Checkmk werks level2

checkmk-werks-lvl2@lists.checkmk.com

1 participants
1349 discussions

Check_MK Werk 6787: Notification spooler: Fixed file path traversal vulnerability

by Lars Michelsen

ID: 6787 Title: Notification spooler: Fixed file path traversal vulnerability Component: Notifications Level: 2 Class: Security fix Version: 1.6.0i1 The notification daemon of one site connects to the notification daemon of another site to exchange notifications between both sites. The notification daemon was not validating the incoming data correctly which made it possible for an attacker that has access to the notification sending site to compromise the receiving site. Using this vulnerability it was possible to write write files in directories that are writable by the receiving site user. This could be used to gain access to the site.

5 years, 11 months

Check_MK Werk 6788: Notification spooler: Fixed deserialization of arbitrary input

by Lars Michelsen

ID: 6788 Title: Notification spooler: Fixed deserialization of arbitrary input Component: Notifications Level: 2 Class: Security fix Version: 1.6.0i1 The notification daemon of one site connects to the notification daemon of another site to exchange notifications between both sites. The messages that are sent between the notification daemons were encoded in an insecure format which allowed code injections between the communication partners. This means it was possible to inject code from one notification spooler to another. We have now changed the message format to a secure alternative which prevents code injections. To be able to perform this transition without loosing notifications and preventing subtile incompatibilities we decided to keep the new format disabled by default for all sites created with Check_MK 1.4 and 1.5. This means your installation will still be affected by this issue by default after updating. However, once you have updated all your sites to at least 1.4.0p37 in case of the 1.4.0 branch or or at least 1.5.0p7 in case of the 1.5.0 branch you can change the main configuration option "Notification Spooler insecure messages" to "off" and activate the new configuration. Once you have done this all notification spoolers will use the new secure message format. Please note that the 1.6 notification spoolers will always use the new message format and not be compatible to the old message format of the 1.5 notification spoolers anymore. If you plan to use 1.5 and 1.6 together during migration you will have to ensure that you use the new message format in your 1.5 sites.

5 years, 11 months

Check_MK Werk 6780: Fixed random alert / notify helper crashes on some platforms

by Lars Michelsen

ID: 6780 Title: Fixed random alert / notify helper crashes on some platforms Component: Core & setup Level: 2 Class: Bug fix Version: 1.6.0i1 The alert and notify helpers of the Microcore could crash "randomly" after hours of operation. The crash was visible in form of "ImportError: cannot import name" messages in the var/log/notify.log or var/log/alert.log. Due to another problem, which will also be fixed soon, the crash of the helper process made the Microcore process crash. As far as we know this happened only on Debian Jessie, CentOS/RedHat 7 and SLES12 SP1/SP2. CMK-1085

5 years, 11 months

Check_MK Werk 6779: Fixed displaying unrelated livestatus data to users randomly

by Lars Michelsen

ID: 6779 Title: Fixed displaying unrelated livestatus data to users randomly Component: Multisite Level: 2 Class: Bug fix Version: 1.6.0i1 Because subsequent requests to the GUI could use left over livestatus connections of other users it could randomly happen that one user used the livestatus connection of another user which could then result in wrong data shown to the user in the GUI.

5 years, 11 months

Check_MK Werk 6770: Showing graph metric values at mouse position now

by Lars Michelsen

ID: 6770 Title: Showing graph metric values at mouse position now Component: metrics Level: 2 Class: New feature Version: 1.6.0i1 When moving the mouse pointer on Check_MK graphs a hover popup will be shown at the mous position that contains the date and time of the current mouse position together with the values of the single metrics.

5 years, 11 months

Check_MK Werk 6628: Improved timeperiod management

by Lars Michelsen

ID: 6628 Title: Improved timeperiod management Component: WATO Level: 2 Class: New feature Version: 1.6.0i1 The timeperiod management pages have been improved ins several ways: <ul> <li>Timeperiods can now be cloned.</li> <li>Configuring equal times for all weekdays is now easier. Instead of setting the same time ranges for each weekday it is now possible to select "Same times for all week days".</li> <li>Timeperiods listed in the excludes list are now sorted.</li> <li>The number of time ranges per day is now flexible. The dialog starts with a single time range. You may click on "add time range" to add more.</li> <li>Improved validations of input values.</li> <li>The builtin timeperiod 24X7 is now always visible. The implicit existance of this timeperiod confused users.</li> </ul>

