Open-AudIT

What's on your network?
It is currently Tue Apr 24, 2018 4:56 pm

All times are UTC + 10 hours




Post new topic Reply to topic  [ 50 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
PostPosted: Fri Apr 19, 2013 11:56 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
RedDevils wrote:
System Info
./audit_linux.sh: line 513: -s: command not found
./audit_linux.sh: line 517: -s: command not found
./audit_linux.sh: line 527: -s: command not found
BIOS Info
Processor Info
./audit_linux.sh: line 695: -t: command not found
./audit_linux.sh: line 718: -t: command not found


So by manually setting the lines in the script from OA_DMIDECODE to /usr/sbin/dmidecode this portion of the script now pulls the data.

Now on to the network portion,


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 19, 2013 12:48 pm 
Offline
Newbie

Joined: Wed Dec 12, 2012 9:24 am
Posts: 25
I can help you out with that. Do you have a little more information about the CentOS box you're running on? Type of NIC? Are they in any special configuration such as bonding? What are the interface names? eth0, em1, etc?

Also, where did you get the script from and how long ago did you download it? I'm checking some of the lines that you referenced in your output, but those are comments in the latest version of the script.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 20, 2013 12:27 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
Hi ihashacks!

ihashacks wrote:
Also, where did you get the script from and how long ago did you download it?

So I grabbed version 58 from your repo just a few days back.

ihashacks wrote:
Type of NIC?

01:00.0 "Ethernet controller" "Broadcom Corporation" "NetXtreme II BCM5709 Gigabit Ethernet" -r20 "Dell" "PowerEdge R610 BCM5709 Gigabit Ethernet"
01:00.1 "Ethernet controller" "Broadcom Corporation" "NetXtreme II BCM5709 Gigabit Ethernet" -r20 "Dell" "PowerEdge R610 BCM5709 Gigabit Ethernet"
02:00.0 "Ethernet controller" "Broadcom Corporation" "NetXtreme II BCM5709 Gigabit Ethernet" -r20 "Dell" "PowerEdge R610 BCM5709 Gigabit Ethernet"
02:00.1 "Ethernet controller" "Broadcom Corporation" "NetXtreme II BCM5709 Gigabit Ethernet" -r20 "Dell" "PowerEdge R610 BCM5709 Gigabit Ethernet"

ihashacks wrote:
Are they in any special configuration such as bonding? What are the interface names? eth0, em1, etc?

We do have bonding setup.

cd /sys/class/net/
ls
bond0 bonding_masters eth0 eth1 eth2 eth3 lo sit0

What kind of indo do you want on CentOS? there versions we run are:
CentOS release 5.8 (Final)
CentOS Linux release 6.0 (Final)
CentOS release 5.6 (Final)

Let me know if you need any other info.

Thanks again mate!


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 20, 2013 1:05 am 
Offline
Newbie

Joined: Wed Dec 12, 2012 9:24 am
Posts: 25
Revision 58 might be the issue. 64 is the latest:

https://bazaar.launchpad.net/~ihashacks ... evision/64


That release actually included a fix relating to NIC bonding issues.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 20, 2013 1:28 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
So i just pulled 64 down from the repo and i received the same errors.


Network Cards Info
/bin/cat: /sys/class/net/44 bond0/address: No such file or directory
./audit_linux.sh: line 1033: -vms: command not found
./audit_linux.sh: line 1037: -vms: command not found
./audit_linux.sh: line 1047: 44 bond0: command not found
/bin/cat: /sys/class/net/44 bond0/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/50 eth0/address: No such file or directory
./audit_linux.sh: line 1033: -vms: command not found
./audit_linux.sh: line 1037: -vms: command not found
./audit_linux.sh: line 1047: 50 eth0: command not found
/bin/cat: /sys/class/net/50 eth0/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/55 eth1/address: No such file or directory
./audit_linux.sh: line 1033: -vms: command not found
./audit_linux.sh: line 1037: -vms: command not found
./audit_linux.sh: line 1047: 55 eth1: command not found
/bin/cat: /sys/class/net/55 eth1/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/48 eth2/address: No such file or directory
./audit_linux.sh: line 1033: -vms: command not found
./audit_linux.sh: line 1037: -vms: command not found
./audit_linux.sh: line 1047: 48 eth2: command not found
/bin/cat: /sys/class/net/48 eth2/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/48 eth3/address: No such file or directory
./audit_linux.sh: line 1033: -vms: command not found
./audit_linux.sh: line 1037: -vms: command not found
./audit_linux.sh: line 1047: 48 eth3: command not found
/bin/cat: /sys/class/net/48 eth3/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/48 sit0/address: No such file or directory
./audit_linux.sh: line 1033: -vms: command not found
./audit_linux.sh: line 1037: -vms: command not found
./audit_linux.sh: line 1047: 48 sit0: command not found
/bin/cat: /sys/class/net/48 sit0/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 20, 2013 6:55 am 
Offline
Newbie

