def notFixed(): fileOpen = "boot.txt" section = "/proc/cmdline" content = {} SERVER = SUSE.getHostInfo() # print "SERVER = " + str(SERVER) if( SERVER['DistroVersion'] == 11 ): if( SERVER['DistroPatchLevel'] == 3 ): FIXED_VERSION = '3.0.101-0.21' elif( SERVER['DistroPatchLevel'] == 2 ): FIXED_VERSION = '3.0.101-0.7.19' else: Core.updateStatus(Core.ERROR, "Outside Service Pack scope, skipping IRQ remap test") return False if( SUSE.compareKernel(FIXED_VERSION) >= 0 ): Core.updateStatus(Core.IGNORE, "Patch applied, IRQ remap issue AVOIDED") return False else: Core.updateStatus(Core.ERROR, "Outside Distribution scope, skipping IRQ remap test") return False if Core.getSection(fileOpen, section, content): for line in content: if "intremap=off" in content[line]: Core.updateStatus(Core.IGNORE, "Found interrupt remapping issue intremap=off work around") return False return True
def testKernelFor(FIXED_VERSION): if( SUSE.compareKernel(FIXED_VERSION) < 0 ): if( checkMessages() ): Core.updateStatus(Core.CRIT, "Bug: Soft Lockups and scale_rt_power messages, update kernel to apply version " + str(FIXED_VERSION) + " or higher") else: Core.updateStatus(Core.WARN, "Possible Soft Lockups and scale_rt_power issue, update kernel to apply version " + str(FIXED_VERSION) + " or higher") else: Core.updateStatus(Core.IGNORE, "Kernel was patched")
def kernelAffected(): SERVER = SUSE.getHostInfo() if( SERVER['DistroVersion'] == 11 ): if( SERVER['DistroPatchLevel'] == 2 ): KERNEL_VERSION = '3.0.38-0.5' elif( SERVER['DistroPatchLevel'] == 1 ): KERNEL_VERSION = '2.6.32.59-0.7' else: KERNEL_VERSION = SERVER['KernelVersion'] INSTALLED_VERSION = SUSE.compareKernel(KERNEL_VERSION) if( INSTALLED_VERSION < 0 ): return True return False
fileOpen = "boot.txt" section = "menu.lst" content = {} if Core.getSection(fileOpen, section, content): kernParam = re.compile("kernel.*i915.i915_enable_rc6=0") for line in content: if kernParam.search(content[line]): return False return True ############################################################################## # Main Program Execution ############################################################################## AFFECTED_KERNEL='3.0.42-0.7' if( SUSE.compareKernel(AFFECTED_KERNEL) > 0 and SUSE.compareKernel(SUSE.SLE12GA) < 0 ): if( guiLoaded() ): if( sandyBridgeFound() ): if( notResolved() ): Core.updateStatus(Core.CRIT, "Susceptible to random GUI lockups, kernel startup paramenter needed") else: Core.updateStatus(Core.IGNORE, "Kernel parameter avoids Sandy Bridge lockups") else: Core.updateStatus(Core.IGNORE, "Sandy Bridge not found, skipping test") else: Core.updateStatus(Core.IGNORE, "GUI not loaded, skipping sandy bridge test") else: Core.updateStatus(Core.IGNORE, "Outside the kernel scope, skipping sandy bridge test") Core.printPatternResults()
CONTENT = [] if Core.getExactSection(FILE_OPEN, SECTION, CONTENT): for LINE in CONTENT: if "/allow_dio=0" in LINE: return True return False ############################################################################## # Main Program Execution ############################################################################## #KERNEL_VERSION = '3.0.101-0.47.71' #SLE11 SP3 #KERNEL_VERSION = '3.0.101-68' #SLE11 SP4 #KERNEL_VERSION = '3.12.51-52.31' #SLE12 SP0 KERNEL_VERSION = '3.12.51-60.20' #SLE12 SP1 INSTALLED_VERSION = SUSE.compareKernel(KERNEL_VERSION) if( INSTALLED_VERSION < 0 ): if( xfsMounts() ): if( directIOAllowed() ): Core.updateStatus(Core.WARN, "Direct IO writes to XFS may cause filesystem damage") else: Core.updateStatus(Core.IGNORE, "Direct IO required, skipping pattern") else: Core.updateStatus(Core.IGNORE, "No XFS mounts found, skipping pattern") else: Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + KERNEL_VERSION) Core.printPatternResults()
VALUE = 1 break else: if( VALUE_TMP > VALUE ): VALUE = VALUE_TMP # print "VALUE = " + str(VALUE) return int(VALUE) ############################################################################## # Main Program Execution ############################################################################## CHECK_LIST = [SUSE.SLE12GA, SUSE.SLE11SP1, SUSE.SLE10SP4] NOT_FOUND = True for AFFECTED in CHECK_LIST: KERN_VER = SUSE.compareKernel(AFFECTED) if( KERN_VER >= 0 ): NOT_FOUND = False RP_FILTER = getRPfilter() if( RP_FILTER == 0 ): Core.updateStatus(Core.IGNORE, "RP_FILTER within known limits") elif( RP_FILTER == 1 ): Core.updateStatus(Core.WARN, "Potential network communication issues due to rp_filter") else: Core.updateStatus(Core.REC, "Potential network communication issues due to rp_filter") break if( NOT_FOUND ): Core.updateStatus(Core.ERROR, "Outside the kernel scope, skipping rp_filter") Core.printPatternResults()
