Esempio n. 1
0
 def execute(self) -> Iterator[ACResult]:
     if not rulebased_notifications_enabled():
         yield ACResultCRIT(
             "Rulebased notifications are deactivated in the global settings"
         )
     else:
         yield ACResultOK(_("Rulebased notifications are activated"))
Esempio n. 2
0
    def execute(self) -> Iterator[ACResult]:
        errors = cmk.gui.utils.get_failed_plugins()
        if not errors:
            yield ACResultOK(_("No broken extensions were found."))

        for plugin_path, e in errors:
            yield ACResultCRIT(_('Loading "%s" failed: %s') % (plugin_path, e))
Esempio n. 3
0
 def execute(self) -> Iterator[ACResult]:
     if "checkresult" in self._get_effective_global_setting(
             "alert_handler_event_types"):
         yield ACResultCRIT(
             _("Alert handler are configured to handle all check execution."
               ))
     else:
         yield ACResultOK(_("Alert handlers will handle state changes."))
Esempio n. 4
0
    def execute(self) -> Iterator[ACResult]:
        cfg = ConfigDomainOMD().default_globals()
        if not cfg["site_livestatus_tcp"]:
            yield ACResultOK(_("Livestatus network traffic is encrypted"))
            return

        if not cfg["site_livestatus_tcp"]["tls"]:
            yield ACResultCRIT(_("Livestatus network traffic is unencrypted"))
Esempio n. 5
0
 def execute(self) -> Iterator[ACResult]:
     if (cmk.gui.plugins.userdb.htpasswd.HtpasswdUserConnector(
         {}).check_credentials(UserId("omdadmin"), "omd") == "omdadmin"):
         yield ACResultCRIT(
             _("Found <tt>omdadmin</tt> with default password. "
               "It is highly recommended to change this password."))
     else:
         yield ACResultOK(
             _("Found <tt>omdadmin</tt> using custom password."))
Esempio n. 6
0
    def execute(self) -> Iterator[ACResult]:
        rules = self._get_rules()
        if not bool(rules):
            yield ACResultOK(
                _("No ruleset <b>State in case of restricted address mismatch</b> is configured"
                  ))
            return

        for folder_title, rule_state in rules:
            yield ACResultCRIT("Rule in <b>%s</b> has value <b>%s</b>" %
                               (folder_title, rule_state))
Esempio n. 7
0
    def execute(self) -> Iterator[ACResult]:
        only_encrypted = True
        config = self._get_effective_global_setting(
            "notification_spooler_config")

        if (incoming := config.get(
                "incoming",
            {})) and incoming.get("encryption") == "unencrypted":
            only_encrypted = False
            yield ACResultCRIT(
                _("Incoming connections on port %s communicate via plain text")
                % incoming["listen_port"])
Esempio n. 8
0
    def execute(self) -> Iterator[ACResult]:
        all_rules_ok = True
        for folder, rule_index, rule in self._get_rules():
            vsphere_queries_agent = rule.value.get("direct") in [
                "agent", "hostsystem_agent"
            ]
            if vsphere_queries_agent:
                all_rules_ok = False
                yield ACResultCRIT(
                    _("Rule %d in Folder %s is affected") %
                    (rule_index + 1, folder.title()))

        if all_rules_ok:
            yield ACResultOK(_("No configured rules are affected"))
Esempio n. 9
0
class ACTestMknotifydCommunicationEncrypted(ACTest):
    def category(self) -> str:
        return ACTestCategories.security

    def title(self) -> str:
        return _("Encrypt notification daemon communication")

    def help(self) -> str:
        return _(
            "Since version 2.1 it is possible to encrypt the communication of the notification "
            "daemon with TLS. After an upgrade of an existing site incoming connections will still "
            "use plain text communication and outgoing connections will try to use TLS and fall "
            "back to plain text communication if the remote site does not support TLS. It is "
            "recommended to enforce TLS encryption as soon as all sites support it."
        )

    def is_relevant(self) -> bool:
        return True

    def execute(self) -> Iterator[ACResult]:
        only_encrypted = True
        config = self._get_effective_global_setting(
            "notification_spooler_config")

        if (incoming := config.get(
                "incoming",
            {})) and incoming.get("encryption") == "unencrypted":
            only_encrypted = False
            yield ACResultCRIT(
                _("Incoming connections on port %s communicate via plain text")
                % incoming["listen_port"])

        for outgoing in config["outgoing"]:
            socket = f"{outgoing['address']}:{outgoing['port']}"
            if outgoing["encryption"] == "upgradable":
                only_encrypted = False
                yield ACResultWARN(
                    _("Encryption for %s is only used if it is enabled on the remote site"
                      ) % socket)
            if outgoing["encryption"] == "unencrypted":
                only_encrypted = False
                yield ACResultCRIT(
                    _("Plain text communication is enabled for %s") % socket)

        if only_encrypted:
            yield ACResultOK(
                "Encrypted communication is enabled for all configured connections"
            )
Esempio n. 10
0
 def execute(self) -> Iterator[ACResult]:
     if not self._get_effective_global_setting("escape_plugin_output"):
         yield ACResultCRIT(
             _("Please consider configuring the host or service rulesets "
               '<a href="%s">Escape HTML in service output</a> or '
               '<a href="%s">Escape HTML in host output</a> instead '
               'of <a href="%s">disabling escaping globally</a>') %
             (
                 "wato.py?mode=edit_ruleset&varname=extra_service_conf:_ESCAPE_PLUGIN_OUTPUT",
                 "wato.py?mode=edit_ruleset&varname=extra_host_conf:_ESCAPE_PLUGIN_OUTPUT",
                 "wato.py?mode=edit_configvar&varname=escape_plugin_output",
             ))
     else:
         yield ACResultOK(
             _('Escaping is <a href="%s">enabled globally</a>') %
             "wato.py?mode=edit_configvar&varname=escape_plugin_output")