1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
### This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
import sos.plugintools
import commands, os, re
class kernel(sos.plugintools.PluginBase):
"""kernel related information
"""
optionList = [("modinfo", 'gathers module information on all modules', 'fast', True),
('sysrq', 'trigger sysrq+[m,p,t] dumps', 'fast', False)]
moduleFile = ""
taintList = [
{'regex':'mvfs*', 'description':'Clearcase module'},
{'regex':'vnode*', 'description':'Clearcase module'},
{'regex':'vxfs*', 'description':'Veritas file system module'},
{'regex':'vxportal*', 'description':'Veritas module'},
{'regex':'vxdmp*', 'description':'Veritas dynamic multipathing module'},
{'regex':'vxio*', 'description':'Veritas module'},
{'regex':'vxspec*', 'description':'Veritas module'},
{'regex':'dcd*', 'description':'Dell OpenManage Server Administrator module'},
{'regex':'ocfs', 'description':'Oracle cluster filesystem module'},
{'regex':'oracle*', 'description':'Oracle module'},
{'regex':'vmnet*', 'description':'VMware module'},
{'regex':'vmmon*', 'description':'VMware module'},
{'regex':'egenera*', 'description':'Egenera module'},
{'regex':'emcp*', 'description':'EMC module'},
{'regex':'ocfs*', 'description':'OCFS module'},
{'regex':'nvidia', 'description':'NVidia module'},
{'regex':'ati-', 'description':'ATI module'}
]
# HP
#
#
def setup(self):
self.collectExtOutput("/bin/uname -a", root_symlink = "uname")
self.moduleFile = self.collectOutputNow("/sbin/lsmod", root_symlink = "lsmod")
if self.getOption('modinfo'):
runcmd = ""
for kmod in commands.getoutput('/sbin/lsmod | /bin/cut -f1 -d" " 2>/dev/null | /bin/grep -v Module 2>/dev/null').split('\n'):
if '' != kmod.strip():
runcmd = runcmd + " " + kmod
if len(runcmd):
self.collectExtOutput("/sbin/modinfo " + runcmd)
self.collectExtOutput("/sbin/sysctl -a")
self.collectExtOutput("/sbin/ksyms")
self.addCopySpec("/sys/module/*/parameters")
self.addCopySpec("/proc/filesystems")
self.addCopySpec("/proc/ksyms")
self.addCopySpec("/proc/slabinfo")
self.addCopySpec("/lib/modules/%s/modules.dep" % self.cInfo["policy"].kernelVersion())
self.addCopySpec("/etc/conf.modules")
self.addCopySpec("/etc/modules.conf")
self.addCopySpec("/etc/modprobe.conf")
self.collectExtOutput("/usr/sbin/dkms status")
self.addCopySpec("/proc/cmdline")
self.addCopySpec("/proc/driver")
self.addCopySpec("/proc/sys/kernel/tainted")
if self.getOption('sysrq') and os.access("/proc/sysrq-trigger", os.W_OK):
for key in ['m', 'p', 't']:
commands.getoutput("/bin/echo %s > /proc/sysrq-trigger" % (key,))
self.addCopySpec("/var/log/messages")
return
def diagnose(self):
infd = open("/proc/modules", "r")
for modname in infd.readlines():
modname=modname.split(" ")[0]
modinfo_srcver = commands.getoutput("/sbin/modinfo -F srcversion %s" % modname)
if not os.access("/sys/module/%s/srcversion" % modname, os.R_OK):
continue
infd = open("/sys/module/%s/srcversion" % modname, "r")
sys_srcver = infd.read().strip("\n")
infd.close()
if modinfo_srcver != sys_srcver:
self.addDiagnose("Loaded module %s differs from the one present on the file-system")
# this would be a good moment to check the module's signature
# but at the moment there's no easy way to do that outside of
# the kernel. i will probably need to write a C lib (derived from
# the kernel sources to do this verification.
infd.close()
def analyze(self):
savedtaint = os.path.join(self.cInfo['dstroot'], "/proc/sys/kernel/tainted")
infd = open(savedtaint, "r")
line = infd.read()
infd.close()
line = line.strip()
if (line != "0"):
self.addAlert("Kernel taint flag is <%s>\n" % line)
infd = open(self.moduleFile, "r")
modules = infd.readlines()
infd.close()
for tainter in self.taintList:
p = re.compile(tainter['regex'])
for line in modules:
if p.match(line) != None:
# found a taint match, create an alert
moduleName = line.split()[0]
self.addAlert("Check for tainted kernel by module %s, which is %s" % (moduleName, tainter['description']))
return
|