def winBindFailures(): fileOpen = "samba.txt" section = "wbinfo -u" content = {} if Core.getSection(fileOpen, section, content): for line in content: #if something in section if "Error looking up domain users" in content[line]: return True return False ############################################################################## # Main Program Execution ############################################################################## if( SUSE.compareKernel(SUSE.SLE11SP2) >= 0 and SUSE.compareKernel(SUSE.SLE11SP3) < 0 ): if( SUSE.packageInstalled("samba") and SUSE.packageInstalled("samba-winbind") ): if( SUSE.compareRPM("samba", "3.6.3-0.30.1") == 0 ): if( winBindRunning() ): Core.updateStatus(Core.WARN, "Winbind AD lookups may fail, update system for newer Samba packages") if( winBindFailures() ): Core.updateStatus(Core.CRIT, "Winbind AD lookup failure, update system for newer Samba packages") else: Core.updateStatus(Core.ERROR, "Winbind service is not running, skipping test") else: Core.updateStatus(Core.ERROR, "Samba version has been verified, skipping test") else: Core.updateStatus(Core.ERROR, "Samba/Winbind not installed, skipping test") else: Core.updateStatus(Core.ERROR, "Outside the kernel scope")
import sys, os, Core, SUSE ############################################################################## # Overriden (eventually or in part) from SDP::Core Module ############################################################################## META_CLASS = "SLE" META_CATEGORY = "Support" META_COMPONENT = "Life Cycle" PATTERN_ID = os.path.basename(__file__) PRIMARY_LINK = "META_LINK_Security" OVERALL = Core.TEMP OVERALL_INFO = "NOT SET" OTHER_LINKS = "META_LINK_Security=http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00007.html|META_LINK_LifeCycle=http://support.novell.com/lifecycle/" Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) ############################################################################## # Main Program Execution ############################################################################## if( SUSE.compareKernel(SUSE.SLE10SP4) >= 0 and SUSE.compareKernel(SUSE.SLE10SP5) < 0 ): Core.updateStatus(Core.WARN, "General Support has ended for SLE10 SP4") else: Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping product life cycle test") Core.printPatternResults()
def oopsFound(): fileOpen = "messages.txt" section = "/var/log/messages" content = {} if Core.getSection(fileOpen, section, content): for line in content: if "comm: xfs_growfs" in content[line]: if "Pid:" in content[line]: return True return False ############################################################################## # Main Program Execution ############################################################################## FIXED_VERSION = '3.0.101-0.8' if( SUSE.compareKernel(SUSE.SLE11SP3) >= 0 and SUSE.compareKernel(FIXED_VERSION) < 0 ): if( xfsVolumesMounted() ): if( oopsFound() ): Core.updateStatus(Core.CRIT, "XFS Filesystem Oops detected using xfs_growfs, update system for patched kernel") else: Core.updateStatus(Core.WARN, "XFS Filesystem susceptible to Oops using xfs_growfs, update system for patched kernel") else: Core.updateStatus(Core.ERROR, "No xfs filesystems mounted, skipping xfs_growfs test") else: Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping xfs_growfs test") Core.printPatternResults()
MAX_ERRORS = 5 err1 = re.compile("audit: name_count maxed, losing inode data") sections = ['/var/log/messages'] for section in sections: content = {} if Core.getSection(fileOpen, section, content): for line in content: if err1.search(content[line]): errCount += 1 if( errCount > MAX_ERRORS ): # print "Found in " + str(section) return True return False ############################################################################## # Main Program Execution ############################################################################## FIXED_KERNEL = '3.0.101-0.21' if( SUSE.compareKernel(SUSE.SLE11SP2) >= 0 and SUSE.compareKernel(FIXED_KERNEL) < 0 ): if( errorsFound() ): Core.updateStatus(Core.WARN, "Detected cosmetic audit name count messages, resolved in updated kernel") else: Core.updateStatus(Core.IGNORE, "No audit errors found") else: Core.updateStatus(Core.ERROR, "Outside the kernel scope, skipping audit errors") Core.printPatternResults()
if Core.getSection(fileOpen, section, content): for line in content: if softLock.search(content[line]): return True section = "/var/log/messages" content = {} if Core.getSection(fileOpen, section, content): for line in content: if softLock.search(content[line]): return True return False ############################################################################## # Main Program Execution ############################################################################## AFFECTED_KERNEL = '3.0.34-0.7' FIXED_KERNEL = '3.0.101-0.7.17' if ( SUSE.compareKernel(AFFECTED_KERNEL) >= 0 and SUSE.compareKernel(FIXED_KERNEL) < 0 ): if( swapOnSoftLock() ): Core.updateStatus(Core.CRIT, "Kernel failure due to swapon soft lock issue, update system") else: Core.updateStatus(Core.IGNORE, "Kernel failure errors not found") else: Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping swapon soft lock") Core.printPatternResults()
