def _check_site(self, site_id): if _site_is_using_livestatus_proxy(site_id): yield ACResultOK(_("Site is using the Livestatus Proxy Daemon")) elif not is_wato_slave_site(): yield ACResultWARN( _( "The Livestatus Proxy is not only good for slave sites, " "enable it for your master site" ) ) else: yield ACResultWARN(_("Use the Livestatus Proxy Daemon for your site"))
def execute(self) -> Iterator[ACResult]: jobs = SiteBackupJobs() for job in jobs.objects.values(): if job.is_encrypted(): yield ACResultOK(_('The job "%s" is encrypted') % job.title()) else: yield ACResultWARN(_('There job "%s" is not encrypted') % job.title())
def execute(self) -> Iterator[ACResult]: if self._tmpfs_mounted(omd_site()): yield ACResultOK(_("The temporary filesystem is mounted")) else: yield ACResultWARN( _( "The temporary filesystem is not mounted. Your installation " "may work with degraded performance." ) )
def _check_site(self, site_id, site_config): persist = site_config.get("persist", False) if persist and _site_is_using_livestatus_proxy(site_id): yield ACResultWARN( _( "Persistent connections are nearly useless " "with Livestatus Proxy Daemon. Better disable it." ) ) elif persist: # TODO: At least for the local site we could calculate this. # Or should we get the apache config from the remote site via automation? yield ACResultWARN( _( "Either disable persistent connections or " "carefully review maximum number of Apache processes and " "possible livestatus connections." ) ) else: yield ACResultOK(_("Is not using persistent connections."))
def execute(self) -> Iterator[ACResult]: users = userdb.load_users() num_users = len(users) user_warn_threshold = 500 if num_users <= user_warn_threshold: yield ACResultOK(_("You have %d users configured") % num_users) else: yield ACResultWARN( _( "You have %d users configured. Please review the number of " "users you have configured in Checkmk." ) % num_users )
def execute(self) -> Iterator[ACResult]: for connection_id, connection in userdb.active_connections(): if connection.type() != "ldap": continue assert isinstance(connection, ldap.LDAPUserConnector) if connection.use_ssl(): yield ACResultOK(_("%s: Uses SSL") % connection_id) else: yield ACResultWARN( _("%s: Not using SSL. Consider enabling it in the " "connection settings.") % connection_id )
def execute(self) -> Iterator[ACResult]: process_limit = self._get_maximum_number_of_processes() average_process_size = self._get_average_process_size() estimated_memory_size = process_limit * (average_process_size * 1.2) yield ACResultWARN( _( "The Apache may start up to %d processes while the current " "average process size is %s. With these process limits the Apache may " "use up to %s RAM. Please ensure that your system is able to " "handle this." ) % ( process_limit, cmk.utils.render.fmt_bytes(average_process_size), cmk.utils.render.fmt_bytes(estimated_memory_size), ) )
class ACTestMknotifydCommunicationEncrypted(ACTest): def category(self) -> str: return ACTestCategories.security def title(self) -> str: return _("Encrypt notification daemon communication") def help(self) -> str: return _( "Since version 2.1 it is possible to encrypt the communication of the notification " "daemon with TLS. After an upgrade of an existing site incoming connections will still " "use plain text communication and outgoing connections will try to use TLS and fall " "back to plain text communication if the remote site does not support TLS. It is " "recommended to enforce TLS encryption as soon as all sites support it." ) def is_relevant(self) -> bool: return True def execute(self) -> Iterator[ACResult]: only_encrypted = True config = self._get_effective_global_setting("notification_spooler_config") if (incoming := config.get("incoming", {})) and incoming.get("encryption") == "unencrypted": only_encrypted = False yield ACResultCRIT( _("Incoming connections on port %s communicate via plain text") % incoming["listen_port"] ) for outgoing in config["outgoing"]: socket = f"{outgoing['address']}:{outgoing['port']}" if outgoing["encryption"] == "upgradable": only_encrypted = False yield ACResultWARN( _("Encryption for %s is only used if it is enabled on the remote site") % socket ) if outgoing["encryption"] == "unencrypted": only_encrypted = False yield ACResultCRIT(_("Plain text communication is enabled for %s") % socket) if only_encrypted: yield ACResultOK("Encrypted communication is enabled for all configured connections")
def execute(self) -> Iterator[ACResult]: try: num_cpu = multiprocessing.cpu_count() except NotImplementedError: yield ACResultOK( _("Cannot test. Unable to determine the number of CPUs on target system.") ) return if self._get_effective_global_setting("cmc_checker_helpers") > num_cpu: yield ACResultWARN( _( "Configuring more checkers than the number of available CPUs (%d) have " "a detrimental effect, since they are not IO bound." ) % num_cpu ) return yield ACResultOK(_("Number of Checkmk checkers is less than number of CPUs"))
def execute(self) -> Iterator[ACResult]: local_connection = LocalConnection() row = local_connection.query_row( "GET status\nColumns: helper_usage_checker average_latency_fetcher\n" ) checker_usage_perc = 100 * row[0] fetcher_latency = row[1] usage_warn, usage_crit = 85, 95 if checker_usage_perc >= usage_crit: cls: Type[ACResult] = ACResultCRIT elif checker_usage_perc >= usage_warn: cls = ACResultWARN else: cls = ACResultOK yield cls( _( "The current checker usage is %.2f%%. " "The checks have an average check latency of %.3fs." ) % (checker_usage_perc, fetcher_latency) ) # Only report this as warning in case the user increased the default helper configuration default_values = ABCConfigDomain.get_all_default_globals() if ( self._get_effective_global_setting("cmc_checker_helpers") > default_values["cmc_checker_helpers"] and checker_usage_perc < 50 ): yield ACResultWARN( _( "The checker usage is below 50%, you may decrease the number of " "checkers to reduce the memory consumption." ) )
def execute(self) -> Iterator[ACResult]: jobs = SiteBackupJobs() if jobs.choices(): yield ACResultOK(_("You have configured %d backup jobs") % len(jobs.choices())) else: yield ACResultWARN(_("There is no backup job configured"))
def execute(self) -> Iterator[ACResult]: if request.is_ssl_request: yield ACResultOK(_("Site is using HTTPS")) else: yield ACResultWARN(_("Site is using plain HTTP. Consider enabling HTTPS."))