Had an issue at customer where the ICMP poller was not running and below warning messages are seen in the log file
2018-09-11T14:37:28: Information: I-MOM-001-013: [641210176t] Connected to broker: 127.0.0.1:1883 using clientId: ncp_poller_4098_BACKSTAGE_P
2018-09-11T14:37:28: Information: I-MOM-001-001: [641210176t] ncp_poller[4098] Version 4.2 (Build 60) 64 bit on linux2x86 becoming Primary
2018-09-11T14:37:28: Information: I-DB-001-018: [328492800t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T14:37:28: Information: I-POL-001-003: [326391552t] Opening plugin SnmpPoller: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpSnmpPoller.so
2018-09-11T14:37:28: Warning: W-SNM-003-012: [326391552t] Cannot create raw IPv4 socket (error = 1)
2018-09-11T14:37:28: Warning: W-SNM-003-009: [326391552t] Error 1: Operation not permitted
2018-09-11T14:37:28: Warning: W-SNM-003-013: [326391552t] ICMPv4 will be disabled
2018-09-11T14:37:28: Information: I-POL-001-003: [326391552t] Opening plugin Monitor: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpMonitor.so
2018-09-11T14:37:30: Information: I-DB-001-018: [80545536t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T14:37:28: Information: I-MOM-001-013: [641210176t] Connected to broker: 127.0.0.1:1883 using clientId: ncp_poller_4098_BACKSTAGE_P
2018-09-11T14:37:28: Information: I-MOM-001-001: [641210176t] ncp_poller[4098] Version 4.2 (Build 60) 64 bit on linux2x86 becoming Primary
2018-09-11T14:37:28: Information: I-DB-001-018: [328492800t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T14:37:28: Information: I-POL-001-003: [326391552t] Opening plugin SnmpPoller: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpSnmpPoller.so
2018-09-11T14:37:28: Warning: W-SNM-003-012: [326391552t] Cannot create raw IPv4 socket (error = 1)
2018-09-11T14:37:28: Warning: W-SNM-003-009: [326391552t] Error 1: Operation not permitted
2018-09-11T14:37:28: Warning: W-SNM-003-013: [326391552t] ICMPv4 will be disabled
2018-09-11T14:37:28: Information: I-POL-001-003: [326391552t] Opening plugin Monitor: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpMonitor.so
2018-09-11T14:37:30: Information: I-DB-001-018: [80545536t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
This error is because some server mount points have restrictions on running processes as setuid. look at /etc/fstab and if the mount has nosuid, remove this to fix the issue.
Note: restart of the server is required for the new configuration to take effect.
After restart, the log file shows these lines
2018-09-11T17:02:18: Information: I-MOM-001-013: [3563349824t] Connected to broker: 127.0.0.1:1883 using clientId: ncp_poller_18546_BACKSTAGE_P
2018-09-11T17:02:18: Information: I-MOM-001-001: [3563349824t] ncp_poller[18546] Version 4.2 (Build 60) 64 bit on linux2x86 becoming Primary
2018-09-11T17:02:18: Information: I-DB-001-018: [3250796288t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T17:02:18: Information: I-POL-001-003: [3248695040t] Opening plugin SnmpPoller: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpSnmpPoller.so
2018-09-11T17:02:18: Information: I-POL-001-003: [3248695040t] Opening plugin Monitor: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpMonitor.so
2018-09-11T17:02:20: Information: I-DB-001-018: [2327533312t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T17:02:21: Information: I-DB-001-020: [3248695040t] Created handle 1 of (unlimited handles) in pool to DB 'NCIM'
2018-09-11T17:02:21: Information: I-DB-001-020: [3248695040t] Created handle 1 of (unlimited handles) in pool to DB 'POLLDATA'
2018-09-11T17:02:21: Information: I-FAI-001-006: [3248695040t] Operating as the primary ncp_poller in a failover pair
Some info on the mount point options.
Note: restart of the server is required for the new configuration to take effect.
After restart, the log file shows these lines
2018-09-11T17:02:18: Information: I-MOM-001-013: [3563349824t] Connected to broker: 127.0.0.1:1883 using clientId: ncp_poller_18546_BACKSTAGE_P
2018-09-11T17:02:18: Information: I-MOM-001-001: [3563349824t] ncp_poller[18546] Version 4.2 (Build 60) 64 bit on linux2x86 becoming Primary
2018-09-11T17:02:18: Information: I-DB-001-018: [3250796288t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T17:02:18: Information: I-POL-001-003: [3248695040t] Opening plugin SnmpPoller: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpSnmpPoller.so
2018-09-11T17:02:18: Information: I-POL-001-003: [3248695040t] Opening plugin Monitor: library name is /appl/esm/tivoli/netcool/precision/precision/platform/linux2x86/lib64/libNcpMonitor.so
2018-09-11T17:02:20: Information: I-DB-001-018: [2327533312t] Polling thread: Database poller is connected to NCIM database 'NCIMP_APP.oradb.albertsons.com' (schema 'ncim')
2018-09-11T17:02:21: Information: I-DB-001-020: [3248695040t] Created handle 1 of (unlimited handles) in pool to DB 'NCIM'
2018-09-11T17:02:21: Information: I-DB-001-020: [3248695040t] Created handle 1 of (unlimited handles) in pool to DB 'POLLDATA'
2018-09-11T17:02:21: Information: I-FAI-001-006: [3248695040t] Operating as the primary ncp_poller in a failover pair
Some info on the mount point options.
I see those two options constantly suggested on the web when someone describes how to mount a tmpfs or ramfs. Often also with noexec but I'm specifically interested in nodev and nosuid. I basically hate just blindly repeating what somebody suggested, without real understanding. And since I only see copy/paste instructions on the net regarding this, I ask here.
This is from documentation:
nodev - Don't interpret block special devices on the filesystem.
nosuid - Block the operation of suid, and sgid bits.
nodev - Don't interpret block special devices on the filesystem.
nosuid - Block the operation of suid, and sgid bits.
But I would like a practical explanation what could happen if I leave those two out. Let's say that I have configured tmpfs or ramfs(without these two mentioned options set) that is accessible(read+write) by a specific (non-root)user on the system. What can that user do to harm the system? Excluding the case of consuming all available system memory in case of ramfs
No comments:
Post a Comment