Checkmk werks level2

checkmk-werks-lvl2@lists.checkmk.com

1 participants
1349 discussions

Checkmk Werk 14871: Windows agent's ProgramData directory is accessible only with admins permissions

by Sergey Kipnis

ID: 14871 Title: Windows agent's ProgramData directory is accessible only with admins permissions Component: Checks & agents Level: 2 Class: Security fix Version: 2.2.0i1 Previous to this Werk every authenticated Windows user could read some sensitive data from the Windows agent working directory. To prevent issues with leaking sensitive data we restrict the permission to read data of the Windows agent. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/…)

1 year, 11 months

Checkmk Werk 14298: Remove Web API

by Lars Michelsen

ID: 14298 Title: Remove Web API Component: Setup Level: 2 Class: New feature Version: 2.2.0i1 With Checkmk 2.1, announced by Werk #13640, the Web API was deprecated. This release now removes the Web API. We recommend migrating all existing scripts that use the Web API to the REST API.

1 year, 11 months

Checkmk Werk 14872: mk_logwatch plugins correctly reports changes on Windows

by Sergey Kipnis

ID: 14872 Title: mk_logwatch plugins correctly reports changes on Windows Component: Checks & agents Level: 2 Class: Bug fix Version: 2.2.0i1 Previously, mk_logwatch plugin may wrongly report as changed the whole content of a log file. The source of the problem was an unstable file identification algorithm on Windows. With this release logwatch plugin on Windows always correctly deteremines changed part of monitored file.

1 year, 11 months

Checkmk Werk 14916: Do not log host secret

by Maximilian Wirtz

ID: 14916 Title: Do not log host secret Component: agents Level: 3 Class: Security fix Version: 2.2.0i1 When using the Agent updater the Checkmk server needs a secret in order to allow the agent to download new agents. For security reasons this secret is unique for each host and generated with the <tt>cmk-update-agent register</tt> command. Unfortunately the generated host secret was written to the cmk-update-agent.log. This logfile is not protected and usually world-readable. With this secret one can download the current agent from the Checkmk server. Included in that agent package are the plugin configs which can contain other secrets. (e.g. database credentials) Mitigations without updateing: LI: Reregister the agent-updater. Then sanitize the cmk-update-agent.log files. LI: If you cannot rule out that any unauthorized user read <tt>/var/lib/check_mk_agent/cmk-update-agent.log</tt> respectively <tt>C:\ProgramData\checkmk\agent\log\cmk-update-agent.log</tt> you should rotate all secrets that might be or were included in the agent configurations. Steps needed with the update: LI: Update your agent. LI: Reregister the agent-updater. All versions including 1.5 are subject to this vulnerability. We found this vulnerability internally and have no indication of any exploitation. We calculated a CVSS 3.1 score of 6.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

1 year, 11 months

Checkmk Werk 14683: Fixed livedump for Python 3

by Sven Panne

ID: 14683 Title: Fixed livedump for Python 3 Component: Core & setup Level: 2 Class: Bug fix Version: 2.2.0i1 The livedump tool generated invalid configurations and states when used with Python 3, effectively rendering the tool unusable. This has been fixed.

1 year, 11 months

Checkmk Werk 14534: Add unit conversion support for graphs

by Giordano Tomassorri

ID: 14534 Title: Add unit conversion support for graphs Component: metrics Level: 2 Class: New feature Version: 2.2.0i1 This werk adds the support for converting the displayed unit of a metric in a graph. Currently we only support conversion of degrees from Celsius to Fahrenheit or Kelvin but this can be extended in the future. To convert a unit you can use the Convert unit to option in Graph Tunings.

1 year, 11 months

Checkmk Werk 14869: Fix regression in mk_logwatch plugin in Windows

by Sergey Kipnis

ID: 14869 Title: Fix regression in mk_logwatch plugin in Windows Component: Checks & agents Level: 2 Class: Bug fix Version: 2.2.0i1 Until now mk_logwatch plugin could not create a directory for batch files because the directory name as a rule contained a colon and the colon is a forbidden symbol in NTFS. Due to this bug the logwatch monitoring was impossible. With this version mk_logwatch plugin replaces the colon in directory name with an underscore thus fixing the regression. SUP-11644

1 year, 11 months

Checkmk Werk 14866: Windows powershell plugins generate Utf-8 output by default

by Sergey Kipnis

ID: 14866 Title: Windows powershell plugins generate Utf-8 output by default Component: Checks & agents Level: 2 Class: New feature Version: 2.2.0i1 Since this release, the output of all Windows powershell plugins is configured as Utf-8 thus eliminating any problems with non-ASCII symbols in the output.

2 years

Checkmk Werk 14606: Agent Bakery: Optionally log to dedicated logfile

by Andreas Umbreit

ID: 14606 Title: Agent Bakery: Optionally log to dedicated logfile Component: Setup Level: 2 Class: New feature Version: 2.2.0i1 It's now possible to activate logging for the agent bakery. When activated at Global Settings - Setup - Agent bakery logging</t>, the agent bakery will log messages to <tt>~/var/log/agent_bakery.log</tt>, with the selected loglevel. This is applies equally to bakery jobs invoked via GUI via command line. Without activated logging, baking details are still available on the command line when baking with command <tt>cmk --bake-agents -v</tt> as a site user. Also, when baking on the GUI, on failure, error details are propagated to the executing background job as they already used to be.

2 years, 1 month

Checkmk Werk 14285: Fix frozen Microcore (Livestatus not responding) during config reloads

by Lars Michelsen

ID: 14285 Title: Fix frozen Microcore (Livestatus not responding) during config reloads Component: Core & setup Level: 2 Class: Bug fix Version: 2.2.0i1 The reload of the Microcore core and it's helper processed could freeze when the core had notifications pending during reload. This was caused by a deadlock between the Notification helper and the Microcore. The Microcore was still alive but waiting to the notification helper to terminate while the notification helper waited for the Microcore. >From the user perspective this resulted in Livestatus not being responsive while the cmc.log showed a message like: <tt>still X unsent events, sending them now</tt>.

2 years, 2 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level2