def notFixed():
fileOpen = "boot.txt"
section = "/proc/cmdline"
content = {}
SERVER = SUSE.getHostInfo()
# print "SERVER = " + str(SERVER)
if( SERVER['DistroVersion'] == 11 ):
if( SERVER['DistroPatchLevel'] == 3 ):
FIXED_VERSION = '3.0.101-0.21'
elif( SERVER['DistroPatchLevel'] == 2 ):
FIXED_VERSION = '3.0.101-0.7.19'
else:
Core.updateStatus(Core.ERROR, "Outside Service Pack scope, skipping IRQ remap test")
return False
if( SUSE.compareKernel(FIXED_VERSION) >= 0 ):
Core.updateStatus(Core.IGNORE, "Patch applied, IRQ remap issue AVOIDED")
return False
else:
Core.updateStatus(Core.ERROR, "Outside Distribution scope, skipping IRQ remap test")
return False
if Core.getSection(fileOpen, section, content):
for line in content:
if "intremap=off" in content[line]:
Core.updateStatus(Core.IGNORE, "Found interrupt remapping issue intremap=off work around")
return False
return True
def testKernelFor(FIXED_VERSION): if( SUSE.compareKernel(FIXED_VERSION) < 0 ): if( checkMessages() ): Core.updateStatus(Core.CRIT, "Bug: Soft Lockups and scale_rt_power messages, update kernel to apply version " + str(FIXED_VERSION) + " or higher") else: Core.updateStatus(Core.WARN, "Possible Soft Lockups and scale_rt_power issue, update kernel to apply version " + str(FIXED_VERSION) + " or higher") else: Core.updateStatus(Core.IGNORE, "Kernel was patched")
def kernelAffected(): SERVER = SUSE.getHostInfo() if( SERVER['DistroVersion'] == 11 ): if( SERVER['DistroPatchLevel'] == 2 ): KERNEL_VERSION = '3.0.38-0.5' elif( SERVER['DistroPatchLevel'] == 1 ): KERNEL_VERSION = '2.6.32.59-0.7' else: KERNEL_VERSION = SERVER['KernelVersion'] INSTALLED_VERSION = SUSE.compareKernel(KERNEL_VERSION) if( INSTALLED_VERSION < 0 ): return True return False
fileOpen = "boot.txt"
section = "menu.lst"
content = {}
if Core.getSection(fileOpen, section, content):
kernParam = re.compile("kernel.*i915.i915_enable_rc6=0")
for line in content:
if kernParam.search(content[line]):
return False
return True
##############################################################################
# Main Program Execution
##############################################################################
AFFECTED_KERNEL='3.0.42-0.7'
if( SUSE.compareKernel(AFFECTED_KERNEL) > 0 and SUSE.compareKernel(SUSE.SLE12GA) < 0 ):
if( guiLoaded() ):
if( sandyBridgeFound() ):
if( notResolved() ):
Core.updateStatus(Core.CRIT, "Susceptible to random GUI lockups, kernel startup paramenter needed")
else:
Core.updateStatus(Core.IGNORE, "Kernel parameter avoids Sandy Bridge lockups")
else:
Core.updateStatus(Core.IGNORE, "Sandy Bridge not found, skipping test")
else:
Core.updateStatus(Core.IGNORE, "GUI not loaded, skipping sandy bridge test")
else:
Core.updateStatus(Core.IGNORE, "Outside the kernel scope, skipping sandy bridge test")
Core.printPatternResults()
CONTENT = [] if Core.getExactSection(FILE_OPEN, SECTION, CONTENT): for LINE in CONTENT: if "/allow_dio=0" in LINE: return True return False ############################################################################## # Main Program Execution ############################################################################## #KERNEL_VERSION = '3.0.101-0.47.71' #SLE11 SP3 #KERNEL_VERSION = '3.0.101-68' #SLE11 SP4 #KERNEL_VERSION = '3.12.51-52.31' #SLE12 SP0 KERNEL_VERSION = '3.12.51-60.20' #SLE12 SP1 INSTALLED_VERSION = SUSE.compareKernel(KERNEL_VERSION) if( INSTALLED_VERSION < 0 ): if( xfsMounts() ): if( directIOAllowed() ): Core.updateStatus(Core.WARN, "Direct IO writes to XFS may cause filesystem damage") else: Core.updateStatus(Core.IGNORE, "Direct IO required, skipping pattern") else: Core.updateStatus(Core.IGNORE, "No XFS mounts found, skipping pattern") else: Core.updateStatus(Core.IGNORE, "Bug fixes applied for " + KERNEL_VERSION) Core.printPatternResults()
VALUE = 1 break else: if( VALUE_TMP > VALUE ): VALUE = VALUE_TMP # print "VALUE = " + str(VALUE) return int(VALUE) ############################################################################## # Main Program Execution ############################################################################## CHECK_LIST = [SUSE.SLE12GA, SUSE.SLE11SP1, SUSE.SLE10SP4] NOT_FOUND = True for AFFECTED in CHECK_LIST: KERN_VER = SUSE.compareKernel(AFFECTED) if( KERN_VER >= 0 ): NOT_FOUND = False RP_FILTER = getRPfilter() if( RP_FILTER == 0 ): Core.updateStatus(Core.IGNORE, "RP_FILTER within known limits") elif( RP_FILTER == 1 ): Core.updateStatus(Core.WARN, "Potential network communication issues due to rp_filter") else: Core.updateStatus(Core.REC, "Potential network communication issues due to rp_filter") break if( NOT_FOUND ): Core.updateStatus(Core.ERROR, "Outside the kernel scope, skipping rp_filter") Core.printPatternResults()
