====== Broken Links To Executables ======
Security scans can detect a vulnerability of "Linux Daemons with Broken Links to Executables".
This page details what that is and the commonly seen ones with their fixes.
----
====== About Broken Links to Executables ======
**What?**\\
When a package is updated on disk (ie via yum or rpm package install) while the application is running in memory, this can create a broken link to executable on disk.
**Why?**\\
The /proc pseudo file system keeps track of running processes (in memory) and has symlinks to the on disk location of things like executables. When a package is ripped out from underneath a symlink, it becomes broken. Some services auto restart upon upgrade, some don't.
**The Fix**\\
Restart the affected service/process, so the new package binaries are used from disk.
----
====== Re-mediating Broken Symlinks ======
In general, how to re-mediate broken symlinks.
- Security scans show the netstat output of the broken link, but don't show the process id. This must be determined on your own.
- Find the process ID from netstat outputnetstat -antpu | grep rpc.statd
tcp 0 0 0.0.0.0:22605 0.0.0.0:* LISTEN 8743/rpc.statd
- Process ID is: 8743
- Further investigation about the process if it is not yet clearps -elf | grep 8743
5 S rpcuser 8743 1 0 80 0 - 5853 poll_s 2015 ? 00:00:00 rpc.statd --no-notify
- View the broken symlink in /proc (notice it says "deleted")ls -l /proc/8743/exe
lrwxrwxrwx 1 root root 0 Jul 15 08:50 /proc/8743/exe -> /sbin/rpc.statd (deleted)
- Restart the affected serviceservice nfslock restart
- New PID assigned, verify that no broken symlink exists ("deleted" is now gone)ls -l /proc/4217/exe
lrwxrwxrwx 1 root root 0 Aug 18 07:25 /proc/4217/exe -> /sbin/rpc.statd
----
====== Common Broken Symlinks ======
Commonly seen broken symlinks.
----
===== pgsql agent =====
**About**: pgsql agent runs on Postgres database systems in order to monitor the database.
**Restart it**
* EL 6/7
* Switch to the postgres usersudo su - postgres
* Stop, then start the agent/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl stop agent
/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl start agent
----
===== rpc.statd =====
**About**: rpc.statd is a process used by nfslock, which provides file locking over NFS mounts. This service can be safely restarted as long as there are no open NFS files. **WARNING: Restarting this service with open files over NFS mounts could result in stale nfs locks.**
**Restart it**
* EL 6service nfslock restart
* EL 7systemctl restart nfslock
----