For details see:
https://mmonit.com/monit/changes/
"New: Added click-jacking protection headers to Monit HTTP GUI (the
SAMEORIGIN iframe is allowed).
Fixed: Issue #1035: If the start, stop or restart program statement
contains the equal sign, which is not followed by a space character,
the configuration is not parsed correctly.
Fixed: Issue #1047: If the MariaDB server doesn't allow access to the
host, from which Monit test is running, Monit reported: Invalid
handshake packet sequence id -- not MySQL protocol.
Fixed: Add the missing responsetime option to the ping test."
For more details see:
https://bitbucket.org/tildeslash/monit/commits/tag/release-5-33-0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Since we have extended services.cgi that it reads the Services field
from the Pakfire metadata, we will need to make sure that that metadata
is going to be on those systems.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
For details see:
https://mmonit.com/monit/changes/
"Fixed: Issue #1028: If the Monit statefile was removed, the monit
start <service> action for services with onreboot nostart option
started the service, but did not enable monitoring of said service.
The same problem occurred if a new onreboot nostart service was
added, even if the statefile did exist.
Fixed: Issue #1029: The generic protocol test truncated received
data if the response contained zeros.
Fixed: PAM authentication: Users with a valid password for
a disabled account could still login to Monit. Thanks to Youssef
Rebahi-Gilbert.
Fixed: The Monit HTTP interface could be blocked by sending
a request with an infinite stream of HTTP headers. Thanks to Youssef
Rebahi-Gilbert for report."
For more details see:
https://bitbucket.org/tildeslash/monit/commits/tag/release-5-32-0
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Add a Summary and Services field to all pak lfs files
* Replace occurances of INSTALL_INITSCRIPT with new INSTALL_INITSCRIPTS
macro in all pak lfs files.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
For details see:
https://mmonit.com/monit/changes/
New: Issue #715: The PostgreSQL protocol test has been improved and
now supports authentication with username, password and database
when testing connection. Example:
if failed port 5432
protocol pgsql username "username" password "12345" database "test"
then alert
Previous Monit versions used hardcoded credentials when testing
connection to postgresql (user=root and database=root). This could
trigger thousands of messages like this in the postgresql log:
root@root FATAL: password authentication failed for user "root"
root@root DETAIL: Role "root" does not exist.
Note: Monit will continue to use the hardcoded credentials (for
backward compatibility) unless username and password are set.
New: Issue #973: You can now test program output using a regular
expression. Syntax:
IF CONTENT [!]= <regex> THEN action
Example:
check program disk0_smart with path "/usr/sbin/nvme smart-log /dev/nvme0"
if content != "critical_warning[ ]+: 0" then alert
New: Issue #974: Monit CLI: Added support for the -g (group) option
to the report command. Example:
monit -g database report
Fixed: Issue #991 (Monit 5.28.1 regression): MacOS: Monit didn't
compile on MacOS 10.13 or older. Thanks to Lutz Mader.
Fixed: Issue #994 (Monit 5.28.1 regression): The check program
statement with every did not work properly.
Fixed: Issue #995: Monit start delay was vulnerable to time jumps
when Monit is waiting for the delay to pass. Thanks to Daniel Crowe.
Fixed: Issue #975: Monit CLI: Monit did not report a warning if -s,
-p, -l, -g or -c command-line options were specified multiple times
and silently used the last value only. Monit will generate a warning
now.
Fixed: Issue #972: Monit GUI: The log view had no size limit when
reading the Monit log file and could block the browser if the log
file was large.
Fixed: Issue #955: If more than one every statement is used in
a check-service context only the last value is (silently) used.
We now report a warning in this case.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
For details see:
https://mmonit.com/monit/changes/
New: Issue #979: If filesystem mount flags changed, show both old
and new value. Originally only the new value was reported.
Fixed: Issue #960: The memory usage may report wrong value if system
memory size changed after Monit start. The problem was frequent
on KVM/LXC containers where MemTotal is dynamicaly updated.
Fixed: Issue #965: Monit CLI: if a custom configuration file was
used with the -c option, and the file cannot be read by Monit,
an AssertException was thrown. Monit will report normal error
instead of the exception now.
Fixed: Issue #966: Monit CLI: The service name pattern was changed
to case-sensitive in Monit 5.28.0. Revert the behaviour back
to case-insensitive.
Fixed: Issue #971: The LINK UP and LINK DOWN tests now support short
form of the optional ELSE condition, in addition to the verbose ELSE
IF <SUCCEEDED|FAILED> form.
Fixed: Issue #976: The space free test recovery always reported
value in percent, regardless of the test setting. If the test uses
absolute limit, Monit will report absolute space usage now.
Fixed: Issue #986: Services checks with custom schedule (the EVERY
statement) did set the data collection timestamp even if the
monitoring was skipped in the given cycle. The timestamp is now
updated only when the check was performed.
Fixed: Issue #990: Monit built with libressl may crash during
verification of the expired SSL certificate.
Fixed: Issue #968: Systemd and upstart templates: templates used
to set the path to the configuration file in the sysconfdir, which
is optionally set via the configure script during the compilation.
The path wasn't fully expanded in the template though, so it was
invalid. The template doesn't specify the explicit path now and lets
Monit search for the configuration file in all supported locations
(including the sysconfdir).
Changed: Issue #984: The permission check of the SSL PEM key file
allows group read permissions now (originally Monit enforced that
the file is readable only by the file owner).
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Not sure why this has ever been there. This simply makes it
nicer to read and edit because we can have line-breaks now.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Most of these files still used old dates and/or domain names for contact
mail addresses. This is now replaced by an up-to-date copyright line.
Just some housekeeping... :-)
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
