Werk #16829: Notify users on account security changes
| Component | Setup | ||
| Title | Notify users on account security changes | ||
| Date | Apr 26, 2024 | ||
| Level | Trivial Change | ||
| Class | New Feature | ||
| Compatibility | Compatible - no manual interaction needed | ||
| Checkmk versions & editions |
|
What is new?
Checkmk will now notify users on certain security changes to their accounts within Checkmk. By default users will be emailed if a user's email is configured, otherwise users will be notfied via the internal user messaging system.
Security notifications within Checkmk cannot be deleted by any user however the display duration of these notifications can be configured. By default the duration is 7 days however an administrator can set a minimum duration of as low as 15 minutes and if desired, duration settings can be applied retroactively.
These configurations can be found at Setup > General > Global settings > Edit global setting >
User security notification duration.
What do they cover?
Security notifications will only be generated by actions taken within the Checkmk GUI and as such
actions via CLI commands will not generate these notifications. Hence commands such as
cmk-passwd or direct manipulation of a user's underlying files will not generate security
notifications.
The following interactions with the Check GUI will generate a security notification:
- The user changing their own password.
- An administrator changing a user's password via
Setup > Users > Edit user. - The user adding or removing a two factor control associated with their account.
- The user generating new backup codes.
- The user logging into Checkmk with a backup code.
- The user revoking all active backup codes.
A user can view and acknowledge their security notifications at User > Messages.