Joined: Wed Dec 12, 2012 9:24 am
Posts: 25
I believe you are missing "lspci" since "-vms" are parameters to $OA_LSPCI

What happens if you run "./audit_linux.sh check_commands=y | grep lspci" ? Does lspci have a path or is it blank?


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 21, 2013 6:44 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
./audit_linux.sh check_commands=y
Checking commands on .
----------------------
awk : /bin/awk
bc :
cat : /bin/cat
cdrdao :
cut : /bin/cut
date : /bin/date
df : /bin/df
dmesg : /bin/dmesg
dmidecode : /usr/sbin/dmidecode
dpkg :
echo : /bin/echo
ethtool : /sbin/ethtool
expr : /usr/bin/expr
fdisk : /sbin/fdisk
grep : /bin/grep
head : /usr/bin/head
hostname : /bin/hostname
ifconfig : /sbin/ifconfig
ip : /sbin/ip
iwlist :
lsb_release :
lshw :
lspci : /sbin/lspci
lvm : /sbin/lvm
mdadm :
partprobe :
ping : /bin/ping
ps : /bin/ps
rev : /usr/bin/rev
rm : /bin/rm
sed : /bin/sed
sort : /bin/sort
swapon : /sbin/swapon
tail : /usr/bin/tail
test : /usr/bin/test
uname : /bin/uname
wc : /usr/bin/wc
wget : /usr/bin/wget
whoami : /usr/bin/whoami


lspci is installed, it's in /sbin. The thing is, if i set the path in the script that part will work. Although, it does not like -s.

Network Cards Info
/bin/cat: /sys/class/net/44 bond0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux.sh: line 1047: 44 bond0: command not found
/bin/cat: /sys/class/net/44 bond0/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/50 eth0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux.sh: line 1047: 50 eth0: command not found
/bin/cat: /sys/class/net/50 eth0/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/55 eth1/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux.sh: line 1047: 55 eth1: command not found
/bin/cat: /sys/class/net/55 eth1/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/48 eth2/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux.sh: line 1047: 48 eth2: command not found
/bin/cat: /sys/class/net/48 eth2/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/48 eth3/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux.sh: line 1047: 48 eth3: command not found
/bin/cat: /sys/class/net/48 eth3/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found
/bin/cat: /sys/class/net/48 sit0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux.sh: line 1047: 48 sit0: command not found
/bin/cat: /sys/class/net/48 sit0/operstate: No such file or directory
./audit_linux.sh: line 1013: addr: command not found
./audit_linux.sh: line 1013: addr: command not found


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 21, 2013 12:54 pm 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
Little more info.


ls -l /sys/class/net/ | grep -Ev 'bonding_masters|lo|total' | rev | cut -d/ -f1,3 | rev | cut -d: -f2,3 44 bond0
50 eth0
55 eth1
48 eth2
48 eth3
48 sit0

looks like it's not stripping the two digits and space before the interface.
/bin/cat: /sys/class/net/44 bond0/operstate: No such file or directory

So for these errors, it's not being passed $net_card_pci due to the above error.
lspci: -s: Invalid slot number

How can i get the script to drop the digits and space?


