Releases: olton/mina-node-monitor
Mina Monitor v2.2.2
CrisF: Vulnerability Report - Mina Node Monitor
I’ll add information reported here:
through node js you can get any file from the host
all monitor versions are affected since December 14, 2021 commit 7ee51e82d885af951fcb7ef5f9139d7ebc072d50
https://github.com/olton/mina-node-monitor/commit/7ee51e82d885af951fcb7ef5f9139d7ebc072d50
This is a feature of the nodejs (actually HTTP protocol), developers using it as a server must take care of security themselves.
https://github.com/olton/mina-node-monitor/blob/552607a18b3e91e66f7c9e1e14ade1643b23685f/server/index.js#L92
this code line
he doesn't sanitaze url from ".."
so attacker can get any file from host
Fixed, completely removed the code with this vulnerability
Mina Monitor v2.1.2
2.1.2
- Server: changed helper
timestamp()
for arguments order, now firstdate
, seconddivider
-timestamp(date, '-:')
- Server: changed algorithm for analyze command line arguments. Now for config parameter with value you must use format
--PARNAME value
, format-PARNAME
reserved for flags - Server: send alert when config reloaded
Mina Monitor v2.1.1 Christmas Edition
2.1.1
- Christmas Edition
- Server: fixed uptime positions sorting
- Server: added config parameter
uptimeUpdateInterval
, default amd minimal value is5 min
- Server: fixed spam for uptime
- Client: fixed for version number
Mina Monitor v2.1.0
Changelog for 2.1.0
- Server: added interaction with a block height from Mina Explorer
- Server: added interaction with the latest block from Mina Explorer
- Server: changed config for
telegram
anddiscord
definition, updated functions for sending alerts and price - Server: removed config parameters
telegramToken
,telegramChatID
,telegramChatIDAlert
,discordWebHook
- Server: added config parameters
telegram
,discord
- Server: added config options for
telegram
:token
,tokenInfo
,tokenAlert
,chatIDInfo
,chatIDAlert
- Server: added config options for
discord
:webhook
,webhookInfo
,webhookAlert
,botName
- Server: to config parameters
alertToTelegram
,alertToDiscrod
added valuePRICE
. Parameterprice:targets
deprecated - Server: to config parameters
alertToTelegram
,alertToDiscrod
added valueREWARDS
- Server: to config parameters
alertToTelegram
,alertToDiscrod
added valueUPTIME
- Server: removed config parameter
balanceSendInterval
- Server: added config parameter
channel:info
to define which alerts will send to the info channel - Server: changed reconnect interval to comparable node from
1s
to30s
- Server: changed parameter
comparison
. Now this parameter has a new structure - Server: added response for Monitor Version
- Server: added watcher for config file
- Server: config parameters
memAlert
,memRestart
deprecated. You must use new parameters:memory:alert
,memory:restart
- Server: config parameters
hangIntervalAlert
,hangInterval
deprecated. You must use new parameters:hang:alert
,hang:restart
- Server: added response about server start mode
https
with valuetrue
orfalse
- Server: added support for static files for webserver
- Server: added config parameter
webRoot
. With this parameter you can set a webRoot folder other than default (the same where the monitor is installed)
What’s new in 2.1.0
- In the new version returned interaction with a Mina Explorer. Now, Monitor sends a request to the Mina Explorer for information about the last canonical block and blockchain height.
- Changes have been made to the config file structure to make it clearer, and to support new features. I changed parameters which respond to interaction with messengers (Discord and Telegram), interaction with others nodes where Monitor installed (comparison nodes), parameters, which defines a behavior of the Monitor for control memory usage and node hanging state.
- Added new usefulness messages to messengers about won blocks, about uptime changes in the leaderboard.
- Changed algorithm sending information about balance state. Now, information is sent only when the balance was changed. So, parameter balanceSendInterval deprecated, and for enabling balance state sending you must add value BALANCE to the alertToTelegram or alertToDiscord.
- Added a special observer for config file changing. Now, if you change a config.json file content, Monitor applies new values on the fly.
- Now, the server sends the protocol mode (HTTP or HTTPS) to the clients, and this mode is displayed as a closed lock on the left corner in each node panel (in Cluster client).
- Added support for using additional static HTML files in an internal web-server.
Interaction with Mina Explorer
For Interaction with Mina Explorer a special module was added. You can control this module with a composite parameter explorer.
