====== Broken Links To Executables ======

Security scans can detect a vulnerability of "Linux Daemons with Broken Links to Executables".

This page details what that is and the commonly seen ones with their fixes.

----

====== About Broken Links to Executables ======

**What?**\\
When a package is updated on disk (ie via yum or rpm package install) while the application is running in memory, this can create a broken link to executable on disk.

**Why?**\\
The /proc pseudo file system keeps track of running processes (in memory) and has symlinks to the on disk location of things like executables. When a package is ripped out from underneath a symlink, it becomes broken. Some services auto restart upon upgrade, some don't.

**The Fix**\\
Restart the affected service/process, so the new package binaries are used from disk.

----

====== Re-mediating Broken Symlinks ======

In general, how to re-mediate broken symlinks.

  - Security scans show the netstat output of the broken link, but don't show the process id. This must be determined on your own.
  - Find the process ID from netstat output<code bash>netstat -antpu | grep rpc.statd

tcp        0      0 0.0.0.0:22605               0.0.0.0:*                   LISTEN      8743/rpc.statd</code>
    - Process ID is: 8743
  - Further investigation about the process if it is not yet clear<code bash>ps -elf | grep 8743

5 S rpcuser 8743 1 0 80 0 - 5853 poll_s 2015 ? 00:00:00 rpc.statd --no-notify</code>
  - View the broken symlink in /proc (notice it says "deleted")<code bash>ls -l /proc/8743/exe
lrwxrwxrwx 1 root root 0 Jul 15 08:50 /proc/8743/exe -> /sbin/rpc.statd (deleted)</code>
  - Restart the affected service<code bash>service nfslock restart</code>
  - New PID assigned, verify that no broken symlink exists ("deleted" is now gone)<code bash>ls -l /proc/4217/exe
lrwxrwxrwx 1 root root 0 Aug 18 07:25 /proc/4217/exe -> /sbin/rpc.statd</code>

----

====== Common Broken Symlinks ======

Commonly seen broken symlinks.

----

===== pgsql agent =====

**About**: pgsql agent runs on Postgres database systems in order to monitor the database.

**Restart it**
  * EL 6/7
    * Switch to the postgres user<code bash>sudo su - postgres</code>
    * Stop, then start the agent<code bash>/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl stop agent
/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl start agent</code>

----

===== rpc.statd =====

**About**: rpc.statd is a process used by nfslock, which provides file locking over NFS mounts. This service can be safely restarted as long as there are no open NFS files. **WARNING: Restarting this service with open files over NFS mounts could result in stale nfs locks.**

**Restart it**
  * EL 6<code bash>service nfslock restart</code>
  * EL 7<code bash>systemctl restart nfslock</code>

----