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 22, 2013 1:15 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
So I have brought it a bit further. I have stripped out the characters by adding another cut line. From what i can tell, my servers to not have /sys/class/net/interface/device. This is why -s shows invalid slot number. Trying to figure out why my CentOS servers do not have this.


lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux2.sh: line 1008: addr: command not found
./audit_linux2.sh: line 1008: addr: command not found
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux2.sh: line 1008: addr: command not found
./audit_linux2.sh: line 1008: addr: command not found
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux2.sh: line 1008: addr: command not found
./audit_linux2.sh: line 1008: addr: command not found
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux2.sh: line 1008: addr: command not found
./audit_linux2.sh: line 1008: addr: command not found
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
./audit_linux2.sh: line 1008: addr: command not found
./audit_linux2.sh: line 1008: addr: command not found
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: Invalid argument
Cannot get wake-on-lan settings: Invalid argument
Cannot get message level: Invalid argument
Cannot get link status: Invalid argument
./audit_linux2.sh: line 1008: addr: command not found
./audit_linux2.sh: line 1008: addr: command not found


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 22, 2013 1:58 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
I take that back, only bond0 is missing the device dir at /sys/class/net/bond0/. I still say a lot of this is environmental. If i hard code the path to each command, i move forward a lot. Seems to work perfectly on any ubuntu system. :?

So I think I just found something. Looks like a permissions thing on uevent.

grep: /sys/class/net/eth0/device/uevent: Permission denied

On the Ubuntu systems this is where it pulls "PCI_SLOT_NAME" this is what is used for -s in lspci. So I set read perms for root, but the uevent file in bond0 is empty. :evil:


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 22, 2013 7:18 pm 
Offline
Newbie

Joined: Wed Jun 15, 2011 1:12 am
Posts: 30
I am running a mix of RedHat and Centos (amongst other Linux variants) and I have found the same problem with RedHat and Centos version 5.x. My Centos 6.x installations audit without any errors. Here is an audit using an identical script the first one from a RedHat 5.8 install and the second one run on a Centos 6.3 machine.

RedHat 5.8
Quote:
Starting audit - .
Not pinging target, attempting to audit.
My PID is :
Audit Start Time : 2013-04-22 09:36:08
Audit Location: local
-------------------
System Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
/bin/cat: /sys/class/net/12 bond0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/12 bond0/operstate: No such file or directory
Device "12 bond0" does not exist.
Device "12 bond0" does not exist.
/bin/cat: /sys/class/net/29 eth0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 eth0/operstate: No such file or directory
Device "29 eth0" does not exist.
Device "29 eth0" does not exist.
/bin/cat: /sys/class/net/29 eth1/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 eth1/operstate: No such file or directory
Device "29 eth1" does not exist.
Device "29 eth1" does not exist.
/bin/cat: /sys/class/net/29 eth2/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 eth2/operstate: No such file or directory
Device "29 eth2" does not exist.
Device "29 eth2" does not exist.
/bin/cat: /sys/class/net/29 eth3/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 eth3/operstate: No such file or directory
Device "29 eth3" does not exist.
Device "29 eth3" does not exist.
/bin/cat: /sys/class/net/29 eth4/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 eth4/operstate: No such file or directory
Device "29 eth4" does not exist.
Device "29 eth4" does not exist.
/bin/cat: /sys/class/net/29 eth5/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 eth5/operstate: No such file or directory
Device "29 eth5" does not exist.
Device "29 eth5" does not exist.
/bin/cat: /sys/class/net/29 sit0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/29 sit0/operstate: No such file or directory
Device "29 sit0" does not exist.
Device "29 sit0" does not exist.
Log Info
Swap Info
User Info
Software Info
Service Info
Route Info
Submitting results to server
Audit Generated in 14 seconds.


Centos 6.3
Quote:
Starting audit - .
Not pinging target, attempting to audit.
My PID is : 26056
Audit Start Time : 2013-04-22 09:34:43
Audit Location: local
-------------------
System Info
BIOS Info
Processor Info
Memory Info
Motherboard Info
Optical Drives Info
Video Cards Info
Sound Cards Info
Shares Info
Network Cards Info
Log Info
Swap Info
User Info
Software Info
Service Info
Route Info
Submitting results to server
Audit Generated in 152 seconds.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 23, 2013 12:12 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
I ended up having to do this to get most of it to work. I had to give the path to all commands and add in an extra cut (lines 1008 and 1021) "/usr/bin/cut -d\ -f2,3`" to strip out a two digit number and space. So now it gets /sys/class/net/interface and not /sys/class/net/44 interface.

