The Event Console is able to execute actions, e.g. shell scripts, when opening
or cancelling events. Details of the events are available to the script via
environment variables CMK_ as described in the user manual
mechanism will keep working as before.
However, there is a second undocumented mechanism which relies on macro
expansion in the shell scripts. Previously it was possible to use macros (e.g.
$HOST$) in the Event Console scripts. These were replaced
before executing the script. The values of these macros can be untrusted input
and lead to command injections. You are only affected by this issue, if your
scripts use the macro expansion.
With this incompatible change we remove the macro expansion mechanism for
security reasons. The site update mechanism tries to detect Event Console
actions using these macros, disables the actions and informs you about this
change. The output of an omd update for a rule being disabled would
look like this:
"Script 'some_action_id' uses macros. We disable it. Please replace the macros
with proper variables before enabling it again!"
If you use the Event Console with shell script actions you should check
your scripts for macros and replace them with the documented environment
variable approach (Setup > Events > Event Console rule packs > Event Console
configuration > Event Console configuration). You can access all macro values
with environment variables (they are prefixed with CMK_).
To the list of all Werks