Control Compliance Suite 10.5.1; RMS Data collection on Linux assets could trigger a reboot of the system.
|Article:TECH186628|||||Created: 2012-04-17|||||Updated: 2012-06-24|||||Article URL http://www.symantec.com/docs/TECH186628|
Using Control Compliance Suite 10.5.1 and triggering an RMS Data collection targeting the /dev directory and specifically finding /dev/watchdog on Linux assets could trigger a reboot of the system.
Although not an error message rather a informational one, in the /var/log/messages file of the affected system the following is recorded:
Apr 3 16:02:39 hostname kernel: Software Watchdog Timer: 0.07 initialized. soft_noboot=0 soft_margin=60 sec (nowayout= 0)
Apr 3 16:02:39 hostname kernel: SoftDog: Unexpected close, not stopping watchdog!
RedHat Enterprise Linux and SuSE Linux Enterprise Server Assets.
Control Compliance Suite bv-Control Agent 10.5-33
Note: Agent-less Linux assets are not affected.
When looking for file attributes of the files in /dev directory - the bv-Control Agent triggers a system call that (depending on the check/query configuration) opens the file /dev/watchdog. If the watchdog file is opened but not written to within 60 seconds - the system will reboot. This behavior is as per design of the watchdog facility and native to Linux. The watchdog facility is enabled by default on SuSE Linux Enterprise Server but not on RedHat Enterprise Linux - therefore this issue if more likely to show on SuSE Linux Enterprise Server systems yet could show on RedHat Enterprise Linux too.
Create CCS checks and RMS queries that avoid opening the /dev/watchdog file. If you have a need to query for file attributes in the /dev directory - only target block devices. Add a find option in the CCS or RMS check; ‘-type b’ to limit the initial search to only ‘block special’ files. This will prevent opening the /dev/watchdog file which is a character file.
Note: This solution apply before the release of PCU 2012-2, once you apply this PCU it won't check these type of files anymore.
Article URL http://www.symantec.com/docs/TECH186628