single site, there is no difference to the former handling. When you or someone else modifies the snapshots between import and export, the restore process will warn you about the modification and let you decide if you trust the file and restore it anyways or terminate the restore process. In the case you import a snapshot from another site, the singing can not be verified. In this case, you get a warning about this and can continue or skip the restore process.

10 years, 5 months

Check_MK Werk 0766: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330)

by Lars Michelsen

ID: 0766 Title: Changed transid implemtation to work as CSRF protection (Fixes CVE-2014-2330) Component: Multisite Level: 3 Class: Bug Fix Version: 1.2.5i2 This change fixes possible attacks against Check_MK Multisite users. In previous versions a possible attacker could try to make the browsers of authenticated users open URLs of the Check_MK Multisite GUI to execute actions e.g. within WATO without knowledge of the attacked user. To make such an attack possible, there are several things needed: The user must be authenticated with multisite and have enough permission within multisite to execute the actions the attacker wants to use, the attacker needs to know the exact URL to the Multisite GUI. Then the attacker needs to make the user either click on a manipulated link or open a manipulated webpage which makes the browser of the user, where the user is authenticated with multisite, open the URL the attacker wants to make it open. The multisite GUI makes use of transids (transaction ids) when processing form submissions or actions. The transids were mainly used to prevent double execution of actions when reloading the page which performed the action in the browser. Now we changed internal handling of the transid to make it also prevent CSRF attacks. The transid is now some kind of shared secret between the webserver and the browser of the user. This ensures a form submission is intended by a previously requested page. This change impicates an incompatible change: In case you use a script which opens multisite pages to perform an action, e.g. set a downtime and use this with a regular user account which authenticates by username/password, the script won't work anymore after this change. The way to go is to adapt the script and change the user to authenticate with an automation secret instead of a password. For this kind of authentication, you will need to user other URL parameters (_username=... and _secret=...).

10 years, 5 months

Check_MK Werk 0762: Fixed availability filters not opening in IE7

by Lars Michelsen

ID: 0762 Title: Fixed availability filters not opening in IE7 Component: Multisite Level: 2 Class: Bug Fix Version: 1.2.5i1

10 years, 5 months

Check_MK Werk 0761: New bulk host import mode in WATO

by Lars Michelsen

ID: 0761 Title: New bulk host import mode in WATO Component: WATO Level: 2 Class: New Feature Version: 1.2.5i1 You can now import a list of hosts into a WATO folder. The new feature can be reached by clicking the <tt>Bulk Import</tt> button a WATO folder of your choice. Simply add a list of host names to the text area, choose whether or not you like to do an inventory afterwards and then click <tt>Import</tt>.

10 years, 5 months

Check_MK Werk 0597: dell_chassis_slots: new check to monitor the status of the blade slots of the Dell Poweredge Blade Servers

by Götz Golla

ID: 0597 Title: dell_chassis_slots: new check to monitor the status of the blade slots of the Dell Poweredge Blade Servers Component: Checks & Agents Level: 2 Class: New Feature Version: 1.2.5i1

10 years, 6 months

Check_MK Werk 0596: dell_chassis_status, dell_chassis_temp, dell_chassis_kvm, dell_chassis_io, dell_chassis_fans: new checks to monitor the overall status of various sections of the Dell Poweredge Chassis via CMC

by Götz Golla

ID: 0596 Title: dell_chassis_status, dell_chassis_temp, dell_chassis_kvm, dell_chassis_io, dell_chassis_fans: new checks to monitor the overall status of various sections of the Dell Poweredge Chassis via CMC Component: Checks & Agents Level: 2 Class: New Feature Version: 1.2.5i1

10 years, 6 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level2