{
"explorer": {
"getRewardsInterval": "3m",
"getLatestBlocksInterval": "1m",
"getBlockchainSummaryInterval": "1m"
}
}
Параметры:
- getRewardsInterval - this key responsible for how often Monitor will ask information about won blocks in current epoch.
- getLatestBlocksInterval - this key responsible for how often Monitor will ask information about the latest canonical block in blockchain.
- getBlockchainSummaryInterval - this key responsible for how often Monitor will ask blockchain summary info.
Changing in alert system
Parameters responsible for organization information users to Telegram and/or to Discord were reorganized for simplification and clearing from one side, and for ability to control new features. The next parameters were deprecated: telegramToken, telegramChatID, telegramChatIDAlert`, discordWebHook. Added composite parameters instead telegram and discord. Also was added parameter channel:info for defining messages, which Monitor sends to INFO channel, others messages Monitor will send to ALERT channel. Now, you can divide messages between INFO and ALERT channels and send them to different chats.
telegram
{
“telegram”: {
“token”: “”,
“tokenInfo”: “”,
“tokenAlert”: “”,
“chatIDInfo”: “”,
“chatIDAlert”: “”
}
}
discord
{
“discord”: {
“webhook”: “”,
“webhookInfo”: “”,
“webhookAlert”: “”,
“botName”: “”
}
}
channel
{
“channel”: {
“info”: ["HELLO", "BALANCE", "PRICE", "REWARDS", "UPTIME"]
}
}
Messages types
const defaultAlerts = [
"FAIL",
"EXEC",
"HELLO",
"STATUS",
"MAX",
"FORWARD-MAX",
"FORK",
"FORWARD-FORK",
"HANG",
"EXPLORER",
"RESTART",
"BALANCE",
"PEERS",
"MEM",
"COMPARE",
"PRICE",
"REWARDS",
"UPTIME"
]
Channel defining
Starting from Monitor 2.1.0 you can use one or two different channels (one for INFO messages, and one for ALERTS) for sending messages from Monitor. If you are only going to use one channel, you can define Telegram token in key token in parameter telegram, and Discord chat webhook in key webhook in parameter discord. If you wish to use different channels, you can define values for keys tokenInfo, tokenAlert, webhookInfo, and webhookAlert. Also, for sending messages to Telegram, you must define users IDs in keys chatIDInfo and/or chatIDAlert. If you wish to send and info messages and alerts to the user, you must put the user chat id to both keys or use merging key chatID.
Split messages to different types
You can split messages to two different types: info and alert. For this purpose you can use parameter channel:info. In the key info of the parameter channel, you must define those messages that are delivered into the info channel. Other messages the Monitor will send to the alert channel. By default, this key contains the following values: "HELLO", "BALANCE", "PRICE", "REWARDS", "UPTIME".
Control the Node hanging state
For a more convenient and understandable perception of the parameters responsible for the behavior of the Monitor in the event of a node hanging detection, next parameter were deprecated hangIntervalAlert, hangInterval. To set Monitor behavior you must use a composite parameter hang with keys alert and restart.
{
“hang”: {
“alert”: “30m”,
“restart”: “60m”
}
}
Control memory usage
For a more convenient and understandable perception of the parameters responsible for the behavior of the Monitor in the event of a node memory usage detection, next parameter were deprecated memAlert, memRestart. To set Monitor behavior, you must use a composite parameter memory with keys alert and restart.
{
“memory”: {
“alert”: 95,
“restart”: 0
}
}
Interaction with others Mina Monitors
Beginning from version 2.0.2 Monitor receives a module for interaction with other Mina Monitor instances. This module can control matching block heights and inform you in case when height is different. In 2.1.0 the structure of parameters for this module was changed to:
{
"comparison": {
"reconnect": "30s",
"blockDiff": 3,
"nodes": [
{
"name": "Host1",
"address": "host1.com:8000",
“https”: false
},
{
"name": "Host2",
"address": "host2.com:8000",
“https”: false
}
]
}
}
Attention! Interaction with other nodes may work incorrectly or not work at all if you have self-signed certificates installed or ssl certificates are installed incorrectly (incomplete chains, ...).
New messages
In 2.1.0 new information messages: 1) info about won blocks, 2) changes for your address in uptime leaderboard, 3) information about Mina cost. To activate these messages, you must add values PRICE, UPTIME, REWARDS to the parameter alertToTelegram and/or to the parameter alertToDiscord.
Note: it is necessary to take into account that the price:target parameter is canceled.
