Differences
This shows you the differences between two versions of the page.
linux_wiki:broken_links_to_executables [2019/05/25 23:50] |
linux_wiki:broken_links_to_executables [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Broken Links To Executables ====== | ||
+ | |||
+ | Security scans can detect a vulnerability of "Linux Daemons with Broken Links to Executables" | ||
+ | |||
+ | This page details what that is and the commonly seen ones with their fixes. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== About Broken Links to Executables ====== | ||
+ | |||
+ | **What?**\\ | ||
+ | When a package is updated on disk (ie via yum or rpm package install) while the application is running in memory, this can create a broken link to executable on disk. | ||
+ | |||
+ | **Why?**\\ | ||
+ | The /proc pseudo file system keeps track of running processes (in memory) and has symlinks to the on disk location of things like executables. When a package is ripped out from underneath a symlink, it becomes broken. Some services auto restart upon upgrade, some don't. | ||
+ | |||
+ | **The Fix**\\ | ||
+ | Restart the affected service/ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Re-mediating Broken Symlinks ====== | ||
+ | |||
+ | In general, how to re-mediate broken symlinks. | ||
+ | |||
+ | - Security scans show the netstat output of the broken link, but don't show the process id. This must be determined on your own. | ||
+ | - Find the process ID from netstat output< | ||
+ | |||
+ | tcp 0 0 0.0.0.0: | ||
+ | - Process ID is: 8743 | ||
+ | - Further investigation about the process if it is not yet clear< | ||
+ | |||
+ | 5 S rpcuser 8743 1 0 80 0 - 5853 poll_s 2015 ? 00:00:00 rpc.statd --no-notify</ | ||
+ | - View the broken symlink in /proc (notice it says " | ||
+ | lrwxrwxrwx 1 root root 0 Jul 15 08:50 / | ||
+ | - Restart the affected service< | ||
+ | - New PID assigned, verify that no broken symlink exists (" | ||
+ | lrwxrwxrwx 1 root root 0 Aug 18 07:25 / | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Common Broken Symlinks ====== | ||
+ | |||
+ | Commonly seen broken symlinks. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== pgsql agent ===== | ||
+ | |||
+ | **About**: pgsql agent runs on Postgres database systems in order to monitor the database. | ||
+ | |||
+ | **Restart it** | ||
+ | * EL 6/7 | ||
+ | * Switch to the postgres user< | ||
+ | * Stop, then start the agent< | ||
+ | / | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ===== rpc.statd ===== | ||
+ | |||
+ | **About**: rpc.statd is a process used by nfslock, which provides file locking over NFS mounts. This service can be safely restarted as long as there are no open NFS files. **WARNING: Restarting this service with open files over NFS mounts could result in stale nfs locks.** | ||
+ | |||
+ | **Restart it** | ||
+ | * EL 6<code bash> | ||
+ | * EL 7<code bash> | ||
+ | |||
+ | ---- | ||