############################################################################## # Local Function Definitions ############################################################################## def nfs4Mounts(): fileOpen = "fs-diskio.txt" section = "/mount" content = {} if Core.getSection(fileOpen, section, content): for line in content: if "type nfs4" in content[line]: return True return False ############################################################################## # Main Program Execution ############################################################################## AFFECTED_KERNEL='3.0.101-0.47.50' INSTALLED_VERSION = SUSE.compareKernel(AFFECTED_KERNEL) if( INSTALLED_VERSION == 0 ): if( nfs4Mounts() ): Core.updateStatus(Core.CRIT, "System hang or crash imminent, update or backrev kernel for NFS4 mount access") else: Core.updateStatus(Core.WARN, "Accessing NFS4 mounts will hang or crash the system, update or backrev the kernel") else: Core.updateStatus(Core.ERROR, "Error: Outside kernel scope") Core.printPatternResults()
def xlogError(): fileOpen = "boot.txt" section = "dmesg" content = {} if Core.getSection(fileOpen, section, content): for line in content: if "xlog_space_left: head behind tail" in content[line]: if "XFS" in content[line]: return True return False ############################################################################## # Main Program Execution ############################################################################## LAST_VERSION = '3.0.101-0.8' if( SUSE.compareKernel(SUSE.SLE11SP2) >= 0 and SUSE.compareKernel(LAST_VERSION) <= 0 ): if( xfsVolumesMounted() ): if( xlogError() ): Core.updateStatus(Core.CRIT, "Detected XFS filesystem xlog_space_left errors, update system for patched kernel") else: Core.updateStatus(Core.WARN, "Susceptible to XFS filesystem xlog_space_left errors, update system for patched kernel") else: Core.updateStatus(Core.IGNORE, "No xfs filesystems mounted, skipping xlog_space_left test") else: Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping xlog_space_left test") Core.printPatternResults()
fileOpen = "filename.txt" section = "CommandToIdentifyFileSection" content = {} if Core.getSection(fileOpen, section, content): for line in content: if "something" in content[line]: return True return False ############################################################################## # Main Program Execution ############################################################################## BROKEN_KERNEL_VERSION = '4.4.49-92.11.1' FIXED_KERNEL_VERSION = '4.4.59-92.17.3' BROKEN_RESULT = SUSE.compareKernel(BROKEN_KERNEL_VERSION) FIXED_RESULT = SUSE.compareKernel(FIXED_KERNEL_VERSION) if BROKEN_RESULT >= 0 and FIXED_RESULT < 0: EXT_FOUND = False FSLIST = SUSE.getFileSystems() for FS in FSLIST: if( "ext" in FS['Type'].lower() ): EXT_FOUND = True if( EXT_FOUND ): Core.updateStatus(Core.WARN, "Detected possible ext3/4 mount issue with the kernel, update kernel to resolve.") else: Core.updateStatus(Core.ERROR, "ERROR: No ext3/4 filesystems found") else: Core.updateStatus(Core.IGNORE, "Outside the kernel scope: EXT3/4 bug not applicable")
for line in content: if ERR_NOTE.search(content[line]): return True elif ERR_NORM.search(content[line]): return True elif ERR_PACK.search(content[line]): return True return False ############################################################################## # Main Program Execution ############################################################################## SERVER = SUSE.getHostInfo() if( SERVER['DistroVersion'] == 11 and SERVER['DistroPatchLevel'] == 3 ): if( SUSE.compareKernel('3.0.101-0.40') <= 0 ): if( notificationsFound() ): Core.updateStatus(Core.REC, "Harmless core power notifications found in the logs, review your options") else: Core.updateStatus(Core.IGNORE, "Kernel affected, but no core power notifications found") else: if( bootFlagSet() ): Core.updateStatus(Core.IGNORE, "Boot flag 'int_pln_disable' is set") elif( notificationsFound() ): Core.updateStatus(Core.REC, "Harmless core power notifications found in the logs, use int_pln_disable to ignore") else: Core.updateStatus(Core.IGNORE, "Kernel updated and boot flag not set, but no core power notifications found") else: Core.updateStatus(Core.ERROR, "Outside the distribution scope, skipping core power test") Core.printPatternResults()