5 years, 12 months

Check_MK Werk 6662: Timespecific check parameters: Changed computation algorithm to allow more flexible configurations

by Andreas Boesl

ID: 6662 Title: Timespecific check parameters: Changed computation algorithm to allow more flexible configurations Component: WATO Level: 2 Class: New feature Version: 1.6.0i1 Werk #4840 introduced timespecific parameters, which allowed timedependant check parameter configuration through timeperiods. Customer feedback has shown that these configuration were not flexible enough. Thats why we've changed the computation algorithm. The new algorithm only affects dictionary based check parameters, tuple based check parameters remain unchanged. H3:Ruleset example old configuration (deprecated with this werk) <ul> <li>Use parameters {"warn": 90} on saturday, default {"warn": 75, "crit": 80}</li> <li>Use parameters {"warn": 85, "crit": 92"} on weekend, default {"warn": 70, "crit": 75, "bandwidth": 1000}</li> <li>Use parameters {"check_mode": "auto"} (no timespecific rule)</li> </ul> The old mechanism created the following parameters <ul> <li>Monday till Friday: {"warn": 75, "crit": 80"}</li> <li>Saturday: {"warn": 90}</li> <li>Sunday: {"warn": 75, "crit": 80}</li> </ul> As you can see, only the parameters from the first rule were taken into account. H3:Ruleset example new configuration <ul> <li>Use parameters {"warn": 90} on saturday, default {"warn": 75, "crit": 80}</li> <li>Use parameters {"warn": 85, "crit": 92"} on weekend, default {"warn": 70, "crit": 75, "bandwidth": 1000}</li> <li>Use parameters {"check_mode": "auto"} (no timespecific rule)</li> </ul> The new mechanism now creates the following parameters <ul> <li>Monday till Friday: {"warn": 75, "crit": 80", "check_mode": "auto"}</li> <li>Saturday: {"warn": 90, "crit": 80, "bandwith": 1000, "check_mode": "auto"}</li> <li>Sunday: {"warn": 85, "crit": 92, "bandwith": 1000, "check_mode": "auto"}</li> </ul> As you can see, only the parameters from the first rule were taken into account. The rule evaluation now starts at the bottom rule and then progresses to the top rule. For each rule, first of all the default parameters are applied. Afterwards the timespecific component(s) are applied. If a single rule have more than one timespecific parameter, these parameters are merged, too. For example: <ul> <li>Use parameters {"warn": 75, "crit": 80, "check_mode": "auto"} on Saturday 10-14h, Use parameters {"special_parameter": True} on Saturday 12-14h</li> <li>Use parameters {"warn": 85, "crit": 92"} on weekend, default {"warn": 70, "crit": 75, "bandwidth": 1000}</li> <li>Use parameters {"check_mode": "auto"} (no timespecific rule)</li> </ul> Result <ul> <li>Saturday 11:00: {"warn": 75, "crit": 80, "bandwidth": 1000, "check_mode": "auto"}</li> <li>Saturday 13:00: {"warn": 75, "crit": 80, "bandwidth": 1000, "check_mode": "auto", "special_parameter": True}</li> </ul>

5 years, 12 months

Check_MK Werk 6659: Agent Baking: Fixed bug where hosts used bakery settings from other hosts

by Andreas Boesl

ID: 6659 Title: Agent Baking: Fixed bug where hosts used bakery settings from other hosts Component: WATO Level: 2 Class: Bug fix Version: 1.6.0i1 The rule evaluation for bakery rules was broken for certain dictionary based rule types. As a result HostA may have received plugin configurations for HostB.

6 years

Check_MK Werk 6615: Fixed unauthorized access to master control actions

by Lars Michelsen

ID: 6615 Title: Fixed unauthorized access to master control actions Component: Multisite Level: 2 Class: Security fix Version: 1.6.0i1 As an authenticated guest user it was possible to gain unauthorized access to the master control snapin actions event if it is not possible to open the master control snapin. The vulnerability could be used to disable the complete monitoring or trigger other actions like disabling notifications.

6 years

Check_MK Werk 6617: Check_MK is now available as Docker container

by Lars Michelsen

ID: 6617 Title: Check_MK is now available as Docker container Component: Site Management Level: 2 Class: New feature Version: 1.6.0i1 Besides the traditional operating system packages we are now providing Check_MK as Docker container image to improve the support of using Check_MK in containerized environments. For the moment the Docker images are published together with the other Check_MK packages on the versions download pages for manual download. Future releases of the Check_MK Raw Edition will be published on Docker Hub (https://hub.docker.com/r/checkmk/check-mk-raw/). On this page you can already find some information on how to use the images. These instructions apply to all Check_MK Editions. The Enterprise and Managed Services Edition containers will also be available through a docker image repository in the future. For the moment you will have to download and import the images manually using <tt>docker load</tt>.

6 years

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level2