def winBindFailures():
fileOpen = "samba.txt"
section = "wbinfo -u"
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
#if something in section
if "Error looking up domain users" in content[line]:
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
if( SUSE.compareKernel(SUSE.SLE11SP2) >= 0 and SUSE.compareKernel(SUSE.SLE11SP3) < 0 ):
if( SUSE.packageInstalled("samba") and SUSE.packageInstalled("samba-winbind") ):
if( SUSE.compareRPM("samba", "3.6.3-0.30.1") == 0 ):
if( winBindRunning() ):
Core.updateStatus(Core.WARN, "Winbind AD lookups may fail, update system for newer Samba packages")
if( winBindFailures() ):
Core.updateStatus(Core.CRIT, "Winbind AD lookup failure, update system for newer Samba packages")
else:
Core.updateStatus(Core.ERROR, "Winbind service is not running, skipping test")
else:
Core.updateStatus(Core.ERROR, "Samba version has been verified, skipping test")
else:
Core.updateStatus(Core.ERROR, "Samba/Winbind not installed, skipping test")
else:
Core.updateStatus(Core.ERROR, "Outside the kernel scope")
import sys, os, Core, SUSE ############################################################################## # Overriden (eventually or in part) from SDP::Core Module ############################################################################## META_CLASS = "SLE" META_CATEGORY = "Support" META_COMPONENT = "Life Cycle" PATTERN_ID = os.path.basename(__file__) PRIMARY_LINK = "META_LINK_Security" OVERALL = Core.TEMP OVERALL_INFO = "NOT SET" OTHER_LINKS = "META_LINK_Security=http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00007.html|META_LINK_LifeCycle=http://support.novell.com/lifecycle/" Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) ############################################################################## # Main Program Execution ############################################################################## if( SUSE.compareKernel(SUSE.SLE10SP4) >= 0 and SUSE.compareKernel(SUSE.SLE10SP5) < 0 ): Core.updateStatus(Core.WARN, "General Support has ended for SLE10 SP4") else: Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping product life cycle test") Core.printPatternResults()
def oopsFound():
fileOpen = "messages.txt"
section = "/var/log/messages"
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
if "comm: xfs_growfs" in content[line]:
if "Pid:" in content[line]:
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
FIXED_VERSION = '3.0.101-0.8'
if( SUSE.compareKernel(SUSE.SLE11SP3) >= 0 and SUSE.compareKernel(FIXED_VERSION) < 0 ):
if( xfsVolumesMounted() ):
if( oopsFound() ):
Core.updateStatus(Core.CRIT, "XFS Filesystem Oops detected using xfs_growfs, update system for patched kernel")
else:
Core.updateStatus(Core.WARN, "XFS Filesystem susceptible to Oops using xfs_growfs, update system for patched kernel")
else:
Core.updateStatus(Core.ERROR, "No xfs filesystems mounted, skipping xfs_growfs test")
else:
Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping xfs_growfs test")
Core.printPatternResults()
MAX_ERRORS = 5
err1 = re.compile("audit: name_count maxed, losing inode data")
sections = ['/var/log/messages']
for section in sections:
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
if err1.search(content[line]):
errCount += 1
if( errCount > MAX_ERRORS ):
# print "Found in " + str(section)
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
FIXED_KERNEL = '3.0.101-0.21'
if( SUSE.compareKernel(SUSE.SLE11SP2) >= 0 and SUSE.compareKernel(FIXED_KERNEL) < 0 ):
if( errorsFound() ):
Core.updateStatus(Core.WARN, "Detected cosmetic audit name count messages, resolved in updated kernel")
else:
Core.updateStatus(Core.IGNORE, "No audit errors found")
else:
Core.updateStatus(Core.ERROR, "Outside the kernel scope, skipping audit errors")
Core.printPatternResults()
if Core.getSection(fileOpen, section, content):
for line in content:
if softLock.search(content[line]):
return True
section = "/var/log/messages"
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
if softLock.search(content[line]):
