--- - branch: MAIN date: Sat Dec 31 12:49:05 UTC 2022 files: - new: '1.22' old: '1.21' path: pkgsrc/sysutils/monit/Makefile pathrev: pkgsrc/sysutils/monit/Makefile@1.22 type: modified - new: '1.8' old: '1.7' path: pkgsrc/sysutils/monit/PLIST pathrev: pkgsrc/sysutils/monit/PLIST@1.8 type: modified - new: '1.11' old: '1.10' path: pkgsrc/sysutils/monit/distinfo pathrev: pkgsrc/sysutils/monit/distinfo@1.11 type: modified id: 20221231T124905Z.39d603c437076c6ac9c8a2d3ef634f5d17c9c33e log: | monit: Update to 5.32.0 Changes: 5.32.0 ------ * Fixed: Issue #1028: If the Monit statefile was removed, the monit start action for services with onreboot nostart option started the service, but did not enable monitoring of said service. The same problem occurred if a new onreboot nostart service was added, even if the statefile did exist. * Fixed: Issue #1029: The generic protocol test truncated received data if the response contained zeros. * Fixed: PAM authentication: Users with a valid password for a disabled account could still login to Monit. Thanks to Youssef Rebahi-Gilbert. * Fixed: The Monit HTTP interface could be blocked by sending a request with an infinite stream of HTTP headers. Thanks to Youssef Rebahi-Gilbert for report. 5.31.0 ------ * New: Issue #1021: Add support for Linux OpenZFS 2.x I/O statistics. * New: Issue #555: Add support for FreeBSD ZFS I/O statistics for FreeBSD 12.x or later. * Fixed: Issue #1025: If Monit 5.30.0 CLI action was executed for a non-existent service name, the error message was not reported properly. Thanks to Lutz Mader for fix. * Fixed: Issue #1026: If Monit reload was requested during the optional start delay interval, Monit still waited for the delay to pass and performed one test cycle with the old configuration, before the reload was performed. Monit will reload the configuration immediately now. 5.30.0 ------ * New: Add a read-only option to the set httpd statement. The option can be used on the TCP socket, the unix socket, or both. Example for setting the TCP socket in the read-only mode (for connections from other hosts) and the unix socket in the read-write mode (for local Monit CLI actions, like service restart, status, etc.): set httpd port 2812 read-only allow 192.168.1.0/24 unixsocket /run/monit.socket Thanks to Christian Goettsche for contributing this feature. * Changed: Issue #1011: The include statement was limited to 512 files, increase the limit to 1024 files. * Fixed: The disk read and write bytes didn't show up in M/Monit for Monit 5.27.0 or later. * Fixed: Issue #998: Monit 5.29.0 may fail to compile on platforms without the monotonic clock support. Thanks to Lutz Mader. * Fixed: Issue #1002: 32-bit Linux machines with more then 4GB of RAM reported wrong system memory size and swap size values. * Fixed: Issue #1005: When the port statement was used with the generic protocol test and the target server returned zeros in response, Monit >= 5.20.0 may crash. * Fixed: Issue #1009: When one executes an action via the Monit HTML GUI (uses a POST request), the Monit HTTP server will redirect the browser back to the base URL, so the browser won't perform the POST request again on an automatic page refresh, which is performed to poll for status changes. * Fixed: Issue #1015: The set httpd statement supports only one address option. Display warning if multiple address options are used. 5.29.0 ------ * New: Issue #715: The PostgreSQL protocol test has been improved and now supports authentication with username, password and database when testing connection. Example: if failed port 5432 protocol pgsql username "username" password "12345" database "test" then alert Previous Monit versions used hardcoded credentials when testing connection to postgresql (user=root and database=root). This could trigger thousands of messages like this in the postgresql log: root@root FATAL: password authentication failed for user "root" root@root DETAIL: Role "root" does not exist. Note: Monit will continue to use the hardcoded credentials (for backward compatibility) unless username and password are set. * New: Issue #973: You can now test program output using a regular expression. Syntax: IF CONTENT [!]