Security scans can detect a vulnerability of “Linux Daemons with Broken Links to Executables”.
This page details what that is and the commonly seen ones with their fixes.
What?
When a package is updated on disk (ie via yum or rpm package install) while the application is running in memory, this can create a broken link to executable on disk.
Why?
The /proc pseudo file system keeps track of running processes (in memory) and has symlinks to the on disk location of things like executables. When a package is ripped out from underneath a symlink, it becomes broken. Some services auto restart upon upgrade, some don't.
The Fix
Restart the affected service/process, so the new package binaries are used from disk.
In general, how to re-mediate broken symlinks.
netstat -antpu | grep rpc.statd tcp 0 0 0.0.0.0:22605 0.0.0.0:* LISTEN 8743/rpc.statd
ps -elf | grep 8743 5 S rpcuser 8743 1 0 80 0 - 5853 poll_s 2015 ? 00:00:00 rpc.statd --no-notify
ls -l /proc/8743/exe lrwxrwxrwx 1 root root 0 Jul 15 08:50 /proc/8743/exe -> /sbin/rpc.statd (deleted)
service nfslock restart
ls -l /proc/4217/exe lrwxrwxrwx 1 root root 0 Aug 18 07:25 /proc/4217/exe -> /sbin/rpc.statd
Commonly seen broken symlinks.
About: pgsql agent runs on Postgres database systems in order to monitor the database.
Restart it
sudo su - postgres
/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl stop agent /var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl start agent
About: rpc.statd is a process used by nfslock, which provides file locking over NFS mounts. This service can be safely restarted as long as there are no open NFS files. WARNING: Restarting this service with open files over NFS mounts could result in stale nfs locks.
Restart it
service nfslock restart
systemctl restart nfslock