[Xymon] Solaris 10 sparc xymon 4.3.10 issue ?

Mon Oct 8 20:47:08 CEST 2012

  Aha, there was a long burried issue on our apache server in a customlog 
setup which had never been an issues until xymon was turned on.  There 
was no redirect, /bin/tee was opening everything listed after it 
including "|" and "/bin/logger" and appending to them the apache logs...
it must be a monday... :)

Matt

And now a bit of polka music by "Ralph Mitchell"
> 
> 
> If something was appending to the /usr/bin/logger binary, you might want to
> check your various scripts for code that does:
> 
>      ....... > /usr/bin/logger
> 
> instead of:
> 
>      ..... | /usr/bin/logger
> 
> Ralph Mitchell
> On Oct 8, 2012 12:50 PM, "Matt Goebel" <goebel at emunix.emich.edu> wrote:
> 
> >
> > Yes... /bin/logger is a binary...
> >
> > I seem to have figured out the issue, fping was being run as root by xymon,
> > so I did the following :
> >
> > so I removed the sticky bit from user and group on /usr/local/sbin/fping
> >
> > then I did the following and restarted xymon
> >
> > add in : /etc/security/exec_attr
> > Network Management:solaris:cmd:::/usr/local/sbin/fping:privs=net_icmpaccess
> >
> > add in : /etc/user_attr
> > xymon::::defaultpriv=basic,net_icmpaccess
> >
> > Matt
> >
> > --
> > Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris
> > Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...
> >  "Always with the negative waves, Moriarty" - Oddball
> >  "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer
> > _______________________________________________
> > Xymon mailing list
> > Xymon at xymon.com
> > http://lists.xymon.com/mailman/listinfo/xymon
> >
> 
> --bcaec54fb0c030d40f04cb8f19b6
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> 
> <p dir=3D"ltr">If something was appending to the /usr/bin/logger binary, yo=
> u might want to check your various scripts for code that does:</p>
> <p dir=3D"ltr">=A0=A0=A0=A0 ....... > /usr/bin/logger</p>
> <p dir=3D"ltr">instead of:</p>
> <p dir=3D"ltr">=A0=A0=A0=A0 ..... | /usr/bin/logger</p>
> <p dir=3D"ltr">Ralph Mitchell</p>
> <div class=3D"gmail_quote">On Oct 8, 2012 12:50 PM, "Matt Goebel"=
>  <<a href=3D"mailto:goebel at emunix.emich.edu">goebel at emunix.emich.edu</a>=
> > wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" style=
> =3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
> <br>
> Yes... /bin/logger is a binary...<br>
> <br>
> I seem to have figured out the issue, fping was being run as root by xymon,=
> <br>
> so I did the following :<br>
> <br>
> so I removed the sticky bit from user and group on /usr/local/sbin/fping<br=
> >
> <br>
> then I did the following and restarted xymon<br>
> <br>
> add in : /etc/security/exec_attr<br>
> Network Management:solaris:cmd:::/usr/local/sbin/fping:privs=3Dnet_icmpacce=
> ss<br>
> <br>
> add in : /etc/user_attr<br>
> xymon::::defaultpriv=3Dbasic,net_icmpaccess<br>
> <br>
> Matt<br>
> <br>
> --<br>
> Matthew Goebel : <a href=3D"mailto:goebel at emunix.emich.edu">goebel at emunix.e=
> mich.edu</a> : Unix Jockey @ EMU : Hail Eris<br>
> Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...<br>
> =A0"Always with the negative waves, Moriarty" - Oddball<br>
> =A0"Comfort the troubled, and trouble the comfortable." - Dietric=
> h Bonhoeffer<br>
> _______________________________________________<br>
> Xymon mailing list<br>
> <a href=3D"mailto:Xymon at xymon.com">Xymon at xymon.com</a><br>
> <a href=3D"http://lists.xymon.com/mailman/listinfo/xymon" target=3D"_blank"=
> >http://lists.xymon.com/mailman/listinfo/xymon</a><br>
> </blockquote></div>
> 
> --bcaec54fb0c030d40f04cb8f19b6--
> 

-- 
Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris
Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...
 "Always with the negative waves, Moriarty" - Oddball
 "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer