|Tags||monitoring linux bsd perl|
3.10.126 Jun 2018 08:30 security: Prior Monitorix versions are vulnerable to cross-site scripting (XSS), caused by improper validation of user-supplied input by the monitorix.cgi file. A remote attacker could exploit this vulnerability using some of the arguments provided (graph= or when=) in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. I would like to thank Sebastian Gilon from TestArmy for reporting that issue. The rest of bugs fixed are, as always, reflected in the Changes file. All users still using older versions are advised and encouraged to upgrade to this version, which resolves this security issue.
3.10.027 Sep 2017 09:06 major feature: This new version introduces two new graphs and improves clearly an old one: the System graph. After a notable people demand, I've included a new graph to monitor IPMI sensors (temperatures, fans and voltages). The second new graph monitors an unlimited number of MongoDB servers (either local or remote). As said, the System graph has been improved and now it includes two new sub-graphs: one that shows the system's entropy and another that shows the uptime of the system. The memory graph has also been enhanced including the values of memory active and inactive. Besides these new graphs, this version introduces a new option (enabled by default) called enable_parallelizing, which will speed up dramatically the graph generation in multi-core systems. This should also benefit people using Monitorix in Raspberry Pi systems and similar with multi-core processors. I'll be glad to get some feedback on this. More news, since now all graphs that show sensors will include an alert capability to be able to execute an external shell script if the value of a sensor exceed an specific threshold. The rest of new features, changes and bugs fixed are, as always, reflected in the Changes file. Please, check the monitorix.conf(5) man page for all the details. NOTICE: The configuration file monitorix.conf has been extended with important changes.
3.9.031 Oct 2016 17:41 major feature: This new version introduces three more graphs and, as always, it also introduces new features and fixes some interesting bugs. The first new graph offers the possibility to monitor the network queue disciplines (qdiscs) associated to a network interface (also called Linux Traffic Control). The second graph monitors chrony,the new NTP daemon that comes with some newer Linux distributions. Finally the third new graph monitors these temperature and CPU frequency sensors that appear (depending on your motherboard) in the /sys/devices/ filesystem tree. Besides all this the new version also includes interesting new features. From now on, you can monitor multiple disks and network interfaces of every virtual machine defined in the Libvirt graph. Another interesting new option is priority that lets you set the priority in which Monitorix will run. A new option called image_format lets you change the graphics format of the pictures generated by Monitorix. Also the new option enable_hourly_view lets you enable the hourly time frame although the resolution won't be specific for that time frame. The rest of changes and bugs fixed are, as always, reflected in the Changes file. Please, check the monitorix.conf(5) man page for all the details. NOTICE: The configuration file monitorix.conf has been extended with important changes.
3.8.113 Nov 2015 15:31 security: This is a maintenance release that mainly fixes a Document Object Model (DOM)-based cross-site scripting (XSS) vulnerability in the monitorix.cgi file. Such vulnerability is by injection a JS code in the 'when=' parameter of the URL shown after generating the graphs. Additionally, a potential denial of service (DoS) issue was discovered in the same 'when=' parameter of the URL which could lead in the creation of an enormous amount of '.png' files in the 'imgs' directory of the server. These vulnerabilities are due to a lack of precise input validation on user-supplied data within the DOM input. A remote attacker could exploit these vulnerabilities by sending crafted URLs that contain malicious DOM statements to the affected system. This new version also adds support for ZFS versions older than 0.6.4 and adds a new option called 'extra_args' in the NTP module to be able to include extra arguments to the command 'ntpq -pn' executed by Monitorix. The rest of changes and bugs fixed are, as always, reflected in the Changes file. All users still using older versions are advised and encouraged to upgrade to this version, which resolves these security issues.
3.8.017 Sep 2015 06:16 major feature: This new version introduces four new graphs and a number of new features, (of course, lots of bugs were also fixed). The first new graph shows the directory usage (based on the output of the du command) from a list defined in the configuration file. This is really useful when you want to keep an eye on the size of some specific directories. The second one is a ZFS statistics graph, which is specially useful for these people using such special file system in their servers. It can monitor an unlimited number of pools. The other two graphs are: one that monitors the PageSpeed Module, from Google developers, and the other one that monitors Network UPS Tools (NUT) devices. Both graphs also support unlimited monitorization on their own. Besides all these graphs this new version also includes interesting new features. The alert capabilities in the Filesystem graph have been changed and now it supports the ability to include an independent alert for each filesystem defined. The Apache graph has extended with more information and it also has new support for alert capabilities based on the remaining free slots. The rest of changes and bugs fixed are, as always, reflected in the Changes file. Please, check the monitorix.conf(5) man page for all the details. NOTICE: The configuration file monitorix.conf has been extended with important changes.
3.7.016 Mar 2015 08:05 major feature: Another new version that introduces two new graphs; the first one is a new Varnish cache statistics graph which hopefully covers all the most important values. It was created using the Varnish version 3.0.6, so I hope it will be also compatible with the new 4.0 version. The second graph covers the Verlihub statistics and was developed and provided by an external user. As always this version also includes a number of changes and new features, and of course more bugs were fixed. The zoomed graphs now honour the global_option option and also fit much better in the browser pop up window. The Ports graph now includes the options tcp6 and udp6 to be able to monitor IPv6 connections. The Process graph now detects better the process names using the command parameter in the ps command. And more. The rest of changes and bugs fixed are, as always, reflected in the Changes file. Please, check the monitorix.conf(5) man page for all the details. NOTICE: The configuration file monitorix.conf has been extended with important changes.
3.6.018 Sep 2014 13:25 major feature: This new version introduces two new graphs; one that is Linux specific to monitor an unlimited number of user processes (including CPU usage, memory usage, disk usage, network usage, opened files, number of threads, number of voluntary and involuntary context switches and number of instances of the same process). The other new graph is to monitor also an unlimited number of virtual machines (using the libvirt manager) and also covers CPU, memory, disk and network usages. This version also includes a number of changes and new features, and of course a number of bugs were fixed. There is a new option called ip_default_table to instruct Monitorix to use a specific iptables table for network traffic accounting. This should help to avoid conflict with some firewalls running in the same machine. The Mail graph now includes a graph that shows the SPF results in real time (right now it only supports the output of smf-spf tool). This new version also adds support for the latest Nvidia driver 340.24, it also extends the functionality of limit and rigid options, reducing a lot of code at the same time and changed the DST values in the Network interface graph which should avoid (finally!) these annoying unexpected huge peaks in the graph. It also includes some fixes in order to reduce CPU load on servers with big log files. The rest of changes and bugs fixed are, as always, reflected in the Changes file.
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.