linux_wiki:broken_links_to_executables

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:broken_links_to_executables [2019/05/25 23:50]
linux_wiki:broken_links_to_executables [2019/05/25 23:50] (current)
Line 1: Line 1:
 +====== Broken Links To Executables ======
 +
 +Security scans can detect a vulnerability of "Linux Daemons with Broken Links to Executables".
 +
 +This page details what that is and the commonly seen ones with their fixes.
 +
 +----
 +
 +====== About Broken Links to Executables ======
 +
 +**What?**\\
 +When a package is updated on disk (ie via yum or rpm package install) while the application is running in memory, this can create a broken link to executable on disk.
 +
 +**Why?**\\
 +The /proc pseudo file system keeps track of running processes (in memory) and has symlinks to the on disk location of things like executables. When a package is ripped out from underneath a symlink, it becomes broken. Some services auto restart upon upgrade, some don't.
 +
 +**The Fix**\\
 +Restart the affected service/process, so the new package binaries are used from disk.
 +
 +----
 +
 +====== Re-mediating Broken Symlinks ======
 +
 +In general, how to re-mediate broken symlinks.
 +
 +  - Security scans show the netstat output of the broken link, but don't show the process id. This must be determined on your own.
 +  - Find the process ID from netstat output<code bash>netstat -antpu | grep rpc.statd
 +
 +tcp        0      0 0.0.0.0:22605               0.0.0.0:                  LISTEN      8743/rpc.statd</code>
 +    - Process ID is: 8743
 +  - Further investigation about the process if it is not yet clear<code bash>ps -elf | grep 8743
 +
 +5 S rpcuser 8743 1 0 80 0 - 5853 poll_s 2015 ? 00:00:00 rpc.statd --no-notify</code>
 +  - View the broken symlink in /proc (notice it says "deleted")<code bash>ls -l /proc/8743/exe
 +lrwxrwxrwx 1 root root 0 Jul 15 08:50 /proc/8743/exe -> /sbin/rpc.statd (deleted)</code>
 +  - Restart the affected service<code bash>service nfslock restart</code>
 +  - New PID assigned, verify that no broken symlink exists ("deleted" is now gone)<code bash>ls -l /proc/4217/exe
 +lrwxrwxrwx 1 root root 0 Aug 18 07:25 /proc/4217/exe -> /sbin/rpc.statd</code>
 +
 +----
 +
 +====== Common Broken Symlinks ======
 +
 +Commonly seen broken symlinks.
 +
 +----
 +
 +===== pgsql agent =====
 +
 +**About**: pgsql agent runs on Postgres database systems in order to monitor the database.
 +
 +**Restart it**
 +  * EL 6/7
 +    * Switch to the postgres user<code bash>sudo su - postgres</code>
 +    * Stop, then start the agent<code bash>/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl stop agent
 +/var/lib/pgsql/agent/agent_13.2.0.0.0/bin/emctl start agent</code>
 +
 +----
 +
 +===== rpc.statd =====
 +
 +**About**: rpc.statd is a process used by nfslock, which provides file locking over NFS mounts. This service can be safely restarted as long as there are no open NFS files. **WARNING: Restarting this service with open files over NFS mounts could result in stale nfs locks.**
 +
 +**Restart it**
 +  * EL 6<code bash>service nfslock restart</code>
 +  * EL 7<code bash>systemctl restart nfslock</code>
 +
 +----
  
  • linux_wiki/broken_links_to_executables.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)