Loop for scripts on /etc/profile
Hi everybody!
I have a notification script on /etc/profile that mail me every bash logon, as below;
echo 'ALERT - Root Shell Access on:' date who 'at' hostname | mail -s "Alert: Root Access from who | cut -d"(" -f2 | cut -d")" -f1 at hostname " myemail@mydomain.com
This works fine for a long time, but suddenly just one RHEL 6.6 machine starts to message in loop, even if I'm not logged in. In a single day, more than 2.5K messages was send. This doesn't happen with others similar machines I have. I tried to move the line to a single script in /etc/profile.d/maillogin.sh and the symptoms remains.
Any suggestions?
Responses
Guru
6435 points
Instead of doing it in the profile file, you could use something like logwatch to monitor your login logs. Should be a bit less "fraught" than the /etc/profile method ...and your users won't necessarily be able to see its existence or its contents.
Guru
6435 points
If /etc/profile were truly looping, you'd never get a prompt (since your shell-initialization is stuck in a loop). Chances are, you have several things calling /etc/profile each time you start a shell.
At any rate, if you'd like to see what your various login init scripts are doing, you could try doing something like exec bash -l -x. Make sure your terminal emulator has a decent buffer configured (or use something like PuTTY's logging to capture it all to a text file).
Guru
6435 points
Sorry. Having a hard time parsing what you're trying to convey. Are you saying that when you exec your new shell instance, it hangs?
Guru
1450 points
You could change your logging and add the data of the process: echo "TESTE on: $(date) process: $(ps -f $$)" to find out which process(es) are sourcing/using the profile.
Red Hat
Guru
7081 points
You likely should consider enabling audit of /etc/profile - although you need to be careful as the access of /etc/profile seems fairly unpredictable and may do quite a bit of logging - although, I believe you will be fine.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/chap-system_auditing.html
Guru
6435 points
That makes zero sense. As soon as you hit the [ENTER] key after typing in exec bash -l -x, it spawns off a new BASH shell (in place of your current one) - emulating login mode - and starts tracing all of the action of the new shell. You should end up with a whole slew of information streaming past. If nothing happens after you hit that first [ENTER], something is seriously off with your system.
I'd show you an example from one of our dev systems, but I don't have access to non-production systems while I'm at today's work-location.
Guru
6435 points
Actually, was able to get one of the guys at the lab to execute exe bash -l -x for me and send back the captured output (via PuTTY logging):
exec bash -x -l
+ '[' -z 9919 -a -x /usr/bin/id ']'
+ '[' 9919 = 0 ']'
+ ulimit -S -c 0
+ '[' -x /usr/bin/id ']'
++ id -un
+ USER=devuser
+ LOGNAME=devuser
+ MAIL=/var/spool/mail/devuser
++ /bin/hostname
+ HOSTNAME=devtest1.lab
+ HISTSIZE=1000
+ '[' -z /etc/inputrc -a '!' -f /home/devuser/.inputrc ']'
+ export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/colorls.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/colorls.sh
++ alias 'll=ls -l'
++ alias 'l.=ls -d .*'
++ COLORS=/etc/DIR_COLORS
++ '[' -e /etc/DIR_COLORS.xterm ']'
++ COLORS=/etc/DIR_COLORS.xterm
++ '[' -e /home/devuser/.dircolors ']'
++ '[' -e /home/devuser/.dir_colors ']'
++ '[' -e /home/devuser/.dircolors.xterm ']'
++ '[' -e /home/devuser/.dir_colors.xterm ']'
++ '[' -e /etc/DIR_COLORS.xterm ']'
+++ dircolors --sh /etc/DIR_COLORS.xterm
++ eval 'LS_COLORS='\''no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:'\'';
export LS_COLORS'
+++ LS_COLORS='no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:'
+++ export LS_COLORS
++ '[' -z 'no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:' ']'
++ egrep -qi '^COLOR.*none' /etc/DIR_COLORS.xterm
++ alias 'll=ls -l --color=tty'
++ alias 'l.=ls -d .* --color=tty'
++ alias 'ls=ls --color=tty'