= THEN action Example: check program disk0_smart with path "/usr/sbin/nvme smart-log /dev/nvme0" if content != "critical_warning[ ]+: 0" then alert * New: Issue #974: Monit CLI: Added support for the -g (group) option to the report command. Example: monit -g database report * Fixed: Issue #991 (Monit 5.28.1 regression): MacOS: Monit didn't compile on MacOS 10.13 or older. Thanks to Lutz Mader. * Fixed: Issue #994 (Monit 5.28.1 regression): The check program statement with every did not work properly. * Fixed: Issue #995: Monit start delay was vulnerable to time jumps when Monit is waiting for the delay to pass. Thanks to Daniel Crowe. * Fixed: Issue #975: Monit CLI: Monit did not report a warning if -s, -p, -l, -g or -c command-line options were specified multiple times and silently used the last value only. Monit will generate a warning now. * Fixed: Issue #972: Monit GUI: The log view had no size limit when reading the Monit log file and could block the browser if the log file was large. * Fixed: Issue #955: If more than one every statement is used in a check-service context only the last value is (silently) used. We now report a warning in this case. 5.28.1 ------ * New: Issue #979: If filesystem mount flags changed, show both old and new value. Originally only the new value was reported. * Fixed: Issue #960: The memory usage may report wrong value if system memory size changed after Monit start. The problem was frequent on KVM/LXC containers where MemTotal is dynamicaly updated. * Fixed: Issue #965: Monit CLI: if a custom configuration file was used with the -c option, and the file cannot be read by Monit, an AssertException was thrown. Monit will report normal error instead of the exception now. * Fixed: Issue #966: Monit CLI: The service name pattern was changed to case-sensitive in Monit 5.28.0. Revert the behaviour back to case-insensitive. * Fixed: Issue #971: The LINK UP and LINK DOWN tests now support short form of the optional ELSE condition, in addition to the verbose ELSE IF form. * Fixed: Issue #976: The space free test recovery always reported value in percent, regardless of the test setting. If the test uses absolute limit, Monit will report absolute space usage now. * Fixed: Issue #986: Services checks with custom schedule (the EVERY statement) did set the data collection timestamp even if the monitoring was skipped in the given cycle. The timestamp is now updated only when the check was performed. * Fixed: Issue #990: Monit built with libressl may crash during verification of the expired SSL certificate. * Fixed: Issue #968: Systemd and upstart templates: templates used to set the path to the configuration file in the sysconfdir, which is optionally set via the configure script during the compilation. The path wasn't fully expanded in the template though, so it was invalid. The template doesn't specify the explicit path now and lets Monit search for the configuration file in all supported locations (including the sysconfdir). * Changed: Issue #984: The permission check of the SSL PEM key file allows group read permissions now (originally Monit enforced that the file is readable only by the file owner). 5.28.0 ------ * Deprecated: Monit IF FAILED LINK test was renamed to IF LINK DOWN. The old syntax is deprecated, but still works for backward compatibility. * New: Added IF LINK UP network interface test, which allows to monitor network interface that is by default down, and trigger action, when the interface is enabled. Example: if link up then "/usr/bin/monit start backup" Notes: When link up test is used, the link errors tests are ignored, as these tests share the same event type and would reset the status. Also, mixing link up and link down in the same check network is not supported. * New: Monit can now watch offline TCP/UDP ports and perform action on successful connection. It can be used as a security check, e.g. if a service like mysql should not be publicly available, or to perform custom actions to initialize the service that depends on the one that was just started. Thanks to Christian Goettsche for patch. Example: if succeeded port 443 protocol https then exec "/bin/monit start myclient" if succeeded host example.org port 3306 protocol mysql then alert * New: Monit can watch unix sockets that doesn't exist or are offline and perform action on successful connection. Example: if succeeded unixsocket /var/run/mysql.sock protocol mysql then exec "/bin/myscript.sh initdb" * New: Monit can ping hosts that are supposed to be offline and perform action when they become available. Example: if succeeded ping then alert * New: Issue #915: Add support for sevice name regular expressions in monit CLI status, summary, start, stop, restart, unmonitor, monitor commands. Examples: monit status myservice # exact match monit status "data.