class ACTestDeprecatedInventoryPlugins(ACTest): def category(self) -> str: return ACTestCategories.deprecations def title(self) -> str: return _("Deprecated HW/SW inventory plugins") def help(self) -> str: return _( "The old inventory plugin API has been removed in Checkmk version 2.2." " Plugin files in <tt>'%s'</tt> are ignored." " Please migrate the plugins to the new API." ) % str(local_inventory_dir) def is_relevant(self) -> bool: return True def execute(self) -> Iterator[ACResult]: with suppress(FileNotFoundError): if plugin_files := list(local_inventory_dir.iterdir()): yield ACResultCRIT( _("%d ignored HW/SW inventory plugins found: %s") % (len(plugin_files), ", ".join(f.name for f in plugin_files)) ) return yield ACResultOK(_("No ignored HW/SW inventory plugins found"))
def execute(self) -> Iterator[ACResult]: jobs = SiteBackupJobs() for job in jobs.objects.values(): if job.is_encrypted(): yield ACResultOK(_('The job "%s" is encrypted') % job.title()) else: yield ACResultWARN(_('There job "%s" is not encrypted') % job.title())
def execute(self) -> Iterator[ACResult]: errors = cmk.gui.utils.get_failed_plugins() if not errors: yield ACResultOK(_("No broken extensions were found.")) for plugin_path, e in errors: yield ACResultCRIT(_('Loading "%s" failed: %s') % (plugin_path, e))
def execute(self) -> Iterator[ACResult]: cfg = ConfigDomainOMD().default_globals() if not cfg["site_livestatus_tcp"]: yield ACResultOK(_("Livestatus network traffic is encrypted")) return if not cfg["site_livestatus_tcp"]["tls"]: yield ACResultCRIT(_("Livestatus network traffic is unencrypted"))
def execute(self) -> Iterator[ACResult]: if self._tmpfs_mounted(omd_site()): yield ACResultOK(_("The temporary filesystem is mounted")) else: yield ACResultWARN( _( "The temporary filesystem is not mounted. Your installation " "may work with degraded performance." ) )
def execute(self) -> Iterator[ACResult]: rules = self._get_rules() if not bool(rules): yield ACResultOK( _("No ruleset <b>State in case of restricted address mismatch</b> is configured") ) return for folder_title, rule_state in rules: yield ACResultCRIT("Rule in <b>%s</b> has value <b>%s</b>" % (folder_title, rule_state))
def execute(self) -> Iterator[ACResult]: try: num_cpu = multiprocessing.cpu_count() except NotImplementedError: yield ACResultOK( _("Cannot test. Unable to determine the number of CPUs on target system.") ) return if self._get_effective_global_setting("cmc_checker_helpers") > num_cpu: yield ACResultWARN( _( "Configuring more checkers than the number of available CPUs (%d) have " "a detrimental effect, since they are not IO bound." ) % num_cpu ) return yield ACResultOK(_("Number of Checkmk checkers is less than number of CPUs"))
def execute(self) -> Iterator[ACResult]: all_rules_ok = True for folder, rule_index, rule in self._get_rules(): vsphere_queries_agent = rule.value.get("direct") in ["agent", "hostsystem_agent"] if vsphere_queries_agent: all_rules_ok = False yield ACResultCRIT( _("Rule %d in Folder %s is affected") % (rule_index + 1, folder.title()) ) if all_rules_ok: yield ACResultOK(_("No configured rules are affected"))
def _check_site(self, site_id): if _site_is_using_livestatus_proxy(site_id): yield ACResultOK(_("Site is using the Livestatus Proxy Daemon")) elif not is_wato_slave_site(): yield ACResultWARN( _( "The Livestatus Proxy is not only good for slave sites, " "enable it for your master site" ) ) else: yield ACResultWARN(_("Use the Livestatus Proxy Daemon for your site"))
def execute(self) -> Iterator[ACResult]: for connection_id, connection in userdb.active_connections(): if connection.type() != "ldap": continue assert isinstance(connection, ldap.LDAPUserConnector) if connection.use_ssl(): yield ACResultOK(_("%s: Uses SSL") % connection_id) else: yield ACResultWARN( _("%s: Not using SSL. Consider enabling it in the " "connection settings.") % connection_id )
def execute(self) -> Iterator[ACResult]: users = userdb.load_users() num_users = len(users) user_warn_threshold = 500 if num_users <= user_warn_threshold: yield ACResultOK(_("You have %d users configured") % num_users) else: yield ACResultWARN( _( "You have %d users configured. Please review the number of " "users you have configured in Checkmk." ) % num_users )
def execute(self) -> Iterator[ACResult]: if ( cmk.gui.plugins.userdb.htpasswd.HtpasswdUserConnector({}).check_credentials( UserId("omdadmin"), "omd" ) == "omdadmin" ): yield ACResultCRIT( _( "Found <tt>omdadmin</tt> with default password. " "It is highly recommended to change this password." ) ) else: yield ACResultOK(_("Found <tt>omdadmin</tt> using custom password."))
