Control Compliance Suite 10.5.1; RMS Data collection on Linux assets could trigger a reboot of the system.

Article:TECH186628  |  Created: 2012-04-17  |  Updated: 2012-06-24  |  Article URL http://www.symantec.com/docs/TECH186628
Article Type
Technical Solution


Issue



Using Control Compliance Suite 10.5.1 and triggering an RMS Data collection targeting the /dev directory and specifically finding /dev/watchdog on Linux assets could trigger a reboot of the system.

 


Error



Although not an error message rather a informational one, in the /var/log/messages file of the affected system the following is recorded:

Apr  3 16:02:39 hostname kernel: Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0)
Apr  3 16:02:39 hostname kernel: SoftDog: Unexpected close, not stopping watchdog!

 


Environment



RedHat Enterprise Linux and SuSE Linux Enterprise Server Assets.

Control Compliance Suite bv-Control Agent 10.5-33

Note: Agent-less Linux assets are not affected.

 


Cause



When looking for file attributes of the files in /dev directory - the bv-Control Agent triggers a system call that (depending on the check/query configuration) opens the file /dev/watchdog. If the watchdog file is opened but not written to within 60 seconds - the system will reboot. This behavior is as per design of the watchdog facility and native to Linux. The watchdog facility is enabled by default on SuSE Linux Enterprise Server but not on RedHat Enterprise Linux - therefore this issue if more likely to show on SuSE Linux Enterprise Server systems yet could show on RedHat Enterprise Linux too.

 


Solution



 

Create CCS checks and RMS queries that avoid opening the /dev/watchdog file. If you have a need to query for file attributes in the /dev directory - only target block devices. Add a find option in the CCS or RMS check; ‘-type b’ to limit the initial search to only ‘block special’ files. This will prevent opening the /dev/watchdog file which is a character file.

 Note: This solution apply before the release of PCU 2012-2, once you apply this PCU it won't check these type of files anymore.




Article URL http://www.symantec.com/docs/TECH186628


Terms of use for this information are found in Legal Notices