def execute(self) -> Iterator[ACResult]:
errors = cmk.gui.utils.get_failed_plugins()
if not errors:
yield ACResultOK(_("No broken extensions were found."))
for plugin_path, e in errors:
yield ACResultCRIT(_('Loading "%s" failed: %s') % (plugin_path, e))
def execute(self) -> Iterator[ACResult]:
cfg = ConfigDomainOMD().default_globals()
if not cfg["site_livestatus_tcp"]:
yield ACResultOK(_("Livestatus network traffic is encrypted"))
return
if not cfg["site_livestatus_tcp"]["tls"]:
yield ACResultCRIT(_("Livestatus network traffic is unencrypted"))
def execute(self) -> Iterator[ACResult]:
with suppress(FileNotFoundError):
if plugin_files := list(local_inventory_dir.iterdir()):
yield ACResultCRIT(
_("%d ignored HW/SW inventory plugins found: %s")
% (len(plugin_files), ", ".join(f.name for f in plugin_files))
)
return
def execute(self) -> Iterator[ACResult]:
only_encrypted = True
config = self._get_effective_global_setting("notification_spooler_config")
if (incoming := config.get("incoming", {})) and incoming.get("encryption") == "unencrypted":
only_encrypted = False
yield ACResultCRIT(
_("Incoming connections on port %s communicate via plain text")
% incoming["listen_port"]
)
def execute(self) -> Iterator[ACResult]:
rules = self._get_rules()
if not bool(rules):
yield ACResultOK(
_("No ruleset <b>State in case of restricted address mismatch</b> is configured")
)
return
for folder_title, rule_state in rules:
yield ACResultCRIT("Rule in <b>%s</b> has value <b>%s</b>" % (folder_title, rule_state))
def execute(self) -> Iterator[ACResult]:
all_rules_ok = True
for folder, rule_index, rule in self._get_rules():
vsphere_queries_agent = rule.value.get("direct") in ["agent", "hostsystem_agent"]
if vsphere_queries_agent:
all_rules_ok = False
yield ACResultCRIT(
_("Rule %d in Folder %s is affected") % (rule_index + 1, folder.title())
)
if all_rules_ok:
yield ACResultOK(_("No configured rules are affected"))
def execute(self) -> Iterator[ACResult]:
if (
cmk.gui.plugins.userdb.htpasswd.HtpasswdUserConnector({}).check_credentials(
UserId("omdadmin"), "omd"
)
== "omdadmin"
):
yield ACResultCRIT(
_(
"Found <tt>omdadmin</tt> with default password. "
"It is highly recommended to change this password."
)
)
else:
yield ACResultOK(_("Found <tt>omdadmin</tt> using custom password."))
class ACTestMknotifydCommunicationEncrypted(ACTest):
def category(self) -> str:
return ACTestCategories.security
def title(self) -> str:
return _("Encrypt notification daemon communication")
def help(self) -> str:
return _(
"Since version 2.1 it is possible to encrypt the communication of the notification "
"daemon with TLS. After an upgrade of an existing site incoming connections will still "
"use plain text communication and outgoing connections will try to use TLS and fall "
"back to plain text communication if the remote site does not support TLS. It is "
"recommended to enforce TLS encryption as soon as all sites support it."
)
def is_relevant(self) -> bool:
return True
def execute(self) -> Iterator[ACResult]:
only_encrypted = True
config = self._get_effective_global_setting("notification_spooler_config")
if (incoming := config.get("incoming", {})) and incoming.get("encryption") == "unencrypted":
only_encrypted = False
yield ACResultCRIT(
_("Incoming connections on port %s communicate via plain text")
% incoming["listen_port"]
)
for outgoing in config["outgoing"]:
socket = f"{outgoing['address']}:{outgoing['port']}"
if outgoing["encryption"] == "upgradable":
only_encrypted = False
yield ACResultWARN(
_("Encryption for %s is only used if it is enabled on the remote site") % socket
)
if outgoing["encryption"] == "unencrypted":
only_encrypted = False
yield ACResultCRIT(_("Plain text communication is enabled for %s") % socket)
if only_encrypted:
yield ACResultOK("Encrypted communication is enabled for all configured connections")
def execute(self) -> Iterator[ACResult]:
if not self._get_effective_global_setting("escape_plugin_output"):
yield ACResultCRIT(
_(
"Please consider configuring the host or service rulesets "
'<a href="%s">Escape HTML in service output</a> or '
'<a href="%s">Escape HTML in host output</a> instead '
'of <a href="%s">disabling escaping globally</a>'
)
% (
"wato.py?mode=edit_ruleset&varname=extra_service_conf:_ESCAPE_PLUGIN_OUTPUT",
"wato.py?mode=edit_ruleset&varname=extra_host_conf:_ESCAPE_PLUGIN_OUTPUT",
"wato.py?mode=edit_configvar&varname=escape_plugin_output",
)
)
else:
yield ACResultOK(
_('Escaping is <a href="%s">enabled globally</a>')
% "wato.py?mode=edit_configvar&varname=escape_plugin_output"
)
def _perform_tests(self):
test_sites = self._analyze_sites()
self._logger.debug("Executing tests for %d sites" % len(test_sites))
results_by_site = {}
# Results are fetched simultaneously from the remote sites
result_queue = multiprocessing.JoinableQueue(
) # type: multiprocessing.Queue[Tuple[SiteId, str]]
processes = []
site_id = SiteId("unknown_site")
for site_id in test_sites:
process = multiprocessing.Process(
target=self._perform_tests_for_site,
args=(site_id, result_queue))
process.start()
processes.append((site_id, process))
# Now collect the results from the queue until all processes are finished
while any(p.is_alive() for site_id, p in processes):
try:
site_id, results_data = result_queue.get_nowait()
result_queue.task_done()
result = ast.literal_eval(results_data)
if result["state"] == 1:
raise MKGeneralException(result["response"])
if result["state"] == 0:
test_results = []
for result_data in result["response"]:
result = ACResult.from_repr(result_data)
test_results.append(result)
# Add general connectivity result
result = ACResultOK(_("No connectivity problems"))
result.from_test(ACTestConnectivity())
result.site_id = site_id
test_results.append(result)
results_by_site[site_id] = test_results
else:
raise NotImplementedError()
except six.moves.queue.Empty:
time.sleep(0.5) # wait some time to prevent CPU hogs
except Exception as e:
result = ACResultCRIT("%s" % e)
result.from_test(ACTestConnectivity())
result.site_id = site_id
results_by_site[site_id] = [result]
logger.exception("error analyzing configuration for site %s",
site_id)
self._logger.debug("Got test results")
# Group results by category in first instance and then then by test
results_by_category = {} # type: Dict[str, Dict[str, Dict[str, Any]]]
for site_id, results in results_by_site.items():
for result in results:
category_results = results_by_category.setdefault(
result.category, {})
test_results_by_site = category_results.setdefault(
result.test_id, {
"site_results": {},
"test": {
"title": result.title,
"help": result.help,
}
})
test_results_by_site["site_results"][result.site_id] = result
return results_by_category
def execute(self) -> Iterator[ACResult]:
if "checkresult" in self._get_effective_global_setting("alert_handler_event_types"):
yield ACResultCRIT(_("Alert handler are configured to handle all check execution."))
else:
yield ACResultOK(_("Alert handlers will handle state changes."))
def execute(self) -> Iterator[ACResult]:
if not rulebased_notifications_enabled():
yield ACResultCRIT("Rulebased notifications are deactivated in the global settings")
else:
yield ACResultOK(_("Rulebased notifications are activated"))