[Xymon] [External] NSSM & Xymon PowerShell Client

Tue Jul 18 15:34:32 CEST 2017

Hi Chris

Nssm is an open source project itself, so if you have recommendations / suggestions, please contact the author or make a pull request on his repository - http://nssm.cc has all the details.

The Powershell client was designed by the original author to be run as a service. I don't think it is feasible to run as a scheduled task. For example, tracking CPU percentage usage per process is done by counting the processor ticks used between scans and using an in-memory data structure to do so.

Zak

-----Original Message-----
From: Xymon [mailto:xymon-bounces at xymon.com] On Behalf Of Chris Rowson
Sent: 18 July 2017 13:42
To: xymon at xymon.com
Subject: [External] [Xymon] NSSM & Xymon PowerShell Client

Hi list,

I've been asked to look at a Xymon install which needs updating. The first thing I noticed was that the monitored Windows servers in the environment are using the old BBWin client which doesn't seem to be maintained any longer.

Checking the mailing list I've noticed that a lot of people are now using the WinPSClient so I've been trying to familiarise myself with it.

As I hadn't come across the software before, I ran the source for NSSM (the manager which runs the PS script as a service) past a C++ code analysis tool and it came out with a few /potential/ issues. The critical and high vulnerabilities are:

Critical: Use of memmove Allows Buffer Overflow
-------------------------------------------------------
- The size limit is larger than the destination buffer, while the source is a char* and so, could allow a buffer overflow to take place.
- nssm-master\io.cpp Line 213

High: LoadLibrary
------------------
- The function searches several paths for a library if called with a filename, but no path. This can allow trojan DLLs to be deployed, regardless of the presence of the correct DLL. Manually check the code to ensure that the full path is specified.
- nssm-master\imports.cpp Line 15

I'm not a C++ programmer, but looking at the code, the findings of the analysis tool look at least possible. Has anybody else performed code scrutiny against this aspect of the solution who can confirm or deny any issues?

I also wondered if there's any particular reason why the PowerShell script can't be run at intervals by task scheduler instead of running as a service?

Thanks,

Chris
_______________________________________________
Xymon mailing list
Xymon at xymon.com
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwIGaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=S-aLwpx-PHBTBMIG_c2JczRC0SfuZCmsiH9Iams25FI&m=rLPiyFFCQG0d0nSFCWoiS2eqjnJC_7hdc-ARFOofFrk&s=Zc6yxGPZ6KReTUr3tQiVpWLc7RpoECGiRvLMqHSuCdI&e=

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy.
______________________________________________________________________________________

www.accenture.com