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
AFFECTED_KERNEL = '3.0.34-0.7'
FIXED_KERNEL = '3.0.101-0.7.17'
if ( SUSE.compareKernel(AFFECTED_KERNEL) >= 0 and SUSE.compareKernel(FIXED_KERNEL) < 0 ):
if( swapOnSoftLock() ):
Core.updateStatus(Core.CRIT, "Kernel failure due to swapon soft lock issue, update system")
else:
Core.updateStatus(Core.IGNORE, "Kernel failure errors not found")
else:
Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping swapon soft lock")
Core.printPatternResults()
##############################################################################
# Local Function Definitions
##############################################################################
def nfs4Mounts():
fileOpen = "fs-diskio.txt"
section = "/mount"
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
if "type nfs4" in content[line]:
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
AFFECTED_KERNEL='3.0.101-0.47.50'
INSTALLED_VERSION = SUSE.compareKernel(AFFECTED_KERNEL)
if( INSTALLED_VERSION == 0 ):
if( nfs4Mounts() ):
Core.updateStatus(Core.CRIT, "System hang or crash imminent, update or backrev kernel for NFS4 mount access")
else:
Core.updateStatus(Core.WARN, "Accessing NFS4 mounts will hang or crash the system, update or backrev the kernel")
else:
Core.updateStatus(Core.ERROR, "Error: Outside kernel scope")
Core.printPatternResults()
def xlogError():
fileOpen = "boot.txt"
section = "dmesg"
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
if "xlog_space_left: head behind tail" in content[line]:
if "XFS" in content[line]:
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
LAST_VERSION = '3.0.101-0.8'
if( SUSE.compareKernel(SUSE.SLE11SP2) >= 0 and SUSE.compareKernel(LAST_VERSION) <= 0 ):
if( xfsVolumesMounted() ):
if( xlogError() ):
Core.updateStatus(Core.CRIT, "Detected XFS filesystem xlog_space_left errors, update system for patched kernel")
else:
Core.updateStatus(Core.WARN, "Susceptible to XFS filesystem xlog_space_left errors, update system for patched kernel")
else:
Core.updateStatus(Core.IGNORE, "No xfs filesystems mounted, skipping xlog_space_left test")
else:
Core.updateStatus(Core.ERROR, "Outside kernel scope, skipping xlog_space_left test")
Core.printPatternResults()
fileOpen = "filename.txt"
section = "CommandToIdentifyFileSection"
content = {}
if Core.getSection(fileOpen, section, content):
for line in content:
if "something" in content[line]:
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
BROKEN_KERNEL_VERSION = '4.4.49-92.11.1'
FIXED_KERNEL_VERSION = '4.4.59-92.17.3'
BROKEN_RESULT = SUSE.compareKernel(BROKEN_KERNEL_VERSION)
FIXED_RESULT = SUSE.compareKernel(FIXED_KERNEL_VERSION)
if BROKEN_RESULT >= 0 and FIXED_RESULT < 0:
EXT_FOUND = False
FSLIST = SUSE.getFileSystems()
for FS in FSLIST:
if( "ext" in FS['Type'].lower() ):
EXT_FOUND = True
if( EXT_FOUND ):
Core.updateStatus(Core.WARN, "Detected possible ext3/4 mount issue with the kernel, update kernel to resolve.")
else:
Core.updateStatus(Core.ERROR, "ERROR: No ext3/4 filesystems found")
else:
Core.updateStatus(Core.IGNORE, "Outside the kernel scope: EXT3/4 bug not applicable")
for line in content:
if ERR_NOTE.search(content[line]):
return True
elif ERR_NORM.search(content[line]):
return True
elif ERR_PACK.search(content[line]):
return True
return False
##############################################################################
# Main Program Execution
##############################################################################
SERVER = SUSE.getHostInfo()
if( SERVER['DistroVersion'] == 11 and SERVER['DistroPatchLevel'] == 3 ):
if( SUSE.compareKernel('3.0.101-0.40') <= 0 ):
if( notificationsFound() ):
Core.updateStatus(Core.REC, "Harmless core power notifications found in the logs, review your options")
else:
Core.updateStatus(Core.IGNORE, "Kernel affected, but no core power notifications found")
else:
if( bootFlagSet() ):
Core.updateStatus(Core.IGNORE, "Boot flag 'int_pln_disable' is set")
elif( notificationsFound() ):
Core.updateStatus(Core.REC, "Harmless core power notifications found in the logs, use int_pln_disable to ignore")
else:
Core.updateStatus(Core.IGNORE, "Kernel updated and boot flag not set, but no core power notifications found")
else:
Core.updateStatus(Core.ERROR, "Outside the distribution scope, skipping core power test")
Core.printPatternResults()