*" # pattern which will match all services whos name contain "data" substring * New: Issue #718: Add support for response time monitoring to TCP/UDP ports, unix sockets and ping. Example for ping and port test: if failed ping responsetime < 50 ms then alert if failed port 443 protocol https and responsetime < 50 ms then alert if failed port 443 protocol https and responsetime < 50 ms then alert * Fixed: Issue #961: If a service depends on some other service, which is member of the same service group, the service group restart would restart the child service twice. * Fixed: Minor memory leak when uptime test is used an monit is reloaded. 5.27.2 ------ * Fixed: Issue #931. The "if does exist" test with unmonitor or stop action did not work properly * Fixed: Issue #937: If the filesystem check uses mountpoint instead of device and multiple devices are defined for the same filesystem with mismatch between /etc/mtab and device name in path, Monit reported error and disk activity was not reported. * Fixed: Issue #948. Cookie validation problem, Invalid CSRF Token, if the request was more then 1024 bytes. Increased request size to 8kB. * Fixed: Disk activity statistics if procfs fallback was used instead of sysfs * Fixed: LXC container: Monit could ignore the "start delay" option of the set daemon statement when the container was rebooted, but not the host (the LXC container's boot time is not virtualized and inherited from the host). * Changed: Monit in debug mode no longer logs open errors about procfs /proc/ /io and /proc//fd if monit is not running as root. These errors are common as linux doesn't allow to read such files if the process belongs to a different user. These errors are now only logged in extra verbose mode (-vv option). 5.27.1 ------ * Fixed: Issue #932. Require that the program in a 'check program' statement exist on Monit startup. * Fixed: Issue #916: Linux: Monit procmatch failed to show all matching processes if a non-root user ran Monit. Thanks to Lutz Mader for fix. * Fixed: Linux: The CAP_SYS_RESOURCE capability was needed to be able to monitor filedescriptors usage of other processes if Monit was not started as root. Thanks to Christian Goettsche for report. * Fixed: Issue #920: On AIX, NetBSD, Solaris, Monit 5.27.0 logged "Cannot test filesdescriptors usage as the statistics is not available on this system" every cycle even if no filedescriptors test was used in Monit's configuration. * Fixed: Issue #926: Linux: Remove trailing white space from collected process name * Fixed: Issue #928: Fixed a race condition in Monit's HTTP interface on reload when SIGHUP were sent many times to the Monit process . Thanks to Andy Spitzer for patch. * Fixed: Improved cross-compile support. Thanks to Christian Goettsche and Helmut Grohne for patch. * Fixed: Monit could crash when sending heartbeat status to M/Monit. * Fixed: If SSL certificate verification failed and certificate valid days test was enabled, Monit could report the following false positive: certificate expiry in 0 days matches check limit * Changed: Use ISO 8601 format timestamp in log files 5.27.0 ------ * New: The SSL version: auto now defaults to TLSv1.2 and TLSv1.3 only. If you need to enable TLSv1.0 or TLSv1.1, you have to explicitly enable it via the SSL option, example: set ssl { version: tlsv11 } * New: Support for MySQL TLS encryption. Example: if failed port 3306 protocol mysqls then alert * New: Issue #839: Support for MySQL 8.x default authentication method, caching_sha2_password. If unsecure (non-TLS) connection is used, it is also possible to verify the server's RSA key checksum to protect against man-in-the-middle attacks. Example: check host mymachine with address 127.0.0.1 if failed port 3306 protocol mysql username monit password mypassword123 rsakey checksum 29e512c06275a1b3f4617f8cb9ca583d642386fe then alert * New: The username in the mysql protocol test was limited to 16 bytes, this limit was removed. * New: Linux: Support for monitoring a process's filedescriptor usage. Thanks to Marcel Baur and Lutz Mader. Example: check process myproc with pidfile /var/run/myproc.pid if filedescriptors >= 90% then alert if filedescriptors >= 99% then restart if total filedescriptors > 5000 then alert * New: Linux, OpenBSD, FreeBSD, DragonflyBSD, MacOS: Added support for monitoring of system-wide