Werk #14925: Tighten permissions for Event Console pipe and sockets

Komponente Event Console
Titel Tighten permissions for Event Console pipe and sockets
Datum 05.12.2022
Checkmk-Editon Checkmk Raw (CRE)
Checkmk-Version 2.2.0i1
Level Kleine Änderung
Klasse Bugfix
Kompatibilität Inkompatibel - Manuelle Interaktion könnte erforderlich sein

For some internal communication of the Event Console Unix sockets are used. These reside in tmp/run/mkeventd/ and used to be world readable. Since these sockets are not meant to be used from site external scripts and we cannot foresee the side-effects the permissions were changed so that only Checkmk can read and write to them.

To make it easier to write custom events to the Event Console there is a Unix pipe also in tmp/run/mkeventd/. This pipe used to be world readable and writeable. With this Werk the permission is changed so that the Pipe is only world writeable. So custom scripts can still write events to this pipe but can no longer read from this pipe.

If you used these sockets or pipe with custom scripts and rely on the previous permissions, you still can change them (eg. with chmod). Please be aware that we do not support this customization.

Zur Liste aller Werks