4.99. sos

Security Fix

CVE-2012-2664

The sosreport utility collected the Kickstart configuration file ("/root/anaconda-ks.cfg"), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually only contains a hash of the password, not the plain text password.

Bug Fixes

BZ#782218

When the rhn-client-tools package was not installed and the __raisePlugins__ plug-in was enabled on the system, the sosreport utility failed to collect the dmidecode files and other hardware information. This update provides a patch to fix this bug and sosreport now works correctly in the described scenario.

BZ#782247

When the audit package was not installed and the /var/log/audit file did not exist on the system, the auditd plug-in failed with a traceback error. This bug has been fixed and auditd now properly handles the missing /var/log/audit file.

BZ#868008

When SELinux was disabled on the system, the sosreport utility did not collect the information located in the sos_commands/selinux/ directory. This update provides a patch to fix this bug, and sosreport now correctly collects all the required information in the described scenario.

BZ#906071

Previous versions of the sos psacct (BSD Process Accounting) module collected all process accounting files present on the system, which could, under certain configurations, lead to a very large number of archived files in the process accounting directory. To fix this, psacct now collects only the most recent accounting file by default. The all option has been added to the module which allows the user to request the original behavior if required. As a result, reports generated on hosts with many archived accounting files no longer include this large set of additional data.

BZ#958346

Previously, the sosreport utility did not capture modules located in the /etc/modules.*/ directory including module blacklisting. With this update, a patch has been provided to fix this bug and sosreport now captures the modules as expected.

BZ#976242

Previous versions of the sos utility did not sanitize special characters in system host names when using the name in file system paths. Consequently, inserting special characters in the system host name could cause sos to generate invalid file system paths and fail to generate a report. With this update, invalid characters are filtered out of system host names and sos now works correctly on systems having characters disallowed in file system paths present in the host name.

BZ#977187

When used on PowerPC systems, the sosreport utility took a copy of the /boot/yaboot.conf file but not a copy of the /etc/yaboot.conf file. Consequently, sosreport could miss important information present in this file. This update applies a patch to fix this bug and the report from sosreport now contains information from /etc/yaboot.conf if present.

Enhancements

BZ#840981

Previous releases of sos captured only the /proc/ioports file detailing registered I/O port regions in use. The /proc/iomem file additionally describes regions of physical system memory and their use of memory, firmware data, and device I/O traffic. As this data can be important in debugging certain hardware and device-driver problems, both ioports and iomem data have been made available within generated reports.

BZ#891325

Previously, the sar plug-in did not set a size restriction for collected data, which could cause the sosreport utility to fill up the directory for temporary files. This enhancement adds the ability to limit the maximum size of collected data for the sar plug-in.

BZ#907876

The ID mapping daemon (idmapd) controls identity mappings used by NFSv4 services and is important for diagnostic and troubleshooting efforts. This enhancement provides a new feature that allows the sosreport utility to analyze the idmapd.conf file on NFS client and server hosts.