Puppet agent 1.2.2 + snoopy = causing ruby bug
81 views
Skip to first unread message
Martin Alfke
Aug 27, 2015, 5:04:52 AM8/27/15
to puppet-dev
Hi,
we encounter a problem with puppet agent and snoopy installed and activated.
Snoopy is required for PCI DSS compliance.
apt-cache show snoopy
Package: snoopy
Version: 1.8.0-5
Installed-Size: 24
Maintainer: Zed Pobre <z...@debian.org>
Architecture: amd64
Depends: libc6 (>= 2.2.5), debconf (>= 0.5) | debconf-2.0
Description-en: execve() wrapper and logger
snoopy is merely a shared library that is used as a wrapper
to the execve() function provided by libc as to log every call
to syslog (authpriv). system administrators may find snoopy
useful in tasks such as light/heavy system monitoring, tracking other
administrator's actions as well as getting a good 'feel' of
what's going on in the system (for example apache running cgi
scripts).
Homepage: http://sourceforge.net/projects/snoopylogger/
/opt/puppetlabs/bin/puppet agent --test --server master.example.net
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master.example.net
Info: Applying configuration version '1440665887'
Notice: Welcone to master.example.net
Notice: /Stage[main]/Main/Node[default]/Notify[Wemlcone to master.example.net]/message: defined 'message' as 'Wemlcone to master.example.net'
Notice: Applied catalog in 0.02 seconds
[ASYNC BUG] consume_communication_pipe: read
EBADF
ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux]
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Aborted
The Ruby error varies. Sometimes it is rb_thread_wakeup timer_thread instead of consume_communication_pipe
How to have snoopy and Puppet coexisting?
Best,
Martin
we encounter a problem with puppet agent and snoopy installed and activated.
Snoopy is required for PCI DSS compliance.
apt-cache show snoopy
Package: snoopy
Version: 1.8.0-5
Installed-Size: 24
Maintainer: Zed Pobre <z...@debian.org>
Architecture: amd64
Depends: libc6 (>= 2.2.5), debconf (>= 0.5) | debconf-2.0
Description-en: execve() wrapper and logger
snoopy is merely a shared library that is used as a wrapper
to the execve() function provided by libc as to log every call
to syslog (authpriv). system administrators may find snoopy
useful in tasks such as light/heavy system monitoring, tracking other
administrator's actions as well as getting a good 'feel' of
what's going on in the system (for example apache running cgi
scripts).
Homepage: http://sourceforge.net/projects/snoopylogger/
/opt/puppetlabs/bin/puppet agent --test --server master.example.net
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for master.example.net
Info: Applying configuration version '1440665887'
Notice: Welcone to master.example.net
Notice: /Stage[main]/Main/Node[default]/Notify[Wemlcone to master.example.net]/message: defined 'message' as 'Wemlcone to master.example.net'
Notice: Applied catalog in 0.02 seconds
[ASYNC BUG] consume_communication_pipe: read
EBADF
ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux]
[NOTE]
You may have encountered a bug in the Ruby interpreter or extension libraries.
Bug reports are welcome.
For details: http://www.ruby-lang.org/bugreport.html
Aborted
The Ruby error varies. Sometimes it is rb_thread_wakeup timer_thread instead of consume_communication_pipe
How to have snoopy and Puppet coexisting?
Best,
Martin
Trevor Vaughan
Aug 27, 2015, 8:22:21 AM8/27/15
to puppe...@googlegroups.com
Hey Martin,
You're going to run into this with anything that collects *all* commands run on the system if you're using any sort of maintenance infrastructure.4) If you can't do any of these, you're going to have a really hard time using any system like Puppet
--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/A32579C0-8036-4637-8706-239CA74F93CF%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699
-- This account not approved for unencrypted proprietary information --
Vice President, Onyx Point, Inc
(410) 541-6699
-- This account not approved for unencrypted proprietary information --
Martin Alfke
Aug 28, 2015, 3:07:51 AM8/28/15
to puppe...@googlegroups.com
Hi Trevor,
many thanks for the feedback.
I learned today that the new snoopy version fixes this issue.
Sidenote: The problem is that the platform needs PCI DSS Level 3 certification.
auditd does not fully comply to the requirements.
Neither does any of the other mentioned tools.
Best,
Martin
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CANs%2BFoVVmwx13A0kMW%2BMnjLQsqAqxWMQn3Y2eMbgRqMnVyohnw%40mail.gmail.com.
many thanks for the feedback.
I learned today that the new snoopy version fixes this issue.
Sidenote: The problem is that the platform needs PCI DSS Level 3 certification.
auditd does not fully comply to the requirements.
Neither does any of the other mentioned tools.
Best,
Martin
Trevor Vaughan
Aug 28, 2015, 6:30:27 AM8/28/15
to puppe...@googlegroups.com
Interesting! What in, particular, is the issue? It would seem like this is something worth reporting to the auditd folks if it can't meet the requirements properly.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/4C8EED69-B8F9-4BBE-B5DE-C7A330C151F6%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Mike Hendon
Aug 28, 2015, 8:24:32 AM8/28/15
to Puppet Developers
The requirements for auditing (Section 10) haven't changed from when this was published:
http://blog.ptsecurity.com/2010/11/requirement-10-track-and-monitor-all.html
http://blog.ptsecurity.com/2010/11/requirement-10-track-and-monitor-all.html
Martin Alfke
Aug 28, 2015, 11:12:52 AM8/28/15
to puppe...@googlegroups.com
Hi,
I have asked the guys around here: within this project they decided to go for snoopy due to much easier installation (add a library to ld_preload).
They require to have all exec's logged (either from an application or a user).
I do not believe that something is wrong with auditd.
it is only this specific project which prefers snoopy over auditd.
Best,
Martin
> To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/38f64cc2-a4d2-4431-b60b-1afd18f11d3e%40googlegroups.com.
I have asked the guys around here: within this project they decided to go for snoopy due to much easier installation (add a library to ld_preload).
They require to have all exec's logged (either from an application or a user).
I do not believe that something is wrong with auditd.
it is only this specific project which prefers snoopy over auditd.
Best,
Martin
Trevor Vaughan
Aug 28, 2015, 12:15:32 PM8/28/15
to puppe...@googlegroups.com
Ah, got it!
It's just so much easier to fool than is auditd that I was surprised.To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/AFB5142A-47DB-478C-8D39-2249327A400F%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages