Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

5.305. sos

An updated sos package that fixes one security issue, several bugs and adds various enhancements is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging.

Security Fix

The sosreport utility collected the Kickstart configuration file (/root/anaconda-ks.cfg), but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain the root user's password. /root/anaconda-ks.cfg usually only contains a hash of the password, not the plain text password.


This issue affected all installations, not only systems installed via Kickstart. A /root/anaconda-ks.cfg file is created by all installation types.

Bug Fixes

Prior to this update, the path to the /proc/net/ directory was specified incorrectly in SOS code. As a consequence, information necessary to debug certain bonding configurations from this directory was not available in the resulting archive. This update corrects the SOS networking module and ensures correct specification of the /proc/net/ directory. As a result, generated sosreport tarballs contain the expected set of /proc/net/ files.
Previously, the sosreport utility failed to collect log files from Red Hat Network (RHN) Proxy Server installations. The problem was caused by an outdated package specification, which did not match the current package naming conventions. Consequently, logs that are sometimes required for RHN Proxy Server problem diagnostics were not collected automatically. This update corrects the package specification to match the current package naming conventions. As a result, RHN Proxy Server logs are collected correctly.
Previously, output of the brctl command (used for Ethernet bridge configuration) was parsed incorrectly and caused sosreport to log errors. As a consequence, the sosreport command emitted a Python backtrace and certain bridge configuration information could not be collected. This update corrects the parsing of the brctl command output. As a result, no backtrace is emitted and all bridge configuration data is collected.
Previously, SOS used inconsistent input sanitization rules. These rules varied depending on whether username and case information was supplied interactively, or was read from system configuration files. Consequently, SOS failed to properly sanitize certain invalid strings when read from configuration files, and applied different sanitization rules to the same strings when input interactively. This update ensures that all name and number sanitization is carried out in a single location. As a result, name and number sanitization rules are now applied consistently, regardless of the source of the data.
Previously, debug output produced by sosreport was limited due to changes to the logging subsystem introduced in SOS version 2.0. Consequently, very limited debug log information was collected as of that version of SOS. This update enhances the log subsystem and re-enables all previously disabled log messages. As a result, verbose log messages are now produced and recorded when requested via command-line options.
Previously, sosreport did not correctly handle targets of symbolic links when copying files and directories into reports. Consequently, links in the report directory structure could have invalid targets. This update fixes the library routines dealing with file copying. The fix ensures that symbolic link targets are always copied when a requested path contains a symbolic link. As a result, sosreport handles symbolic link targets correctly and symbolic links in the report directory structure are always valid.
Previously, SOS did not collect the machine check event (MCE) log from the /var/log/mcelog file. As a consequence, important information on the state of system hardware and previous hardware errors was sometimes missing in SOS reports. This update extends the SOS hardware module so that the MCE logs are collected when present in the /var/log/mcelog file. As a result, MCE log data is available in generated SOS reports.
The IPA (Identity, Policy, Audit) identity and authentication components have been significantly updated in Red Hat Enterprise Linux 6.3. Consequently, the set of configuration and log data required to support these components has also changed. This update enhances the SOS IPA module and other related modules to collect information necessary for diagnosing problems in the new IPA versions. As a result, all information relevant for IPA diagnostics is collected from appropriately enabled systems running the updated IPA components.
Previously, SOS used a single fixed path to collect all libvirt (virtualization API) logs from one directory. On some releases, the libvirtd.log file may be located in a different directory. Consequently, the libvirtd.log file was not collected on such systems. This update modifies sosreport so that it uses a wildcard matching both possible locations of the file. As a result, the libvirtd.log file is now collected on all supported releases.


Previously, sosreport discarded program output from stderr (standard error stream). As a consequence, program warnings, diagnostics, and other messages were not included in reports generated by sosreport. This update modifies the way in which sosreport executes external programs. As a consequence, both stderr and stdout (standard output stream) messages returned by executed external programs are now included in reports generated by sosreport.
Previously, SOS did not support the GlusterFS file system. As a consequence, running sosreport on a system where gluster packages were installed did not collect any Gluster-specific information from the system. This update adds a new plug-in that is necessary to collect the requisite logs for the Gluster product. As a result, information is collected from files located in the /etc/glusterd/ and /var/log/glusterfs/ directories. Several sets of command output are also collected to record the current state of the Gluster subsystem in the resulting report.
Due to a previous update to the sos package, log files truncated for exceeding size limits are stored at a separate location in generated reports. This could be confusing for users unaware of this behavior. This update ensures that symbolic links to the truncated log files are added to the standard log file location. As a result, users and tools familiar with the standard location can now find truncated log files easily.
Previously, the sos package contained a module for collection of general kernel information. The module did not collect additional information exposed by newer systems using the real-time kernel package (kernel-rt). This update adds a new kernel_real-time module and makes additions to the cgroups data collection. These changes result in collection of more complex diagnostic data on real-time kernel systems.
Users of sos should upgrade to this updated package, which fixes these bugs and adds these enhancements.