class ACTestMknotifydCommunicationEncrypted(ACTest): def category(self) -> str: return ACTestCategories.security def title(self) -> str: return _("Encrypt notification daemon communication") def help(self) -> str: return _( "Since version 2.1 it is possible to encrypt the communication of the notification " "daemon with TLS. After an upgrade of an existing site incoming connections will still " "use plain text communication and outgoing connections will try to use TLS and fall " "back to plain text communication if the remote site does not support TLS. It is " "recommended to enforce TLS encryption as soon as all sites support it." ) def is_relevant(self) -> bool: return True def execute(self) -> Iterator[ACResult]: only_encrypted = True config = self._get_effective_global_setting("notification_spooler_config") if (incoming := config.get("incoming", {})) and incoming.get("encryption") == "unencrypted": only_encrypted = False yield ACResultCRIT( _("Incoming connections on port %s communicate via plain text") % incoming["listen_port"] ) for outgoing in config["outgoing"]: socket = f"{outgoing['address']}:{outgoing['port']}" if outgoing["encryption"] == "upgradable": only_encrypted = False yield ACResultWARN( _("Encryption for %s is only used if it is enabled on the remote site") % socket ) if outgoing["encryption"] == "unencrypted": only_encrypted = False yield ACResultCRIT(_("Plain text communication is enabled for %s") % socket) if only_encrypted: yield ACResultOK("Encrypted communication is enabled for all configured connections")
def execute(self) -> Iterator[ACResult]: if not self._get_effective_global_setting("escape_plugin_output"): yield ACResultCRIT( _( "Please consider configuring the host or service rulesets " '<a href="%s">Escape HTML in service output</a> or ' '<a href="%s">Escape HTML in host output</a> instead ' 'of <a href="%s">disabling escaping globally</a>' ) % ( "wato.py?mode=edit_ruleset&varname=extra_service_conf:_ESCAPE_PLUGIN_OUTPUT", "wato.py?mode=edit_ruleset&varname=extra_host_conf:_ESCAPE_PLUGIN_OUTPUT", "wato.py?mode=edit_configvar&varname=escape_plugin_output", ) ) else: yield ACResultOK( _('Escaping is <a href="%s">enabled globally</a>') % "wato.py?mode=edit_configvar&varname=escape_plugin_output" )
def _check_site(self, site_id, site_config): persist = site_config.get("persist", False) if persist and _site_is_using_livestatus_proxy(site_id): yield ACResultWARN( _( "Persistent connections are nearly useless " "with Livestatus Proxy Daemon. Better disable it." ) ) elif persist: # TODO: At least for the local site we could calculate this. # Or should we get the apache config from the remote site via automation? yield ACResultWARN( _( "Either disable persistent connections or " "carefully review maximum number of Apache processes and " "possible livestatus connections." ) ) else: yield ACResultOK(_("Is not using persistent connections."))
def _perform_tests(self): test_sites = self._analyze_sites() self._logger.debug("Executing tests for %d sites" % len(test_sites)) results_by_site = {} # Results are fetched simultaneously from the remote sites result_queue = multiprocessing.JoinableQueue( ) # type: multiprocessing.Queue[Tuple[SiteId, str]] processes = [] site_id = SiteId("unknown_site") for site_id in test_sites: process = multiprocessing.Process( target=self._perform_tests_for_site, args=(site_id, result_queue)) process.start() processes.append((site_id, process)) # Now collect the results from the queue until all processes are finished while any(p.is_alive() for site_id, p in processes): try: site_id, results_data = result_queue.get_nowait() result_queue.task_done() result = ast.literal_eval(results_data) if result["state"] == 1: raise MKGeneralException(result["response"]) if result["state"] == 0: test_results = [] for result_data in result["response"]: result = ACResult.from_repr(result_data) test_results.append(result) # Add general connectivity result result = ACResultOK(_("No connectivity problems")) result.from_test(ACTestConnectivity()) result.site_id = site_id test_results.append(result) results_by_site[site_id] = test_results else: raise NotImplementedError() except six.moves.queue.Empty: time.sleep(0.5) # wait some time to prevent CPU hogs except Exception as e: result = ACResultCRIT("%s" % e) result.from_test(ACTestConnectivity()) result.site_id = site_id results_by_site[site_id] = [result] logger.exception("error analyzing configuration for site %s", site_id) self._logger.debug("Got test results") # Group results by category in first instance and then then by test results_by_category = {} # type: Dict[str, Dict[str, Dict[str, Any]]] for site_id, results in results_by_site.items(): for result in results: category_results = results_by_category.setdefault( result.category, {}) test_results_by_site = category_results.setdefault( result.test_id, { "site_results": {}, "test": { "title": result.title, "help": result.help, } }) test_results_by_site["site_results"][result.site_id] = result return results_by_category
def execute(self) -> Iterator[ACResult]: if "checkresult" in self._get_effective_global_setting("alert_handler_event_types"): yield ACResultCRIT(_("Alert handler are configured to handle all check execution.")) else: yield ACResultOK(_("Alert handlers will handle state changes."))
def execute(self) -> Iterator[ACResult]: if not rulebased_notifications_enabled(): yield ACResultCRIT("Rulebased notifications are deactivated in the global settings") else: yield ACResultOK(_("Rulebased notifications are activated"))
def execute(self) -> Iterator[ACResult]: jobs = SiteBackupJobs() if jobs.choices(): yield ACResultOK(_("You have configured %d backup jobs") % len(jobs.choices())) else: yield ACResultWARN(_("There is no backup job configured"))
def execute(self) -> Iterator[ACResult]: if request.is_ssl_request: yield ACResultOK(_("Site is using HTTPS")) else: yield ACResultWARN(_("Site is using plain HTTP. Consider enabling HTTPS."))