Code:
994 ##################################
    995 # NETWORK CARDS SECTION          #
    996 ##################################
    997
    998 if [ "$debugging" -gt "0" ]; then
    999         $OA_ECHO "Network Cards Info"
   1000 fi
   1001
   1002 net_cards=`/bin/ls -l /sys/class/net/ |\
   1003                  /bin/grep -Ev 'bonding_masters|lo|total' |\
   1004                  /usr/bin/rev |\
   1005                  /usr/bin/cut -d/ -f1,3 |\
   1006                  /usr/bin/rev |\
   1007                  /usr/bin/cut -d: -f2,3 |\
   1008                  /usr/bin/cut -d\  -f2,3`
   1009
   1010 if [ "$net_cards" != "" ]; then
   1011         # Store the IP Addresses Information in a variable to write it later on the file
   1012         addr_info=""
   1013         /bin/echo "     <network_cards>" >> $xml_file
   1014         IFS=$'\n'; for net_card_connection_id in `/bin/ls -l /sys/class/net/ |\
   1015                 /bin/grep -Ev 'bonding_masters|lo|total' |\
   1016                 /bin/sed -re 's/virtio[0-9]+\///' |\
   1017                 /usr/bin/rev |\
   1018                 /usr/bin/cut -d/ -f1,3 |\
   1019                 /usr/bin/rev |\
   1020                 /usr/bin/cut -d: -f2,3 |\
   1021                 /usr/bin/cut -d\  -f2,3`; do
   1022                         net_card_id=`/bin/echo $net_card_connection_id |\
   1023                                 /usr/bin/cut -d/ -f2`
   1024                         net_card_pci=`/bin/echo $net_card_connection_id |\
   1025                                 /usr/bin/cut -d/ -f1`
   1026                         net_card_mac=`/bin/cat /sys/class/net/$net_card_id/address`
   1027                         if [ $net_card_pci = 'virtual' ]; then
   1028                                 net_card_model="Virtual Interface"
   1029                                 net_card_manufacturer="Linux"
   1030                         else
   1031                                 net_card_model=`/sbin/lspci -vms $net_card_pci |\
   1032                                         /bin/grep -v $net_card_pci |\
   1033                                         /bin/grep ^Device |\
   1034                                         /usr/bin/cut -d: -f2 |\
   1035                                         /usr/bin/cut -c2-`
   1036                                 net_card_manufacturer=`/sbin/lspci -vms $net_card_pci |\
   1037                                         /bin/grep ^Vendor |\
   1038                                         /usr/bin/cut -d: -f2 |\
   1039                                         /usr/bin/cut -c2-`
   1040                         fi


I still have a problem with bond0. Looks like the script is looking for the dir "device" and then cat uevent for the slot number of the interface (not 100% on this and please correct me if I am wrong). On all of my CentOS release 5.8 and CentOS release 5.6 servers bond0/uevent is owned by root, but with write perms only. I then added 644 to uevent and cat to see what was in it, it's blank. I grep'ed the bond0 dir for "PCI_SLOT_NAME", nothing. In my bond0 I have the following:
ls /sys/class/net/bond0
address
addr_len
bonding
broadcast
carrier
dormant
features
flags
ifindex
iflink
link_mode
mtu operstate
slave_eth0
slave_eth1
statistics
subsystem
tx_queue_len
type
uevent
weight

I am kinda stuck.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 23, 2013 1:50 am 
Offline
Newbie

Joined: Wed Dec 12, 2012 9:24 am
Posts: 25
Are you running this script as root? If not, you should be. Many of the things checked will require root/sudo permissions.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 23, 2013 4:21 am 
Offline
Newbie

Joined: Sat Apr 13, 2013 10:32 am
Posts: 24
sudo sh audit_linux.sh

Just as a side note, i would be getting very different errors if i was not running as root/sudo. These are environmental issue with CentOS 5.9 and under. CentOS seems to be a bit better, but not much.


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 23, 2013 3:06 pm 
Offline
Newbie

Joined: Wed Dec 12, 2012 9:24 am
Posts: 25
I'll fire up a CentOS 5 VM and run some tests.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 50 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group