def execute(self) -> Iterator[ACResult]:
if not rulebased_notifications_enabled():
yield ACResultCRIT(
"Rulebased notifications are deactivated in the global settings"
)
else:
yield ACResultOK(_("Rulebased notifications are activated"))
def execute(self) -> Iterator[ACResult]:
errors = cmk.gui.utils.get_failed_plugins()
if not errors:
yield ACResultOK(_("No broken extensions were found."))
for plugin_path, e in errors:
yield ACResultCRIT(_('Loading "%s" failed: %s') % (plugin_path, e))
def execute(self) -> Iterator[ACResult]:
if "checkresult" in self._get_effective_global_setting(
"alert_handler_event_types"):
yield ACResultCRIT(
_("Alert handler are configured to handle all check execution."
))
else:
yield ACResultOK(_("Alert handlers will handle state changes."))
def execute(self) -> Iterator[ACResult]:
cfg = ConfigDomainOMD().default_globals()
if not cfg["site_livestatus_tcp"]:
yield ACResultOK(_("Livestatus network traffic is encrypted"))
return
if not cfg["site_livestatus_tcp"]["tls"]:
yield ACResultCRIT(_("Livestatus network traffic is unencrypted"))
def execute(self) -> Iterator[ACResult]:
if (cmk.gui.plugins.userdb.htpasswd.HtpasswdUserConnector(
{}).check_credentials(UserId("omdadmin"), "omd") == "omdadmin"):
yield ACResultCRIT(
_("Found <tt>omdadmin</tt> with default password. "
"It is highly recommended to change this password."))
else:
yield ACResultOK(
_("Found <tt>omdadmin</tt> using custom password."))
def execute(self) -> Iterator[ACResult]:
rules = self._get_rules()
if not bool(rules):
yield ACResultOK(
_("No ruleset <b>State in case of restricted address mismatch</b> is configured"
))
return
for folder_title, rule_state in rules:
yield ACResultCRIT("Rule in <b>%s</b> has value <b>%s</b>" %
(folder_title, rule_state))
def execute(self) -> Iterator[ACResult]:
only_encrypted = True
config = self._get_effective_global_setting(
"notification_spooler_config")
if (incoming := config.get(
"incoming",
{})) and incoming.get("encryption") == "unencrypted":
only_encrypted = False
yield ACResultCRIT(
_("Incoming connections on port %s communicate via plain text")
% incoming["listen_port"])
def execute(self) -> Iterator[ACResult]:
all_rules_ok = True
for folder, rule_index, rule in self._get_rules():
vsphere_queries_agent = rule.value.get("direct") in [
"agent", "hostsystem_agent"
]
if vsphere_queries_agent:
all_rules_ok = False
yield ACResultCRIT(
_("Rule %d in Folder %s is affected") %
(rule_index + 1, folder.title()))
if all_rules_ok:
yield ACResultOK(_("No configured rules are affected"))
class ACTestMknotifydCommunicationEncrypted(ACTest):
def category(self) -> str:
return ACTestCategories.security
def title(self) -> str:
return _("Encrypt notification daemon communication")
def help(self) -> str:
return _(
"Since version 2.1 it is possible to encrypt the communication of the notification "
"daemon with TLS. After an upgrade of an existing site incoming connections will still "
"use plain text communication and outgoing connections will try to use TLS and fall "
"back to plain text communication if the remote site does not support TLS. It is "
"recommended to enforce TLS encryption as soon as all sites support it."
)
def is_relevant(self) -> bool:
return True
def execute(self) -> Iterator[ACResult]:
only_encrypted = True
config = self._get_effective_global_setting(
"notification_spooler_config")
if (incoming := config.get(
"incoming",
{})) and incoming.get("encryption") == "unencrypted":
only_encrypted = False
yield ACResultCRIT(
_("Incoming connections on port %s communicate via plain text")
% incoming["listen_port"])
for outgoing in config["outgoing"]:
socket = f"{outgoing['address']}:{outgoing['port']}"
if outgoing["encryption"] == "upgradable":
only_encrypted = False
yield ACResultWARN(
_("Encryption for %s is only used if it is enabled on the remote site"
) % socket)
if outgoing["encryption"] == "unencrypted":
only_encrypted = False
yield ACResultCRIT(
_("Plain text communication is enabled for %s") % socket)
if only_encrypted:
yield ACResultOK(
"Encrypted communication is enabled for all configured connections"
)
def execute(self) -> Iterator[ACResult]:
if not self._get_effective_global_setting("escape_plugin_output"):
yield ACResultCRIT(
_("Please consider configuring the host or service rulesets "
'<a href="%s">Escape HTML in service output</a> or '
'<a href="%s">Escape HTML in host output</a> instead '
'of <a href="%s">disabling escaping globally</a>') %
(
"wato.py?mode=edit_ruleset&varname=extra_service_conf:_ESCAPE_PLUGIN_OUTPUT",
"wato.py?mode=edit_ruleset&varname=extra_host_conf:_ESCAPE_PLUGIN_OUTPUT",
"wato.py?mode=edit_configvar&varname=escape_plugin_output",
))
else:
yield ACResultOK(
_('Escaping is <a href="%s">enabled globally</a>') %
"wato.py?mode=edit_configvar&varname=escape_plugin_output")