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/glib2.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/glib2.sh
++ export G_BROKEN_FILENAMES=1
++ G_BROKEN_FILENAMES=1
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/gnome-ssh-askpass.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/gnome-ssh-askpass.sh
++ SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
++ export SSH_ASKPASS
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/krb5-devel.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/krb5-devel.sh
++ echo /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/devuser/bin
++ /bin/grep -q /usr/kerberos/bin
++ echo /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/devuser/bin
++ /bin/grep -q /usr/kerberos/sbin
+++ /usr/bin/id -u
++ '[' 9919 = 0 ']'
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/krb5-workstation.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/krb5-workstation.sh
++ echo /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/devuser/bin
++ /bin/grep -q /usr/kerberos/bin
++ echo /usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/devuser/bin
++ /bin/grep -q /usr/kerberos/sbin
+++ /usr/bin/id -u
++ '[' 9919 = 0 ']'
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/lang.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/lang.sh
++ sourced=0
++ '[' -z '' -a -n en_US.UTF-8 ']'
++ sourced=1
++ '[' -n '' ']'
++ '[' 1 = 1 ']'
++ '[' -n en_US.UTF-8 ']'
++ export LANG
++ '[' -n '' ']'
++ unset LC_ADDRESS
++ '[' -n '' ']'
++ unset LC_CTYPE
++ '[' -n '' ']'
++ unset LC_COLLATE
++ '[' -n '' ']'
++ unset LC_IDENTIFICATION
++ '[' -n '' ']'
++ unset LC_MEASUREMENT
++ '[' -n '' ']'
++ unset LC_MESSAGES
++ '[' -n '' ']'
++ unset LC_MONETARY
++ '[' -n '' ']'
++ unset LC_NAME
++ '[' -n '' ']'
++ unset LC_NUMERIC
++ '[' -n '' ']'
++ unset LC_PAPER
++ '[' -n '' ']'
++ unset LC_TELEPHONE
++ '[' -n '' ']'
++ unset LC_TIME
++ '[' -n '' ']'
++ unset LC_ALL
++ '[' -n '' ']'
++ unset LANGUAGE
++ '[' -n '' ']'
++ unset LINGUAS
++ '[' -n '' ']'
++ unset _XKB_CHARSET
++ consoletype=
++ '[' -z '' ']'
+++ /sbin/consoletype stdout
++ consoletype=pty
++ '[' -n '' ']'
++ '[' -n '' ']'
++ '[' -n en_US.UTF-8 ']'
++ case $LANG in
++ '[' xterm = linux ']'
++ unset SYSFONTACM SYSFONT
++ unset sourced
++ unset langfile
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/less.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/less.sh
++ '[' -x /usr/bin/lesspipe.sh ']'
++ export 'LESSOPEN=|/usr/bin/lesspipe.sh %s'
++ LESSOPEN='|/usr/bin/lesspipe.sh %s'
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/vim.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/vim.sh
++ '[' -n '3.2.25(1)-release' -o -n '' -o -n '' ']'
++ '[' -x /usr/bin/id ']'
+++ /usr/bin/id -u
++ tmpid=9919
++ '[' 9919 = '' ']'
++ '[' 9919 -le 100 ']'
++ alias vi
++ alias vi=vim
+ for i in '/etc/profile.d/*.sh'
+ '[' -r /etc/profile.d/which-2.sh ']'
+ '[' '\s-\v\$ ' ']'
+ . /etc/profile.d/which-2.sh
++ alias 'which=alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde'
+ for i in '/etc/profile.d/*.sh'
Welcome to devtest1.lab!
+ unset i
+ unset pathmunge
+ TMOUT=900
+ export TMOUT
+ umask 0022
+ GNUPGHOME=/home/devuser/.gnupg
+ export GNUPGHOME
+ '[' -f /home/devuser/.bashrc ']'
+ . /home/devuser/.bashrc
++ '[' -f /etc/bashrc ']'
++ . /etc/bashrc
+++ '[' 9919 -gt 99 ']'
++++ id -gn
++++ id -un
+++ '[' devuser = devuser ']'
+++ umask 077
+++ '[' '\s-\v\$ ' ']'
+++ case $TERM in
+++ '[' -e /etc/sysconfig/bash-prompt-xterm ']'
+++ PROMPT_COMMAND=/etc/sysconfig/bash-prompt-xterm
+++ shopt -s checkwinsize
+++ '[' '\s-\v\$ ' = '\s-\v\$ ' ']'
+++ PS1='[\u@\h \W]\$ '
+++ shopt -q login_shell
+++ GNUPGHOME=/home/devuser/.gnupg
+++ export GNUPGHOME
+ PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/devuser/bin:/home/devuser/bin
+ export PATH
++ /etc/sysconfig/bash-prompt-xterm
[devuser@devtest1 ~]$ logout
Your output should be different, but it definitely should not be "nothing".
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.