filedescriptors usage. Example: check system $HOST if filedescriptors >= 90% then alert * New: You can now set a list of allowed TLS protocols (originally only one was allowed). Also added an option to exclude protocols (put - in front of the protocol name to disable it). Exclude list example: set ssl { version: auto -sslv2 -sslv3 -tlsv1 -tlsv11 } * New: Optionally split certificate chain and key for the Monit HTTPS interface. Thanks to Lutz Mader for patch. (The original pemfile with all certificates in one pem file is still supported). Example: set httpd port 2812 with ssl { pemchain: /etc/ssl/certs/monit.chain.pem pemkey: /etc/ssl/certs/monit.key.pem } allow myuser:mypassword * New: Linux: Enable monitoring of per-process disk read and write I/O operations. Example: check process foobar matching "myprocess" if disk read activity > 500 operations/s then alert if disk write activity > 500 operations/s then alert * New: Linux: Added generic per-process I/O activity monitoring. Example: if read activity > 1 mb/s then alert if write activity > 1 mb/s then alert * New: Issue #889: Linux: monitor detailed CPU statistics for nice, hardirq, softirq, steal, guest, guestnice. The statistics for nice was originally included in the cpu (user) statistics, but it now has its own counter. * New: FreeBSD, OpenBSD, NetBSD, DragonflyBSD MacOS: Added CPU nice and interrupt usage statistics. * New: Issue #877: Linux: Added support for VxFS filesystem statistics. Thanks to Lutz Mader for patch. * New: Issue #894: Added year to the timestamp when monit logs to its own log file. * New: Issue #908: Add STARTTLS support to the IMAPS protocol test on port 143. Example: if failed port 143 protocol imaps then alert * Fixed: Issue #519: Monit could crash if a file check with restart on content match was used and this file had dependant services. * Fixed: Issue #867: If Monit was linked with musl libc, it could crash when executing programs. Thanks to Rich Felker for report. * Fixed: Monit incorrectly added CPU wait% to system CPU usage (the CPU is idle when it's in the wait state, waiting for the I/O to complete). * Fixed: The per-process I/O statistics on Linux, AIX, DragonflyBSD, NetBSD and Solaris always displayed 0 activity. * Fixed: Issue #843: Linux: Monit reported wrong memory usage in LXC container if the ZFS filesystem was used. Monit now use MemAvailable on Linux when calculating memory usage for more accurate statistics. Thanks to Joe LeVeque for patch. * Fixed: Issue #831: The HTTP protocol test returned unknown transfer encoding HTTP error if either the content or checksum test was used and the HTTP server didn't set the Content-Length header nor used chunked transfer encoding. * Fixed: Issue #880: If Monit was linked with AddresSanitizer, it could crash when it generates an MD5 hash. Thanks to Lutz Mader for patch. * Fixed: Issue #879: The HTML interface didn't escape strings that are part of Monit's configuration file. Thanks to Hanno Boeck for report. * Fixed: Issue #872: Monit's procmatch table can now display pids with up to 8 digits. Previously, pids where truncated after 5 digist. * Fixed: Issue #891: The repeat option to an action was limited to 256 cycles. * Fixed: Issue #851: Linux and AIX: The length of the string that describes the process name and its arguments was limited to 4kB, so monit procmatch might not find the process if the string was longer and unique after 4Kb. This limit has been removed on Linux and raised on AIX to 8kB. * Fixed: Issue #840: Network check: superfluous alerts if link is down. Thanks to Lonnie Abelbeck. * Fixed: MacOS: Only the first 16 characters of the process name was displayed for privileged processes, so the pattern based process check and Monit's procmatch could miss some processes. * Fixed: Issue #886: Monit's command-line options are now position independent. * Fixed: If Monit is linked with AddresSanitizer and a custom configuration file was passed via the -c option, monit could crash. * Fixed: MQTT protocol test. * Fixed: Issue #907: The onreboot nostart had no effect when a service was newly added to Monit's configuration or the statefile was removed. * Fixed: The PostgreSQL test was flapping with the following error if connection via unix socket was used: PGSQL: connection terminator write error -- Broken pipe * Plus many more internal fixes and improvements module: pkgsrc subject: 'CVS commit: pkgsrc/sysutils/monit' unixtime: '1672490945' user: leot