Home /  MMonit /  Release 3-3

Released on October 31, 2014

Changes | New installation | Upgrading | Known Issues

Changes

  • New: Added support for a none selector in alert rules. Whether a condition triggers or suppresses an action can now be decided by using either the any or none selector. If set to any (the default), then any matching rule condition triggers an action. If it is set to none, then the opposite is true and any non-matching event will trigger an action.
  • New: Output from your check program is now displayed in M/Monitís UI in the status details page. Up to 1kB is displayed and if output goes over several lines, a mono-spaced font is used to retain formatting. Demonstrated in the screenshot below, where we run top from check program
  • New: Added option to set URL scheme in the Connector element in server.xml via the attribute, proxyScheme. This is useful if you proxy M/Monit via a sub-domain such as https://mmonit.proxy.address and use a https proxy in-front of M/Monit. By setting proxyScheme to https, redirects from M/Monit will use the correct scheme for this setup.
  • New: Added URL scheme for a few messaging types. For types supported, the IM text in admin/users is now a link which opens the correct application for the type. For instance, if the user has Skype as the Messaging Type, a click on the IM link will open Skype. Other supported types are iMessages and GTalk/Google Hangouts.
  • New: Changes due to vulnerabilities in SSLv2 and SSLv3. See CVE-2014-3566 aka POODLE. SSL is now no longer used, only TLS.
  • New: Support for MacOSX 10.5 PowerPC builds has been sunset.
  • New: Removed MSN as Messaging Type since Microsoft replaces this with Skype.
  • Fixed: Dashboard no longer tries to refresh data on connection error (can now handle transient connection problems).
  • Fixed: Mail credentials were URL unescaped before authentication. This led to a problem if password included the '%' character, which typically is the case with Amazon AWS instances.
  • Fixed: If Alert aggregation interval is set to None, send one message per event
  • Fixed: Parts of the M/Monit GUI displayed incorrect dates across different timezones
  • Fixed: Improved database operations and retry save of new services and groups
  • Fixed: M/Monit could send bare LFs in a mail body which technically is against the mail RFCs, though only qmail complained (of course).
  • Fixed: An empty error message was displayed if an AJAX request failed.
  • Fixed: Status page filter flickering on page reload.
  • Fixed: Service uptime report: Show number of events and uptime for services with less then 1 minute downtime.
  • Fixed: Status details page, service callout now uses available width.
  • Fixed: Analytics chart legend could overflow the page.
  • Fixed: Analytics chart Y-axis values were ellipsed for some charts.
  • Fixed: Reorganised assets such as javascript and css files to be CDN friendly and not require authentication to view (and cache).
  • Fixed: OpenSSL vulnerabilities CVE-2014-3513, CVE-2014-3567. The OpenSSL team released version 1.0.1j which fixes these bugs. This version of M/Monit is distributed and linked with the fixed version of OpenSSL.
  • Fixed: CVE-2014-6409. Cross site request forgery vulnerabilities in M/Monit. This issue was reported to the M/Monit team on 13th September 2014, by Dolev Farhi. For an attack to be successful the user must be logged into M/Monit and then visit a malicious page before the login session expire. The attacker must know a priori the full URL to the user's M/Monit instance. M/Monit now contains CSRF- protection which will prevent these types of attacks.
  • Fixed: CVE-2014-6607. This so called vulnerability follows trivially from CVE-2014-6409 which was fixed. M/Monit has always required both authentication and authorization to change data in the system.

New installation

  • Download the release for your OS.
  • Unpack the tar.gz file in a directory, any directory will do, but unpacking in /opt or /usr/local are good choices.
  • Go to the unpacked mmonit-3.3 directory
  • Run M/Monit using: ./bin/mmonit
  • Point your Browser to the host where mmonit is installed (or "localhost" if running on the same machine), for example: http://localhost:8080/ and login as user admin with password swordfish
  • If you want to setup M/Monit to use MySQL or PostgreSQL instead of the default SQLite database, follow these instructions in the wiki.
  • More documentation can be found inline in the application and in the manual (PDF).

Upgrading from previous M/Monit releases (2.3 or later)

The upgrade program can be used to automatically copy database and configuration files from the previous installation and update the database schema.

The whole upgrade process should take less than a minute and you do not have to stop or change Monit on other machines during this process. Monit will simply pick up and start reporting to the new M/Monit 3.3 version.

  • Download the new 3.3 release for your OS.
  • Install M/Monit 3.3 in the same directory as previous release. For example:
 /usr/local/mmonit/mmonit-3.2.2
 /usr/local/mmonit/mmonit-3.3
  • Stop the previous M/Monit release:
 /usr/local/mmonit/mmonit-3.2.2/bin/mmonit stop
  • Run the upgrade program and specify the path to the previous M/Monit release:
 /usr/local/mmonit/mmonit-3.3/upgrade/upgrade -p /usr/local/mmonit/mmonit-3.3.2
  • Start M/Monit 3.3:
 /usr/local/mmonit/mmonit-3.3/bin/mmonit
  • Finally, clear your browser cache before accessing M/Monit 3.3

Known Issues

  • Missing host in host status. M/Monit 3.3, released on Halloween had a javascript bug in the status page which would hide the first host in the host table. This is fixed as of Sunday 2. November 23:00 CET and does not affect new downloads of M/Monit 3.3. If you downloaded M/Monit 3.3 before Sunday, Nov 2, please download and save http://mmonit.com/dist/patch/3.3/status.js as mmonit-3.3/docroot/assets/status/status.js replacing the original status.js file which will fix the problem.