Checkmk werks level2

checkmk-werks-lvl2@lists.checkmk.com

1 participants
1349 discussions

Checkmk Werk 14411: Disallow tuple ruleset format

by Max Linke

ID: 14411 Title: Disallow tuple ruleset format Component: Setup Level: 2 Class: Bug fix Version: 2.2.0i1 If you manage your check mk configuration only via the UI you are not affected by this change. The old pre 1.6 tuple ruleset format in rules.mk is not allowed any longer. See werk 7352 for the new format. If a tuple rule is found checkmk will throw an exception with detailed information how it expects the rule to look like. We do not guarantee that this information will be included after version 2.2 .

2 years, 2 months

Checkmk Werk 14411: Disallow tuple ruleset format

by Max Linke

2 years, 2 months

Checkmk Werk 13890: Resurrect magic column name prefixing for cached state history table

by Sven Panne

ID: 13890 Title: Resurrect magic column name prefixing for cached state history table Component: Livestatus Level: 2 Class: Bug fix Version: 2.2.0i1 There was a regression in 2.1 which broke the magic prefixing of column names for the statehist table with "current_". This in turn broke various availability-related things in the GUI which relied on that hack.

2 years, 2 months

Checkmk Werk 13889: Fixed unit/description translation of SNMP traps

by Sven Panne

ID: 13889 Title: Fixed unit/description translation of SNMP traps Component: Event Console Level: 2 Class: Bug fix Version: 2.2.0i1 Due to a regression in 2.1, the translation of units and descriptions of SNMP traps was broken, this has been fixed.

2 years, 2 months

Checkmk Werk 13888: Handle comments/downtimes for vanished hosts/services

by Sven Panne

ID: 13888 Title: Handle comments/downtimes for vanished hosts/services Component: cmc Level: 2 Class: Bug fix Version: 2.2.0i1 There was a regression compared to 2.0 when loading the CMC state: Comments/downtimes for vanished hosts/services resulted in a CMC crash. This has been fixed, such comments/downtimes are now silently ignored, as before.

2 years, 2 months

Checkmk Werk 13926: validation of error responses of the REST API

by Christoph Rauch

ID: 13926 Title: validation of error responses of the REST API Component: Core & setup Level: 2 Class: Bug fix Version: 2.2.0i1 This werk changes the default error schema to be in line with the until now returned responses. The schema and responses did not fit and it was not found because the responses were not checked automatically. This is now the case. To ensure that dynamic scripts will not break only the schema has been changed. Users of dynamic languages (Python, Bash, etc.) will not have to change anything. If you use a statically generated API client, you may need to re-compile the client after this werk. The changed fields in the schema (not the response) are: - code -> status - message -> detail

2 years, 3 months

Checkmk Werk 14349: performance bug when using a cluster

by Max Linke

ID: 14349 Title: performance bug when using a cluster Component: Core & setup Level: 2 Class: Bug fix Version: 2.2.0i1 Running all checks on a cluster with more than 100 services took several minutes. This has been fixed and runtime is now a few seconds. No user interaction required.

2 years, 3 months

Checkmk Werk 13724: Remove legacy macro expansion in Event Console script actions

by Maximilian Wirtz

ID: 13724 Title: Remove legacy macro expansion in Event Console script actions Component: Event Console Level: 2 Class: Security fix Version: 2.2.0i1 The Event Console is able to execute actions, e.g. shell scripts, when opening or cancelling events. Details of the events are available to the script via environment variables <tt>CMK_</tt> as described in the user manual (https://docs.checkmk.com/latest/en/ec.html#_shell_scripts_and_emails). This mechanism will keep working as before. However, there is a second undocumented mechanism which relies on macro expansion in the shell scripts. Previously it was possible to use macros (e.g. <tt>$HOST$</tt>) in the Event Console scripts. These were replaced before executing the script. The values of these macros can be untrusted input and lead to command injections. You are only affected by this issue, if your scripts use the macro expansion. With this incompatible change we remove the macro expansion mechanism for security reasons. The site update mechanism tries to detect Event Console actions using these macros, disables the actions and informs you about this change. The output of an <tt>omd update</tt> for a rule being disabled would look like this: C+: "Script 'some_action_id' uses macros. We disable it. Please replace the macros with proper variables before enabling it again!" C-: If you use the Event Console with shell script actions you should check your scripts for macros and replace them with the documented environment variable approach (Setup > Events > Event Console rule packs > Event Console configuration > Event Console configuration). You can access all macro values with environment variables (they are prefixed with <tt>CMK_</tt>).

2 years, 4 months

Checkmk Werk 14089: Checkmk agent TLS encryption and compression

by Moritz Kiemer

ID: 14089 Title: Checkmk agent TLS encryption and compression Component: Checks & agents Level: 2 Class: New feature Version: 2.2.0i1 In Checkmk version 2.1 the monitoring data sent from the monitored host to the monitoring server is TLS encrypted and compressed by default. This is realized by a new component on the monitored hosts: The Checkmk agent controller <tt>cmk-agent-ctl</tt>. The added executable is called <tt>cmk-agent-ctl</tt>. On Linux systems, the agent controller will be run as a dedicated user cmk-agent, which is added during installation. As a result the process listening on the TCP port will have limited privileges, and the agent output is not available to any other local user. While upgraded setups will continue to work as before, in order to enable TLS encryption an additional registration step is required. More information on the registration step, the installation and the provided commands can be found <a href="https://docs.checkmk.com/master/en/agent_linux.html">in our online documentation</a>.

2 years, 4 months

Checkmk Werk 14087: Fix privilege escalation vulnerability

by Moritz Kiemer

ID: 14087 Title: Fix privilege escalation vulnerability Component: Checks & agents Level: 2 Class: Security fix Version: 2.2.0i1 Previously to this Werk an attacker who could become a site user could replace the sites <tt>bin/unixcat</tt> by a custom executable. The Checkmk agent would then run it as root. With this Werk the agent now always calls one of the shipped <tt>unixcat</tt>s below <tt>/omd/versions/</tt>. All maintained versions (>=1.6) are subject to this vulnerability. It is likely that also previous versions were vulnerable. To check against possible exploitation make sure that the sites directory <tt>~MySite/bin</tt> points to <tt>/omd/versions/MySitesVersion/bin<tt>. CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H 8.2 CVE will be added here later

2 years, 4 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level2