secureログのsgi_famのログを停止する
secureログのsgi_famのログを停止する
0.改訂履歴
1.はじめに
このドキュメントでは,secureログにsgi_famのエラーが記録される問題に対応する手順を説明する.
sgi_famとは,その名の通りsgi(Silicon Graphics)が,独自OSのIRIXに搭載していたファイルシステム上の変更監視を行うRPCデーモンである. そのデーモンがxinetdの特定のバージョンとの組み合わせによってxinetd[1248]: START: sgi_fam pid=32559 from=<no address>といった感じのエラーメッセージをはき出す事があるので,それをlibwrapを使わないようにすることで対応する.
なお,使用しているOSは,RedHat Linux ES上で稼働している.
2.現象の確認
- LogWatchサービスのメールレポートで,以下のようなログが記録されている.
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
xinetd[1248]: START: sgi_fam pid=32559 from=<no address>
xinetd[1248]: START: sgi_fam pid=871 from=<no address>
xinetd[1248]: START: sgi_fam pid=881 from=<no address>
xinetd[1248]: START: sgi_fam pid=899 from=<no address>
|
- このエラーが記録されているsecureログファイルを確認する.
[root@apollo root]# grep sgi_fam /var/log/secure | wc -l
298
[root@apollo root]# grep sgi_fam /var/log/secure | tail -n 10
Apr 19 12:19:30 apollo xinetd[4059]: START: sgi_fam pid=4134 from=<no address>
Apr 19 12:24:31 apollo xinetd[4059]: START: sgi_fam pid=4142 from=<no address>
Apr 19 12:29:30 apollo xinetd[4059]: START: sgi_fam pid=4147 from=<no address>
Apr 19 12:34:30 apollo xinetd[4059]: START: sgi_fam pid=4155 from=<no address>
Apr 19 12:39:30 apollo xinetd[4059]: START: sgi_fam pid=4160 from=<no address>
Apr 19 12:44:30 apollo xinetd[4059]: START: sgi_fam pid=4168 from=<no address>
Apr 19 12:49:30 apollo xinetd[4059]: START: sgi_fam pid=4173 from=<no address>
Apr 19 12:54:30 apollo xinetd[4059]: START: sgi_fam pid=4181 from=<no address>
Apr 19 12:54:47 apollo xinetd[4059]: START: sgi_fam pid=4186 from=<no address>
Apr 19 12:56:52 apollo xinetd[4059]: START: sgi_fam pid=4195 from=<no address>
[root@apollo root]#
|
- このエラーがでるのは,xinetdのバージョンが2.3.12の場合で,2.3.13にバージョンアップすると解消するらしい.
- 現在のバージョンを調べる.
[root@apollo root]# rpm -qa | grep xinetd
xinetd-2.3.12-6.3E.2
[root@apollo root]#
|
3.対応
- xinetdのサブプロセスとなるsgi_famの設定ファイルを変更する.
- まずはファイルを確認する.
[root@apollo root]# file /etc/xinetd.d/sgi_fam
/etc/xinetd.d/sgi_fam: ASCII text
[root@apollo root]#
|
- sgi_famの定義ファイルを,次のように修正する.
| 変更前 |
[root@apollo root]# cat /etc/xinetd.d/sgi_fam
# default: on
# description: FAM is a file monitoring daemon. It can ¥
# be used to get reports when files change.
service sgi_fam
{
type = RPC UNLISTED
socket_type = stream
user = root
group = nobody
server = /usr/bin/fam
wait = yes
protocol = tcp
rpc_version = 2
rpc_number = 391002
bind = 127.0.0.1
}
[root@apollo root]#
|
| 変更後 |
[root@apollo root]# cat /etc/xinetd.d/sgi_fam
# default: on
# description: FAM is a file monitoring daemon. It can ¥
# be used to get reports when files change.
service sgi_fam
{
type = RPC UNLISTED
socket_type = stream
user = root
group = nobody
server = /usr/bin/fam
wait = yes
protocol = tcp
rpc_version = 2
rpc_number = 391002
bind = 127.0.0.1
flags = NOLIBWRAP
}
[root@apollo root]#
|
- これは,sgi_famの通信制御にlibwrapライブラリを使わないという定義となる.
- 修正したら,xinetdを再起動する.
[root@apollo root]# /etc/rc.d/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
[root@apollo root]#
|
4.その他
- sgi_famはxinetdのサブプロセスであるが,それを確認する.
- まずは,デーモンの初期動作状態について確認する.
[root@apollo root]# /sbin/chkconfig --list
microcode_ctl 0:off 1:off 2:off 3:off 4:off 5:off 6:off
gpm 0:off 1:off 2:off 3:off 4:off 5:off 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:off 4:off 5:off 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
diskdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
atd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
audit 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
apmd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
isdn 0:off 1:off 2:off 3:off 4:off 5:off 6:off
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
iscsi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pcmcia 0:off 1:off 2:off 3:off 4:off 5:off 6:off
irqbalance 0:off 1:off 2:off 3:off 4:off 5:off 6:off
bootparamd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netdump 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
nfslock 0:off 1:off 2:off 3:off 4:off 5:off 6:off
nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off
courier-authlib 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mdmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mysql 0:off 1:off 2:on 3:on 4:on 5:on 6:off
snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
hpoj 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
vncserver 0:off 1:off 2:off 3:off 4:off 5:off 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
lisa 0:off 1:off 2:off 3:off 4:off 5:off 6:off
anacron 0:off 1:off 2:off 3:off 4:off 5:off 6:off
amd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcrelay 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dc_client 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dc_server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
aep1000 0:off 1:off 2:off 3:off 4:off 5:off 6:off
bcm5820 0:off 1:off 2:off 3:off 4:off 5:off 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netdump-server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
mailman 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rwhod 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rstatd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rusersd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rhdb 0:off 1:off 2:off 3:off 4:off 5:off 6:off
canna 0:off 1:off 2:off 3:off 4:off 5:off 6:off
FreeWnn 0:off 1:off 2:off 3:off 4:off 5:off 6:off
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
pxe 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rarpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
kadmin 0:off 1:off 2:off 3:off 4:off 5:off 6:off
kprop 0:off 1:off 2:off 3:off 4:off 5:off 6:off
krb524 0:off 1:off 2:off 3:off 4:off 5:off 6:off
krb5kdc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ldap 0:off 1:off 2:off 3:off 4:off 5:off 6:off
yppasswdd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
bgpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ospf6d 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ospfd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ripd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ripngd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
zebra 0:off 1:off 2:off 3:off 4:off 5:off 6:off
radvd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
arptables_jf 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ypserv 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ypxfrd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
radiusd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
innd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
tux 0:off 1:off 2:off 3:off 4:off 5:off 6:off
xinetd based services:
krb5-telnet: off
rsync: off
eklogin: off
gssftp: off
klogin: off
chargen-udp: off
kshell: off
auth: on
chargen: off
daytime-udp: off
daytime: off
echo-udp: off
echo: off
services: off
time: off
time-udp: off
cups-lpd: off
sgi_fam: on
ktalk: off
amanda: off
imap: off
imaps: off
ipop2: off
ipop3: off
pop3s: off
rexec: off
rlogin: off
rsh: off
telnet: off
dbskkd-cdb: off
swat: off
amandaidx: off
amidxtape: off
tftp: off
finger: off
[root@apollo root]#
|
- xinetdのサブプロセスとして起動する設定になっていることが確認できる.