Config file watcher
In 2.1.0 added a module that monitors the state of the configuration file (config.json) and if any changes are made to it, this module applies these changes to the Monitor. With this, you no longer need to restart the monitor. You can change any parameter without restarting the Monitor, except for the parameters host, https, journal.
This functionality does not work yet with a Monitor running as a Docker Container.
HTTP or HTTPS
Now Monitor sends to clients information about protocol where he works. If the Monitor was started in secure mode (with using SSL certificate on HTTPS protocol), On the client (supported only in Cluster Client) you can see that on the top left corner on the node panel.
Supports static HTML files
In 2.1.0 was added support for using static html files on the level of the internal web server. You can control a place of the web server root folder with a parameter webRoot. You can use this feature to create and renew L...
Mina Monitor v2.0.2
2.0.2
- Server: added restart by long uptime with config parameter
restartAfterUptime
. The value must be defined in milliseconds or internal time string format . Default value is0
(no restart) - Server: added config parameter
name
. Now you can define a name for you node, if name is not define, Monitor will use a hostname - Server: improvements for singing messages
- Server: command
node index --init
now updated config file if one exists - Server: added config parameter
comparison
- Server: added alert with rule
COMPARE
for alerting when node height is different from comparable nodes - Server: changed algorithm for memory observing
Mina Monitor v2.0.1
2.0.1
- Server: fixed snark worker controller for first start, issue #7
- Server: fixed spams when snark worker controller can not start sw
- Server: fixed issue for set telegramChatID from command line
Mina Monitor v2.0.0
What's new
- Changed data exchange protocol from
http(s)
tows(s)
- Added Docker file for server and built docker image (
olton/mina_monitor_server
) - To the Server added command line arguments support. Now you can rewrite config parameters with command line arguments
- Refactoring server code, switch to CommonJS modules
- Control for mina stopped with
journalctl
and write this event to the log - New supported time format for config parameters - short string (see README)
- A lot of client config parameters are deprecated:
intervals
,price
,hosts
,useHost
,useHttps
Changelog
-
Server: changed data exchange protocol from
http(s)
tows(s)
-
Server: added command line arguments support. Now you can rewrite config parameters with command line arguments
-
Server: refactoring code, switch to CommonJS modules
-
Server: improved
alerter
forHANG
state detecting -
Server: added logic to disable
HANG
alert/restart whenhangInterval
,hangIntervalAlert
is0
-
Server: added control for mina stopped with
journalctl
and write this event to the log -
Server: added alert to
telegram
and/ordiscord
aboutmina daemon
stops by failure (info fromjournalctl
) -
Server: added response for request
sync-state
. Return daemon sync state (SYNCED
,BOOTSTRAP
, ...) orUNKNOWN
-
Server: added helper function
timeParser(t)
for parsing time, defined in short string (ex:1d3h23m45s
,30m
,10s
,2h30s
) -
Server: config parameter
restartAfterNotSynced
must be defined in milliseconds or short time string (ex:30m
) -
Server: changed alerts events to Telegram and Discord. Value
NON_SYNCED
is deprecated, to alert change sync status use valueSTATUS
-
Server: changed config property
price:interval
toprice:sendInterval
-
Server: removed collecting Mina Explorer Height, config parameter
observeExplorer
deprecated -
Server: config parameter
blockDiff
now can be0
to disable fork checking -
Server: config parameter
blockDiffToRestart
now can be0
to disable restart node when fork detected -
Client: changed data exchange protocol from
http(s)
tows(s)
-
Client: added support short string time format in config
-
Client: config parameters
inervals:*
are deprecated -
Client: config parameters
price:*
are deprecated -
Client: config parameters
proxy
,useProxy
are deprecated -
Client: config parameters
hosts
,useHost
are deprecated. You must use parameterhost: "server_ip_or_name:port"
-
Client: config parameter
useHttps
are deprecated. You must use parameterhttps: true|false
-
Client: fixed color for uptime position label for 120+ places
Mina Monitor v1.1.4
What's new in 1.1.4
- Snark worker controller
- Node response time
Changelog for 1.1.4
- Server: added
snark worker
controller - Server: added request for
node response time
- Server: improved work of the
alerter
for detectingforks
- Server: use stored state for responses
- Client: updated for using new responses
Mina Monitor v1.1.3
1.1.3
- Server: fixed exception alert in uptime module when service is down
Mina Monitor v1.1.2
1.1.2
- Fixed memory leaks for setTimeout circular links
- Server: added
process.memory
to get mem request