[SOLVED] - Errors in perl scripts

Post support questions that directly relate to Linux/Unix operating systems.

Moderators: Developers, Moderators

SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

[SOLVED] - Errors in perl scripts

Post by SpeedyGonzales »

Hello all

I have these errors repeating now for any unix scripts

Insecure $ENV{PATH} while running setgid at /usr/share/cacti/site/scripts/loadavg_multi.pl line 4.
Insecure $ENV{PATH} while running setgid at /usr/share/cacti/site/scripts/ping.pl line 9.
Insecure $ENV{PATH} while running setgid at /usr/share/cacti/site/scripts/unix_processes.pl line 3.
Insecure $ENV{PATH} while running setgid at /usr/share/cacti/site/scripts/query_unix_partitions.pl line 12.

I have updated and upgraded when this started which fixed a number of problems
As the main graphs are populating and it only being the unix based graphs not populating I do not want to roll back

Linux Mint 18.3
Apache2 2.4.25-3 deb9u4
Mysql v14.4 Distrib 5.7.21 x86_64
PHP 7.0.28
Cacti 0.8.8h+dsl-10

This install has been running for a couple of years

loadavg_multi.pl

#!/usr/bin/perl

#get load avg for 1;5;10 min
open(PROCESS, "env LC_ALL=C uptime | ");
#open(PROCESS, "env LC_ALL=C uptime");

$avg = <PROCESS>;
close(PROCESS);

# 9:36pm up 15 days, 11:37, 2 users, load average: 0.14, 0.13, 0.10

$avg =~ s/^.*:\s(\d+\.\d{2}),?\s(\d+\.\d{2}),?\s(\d+\.\d{2})$//;

print "1min:$1 5min:$2 10min:$3";



ping.pl

#!/usr/bin/perl

# take care for tcp:hostname or TCP:ip@
$host = $ARGV[0];
$host =~ s/tcp:/$1/gis;

# old linux version use "icmp_seq"
# newer use "icmp_req" instead
open(PROCESS, "ping -c 1 $host | grep 'icmp_[s|r]eq' | grep time |");
#open(PROCESS, "ping -c 1 $host | grep icmp_req | grep time ");

$ping = <PROCESS>;
close(PROCESS);
$ping =~ m/(.*time=)(.*) (ms|usec)/;

if ($2 == "") {
print "U"; # avoid cacti errors, but do not fake rrdtool stats
}elsif ($3 eq "usec") {
print $2/1000; # re-calculate in units of "ms"
}else{
print $2;
}



unix_processes.pl

#!/usr/bin/perl

open(PROCESS, "ps ax | grep -c : |");
$output = <PROCESS>;
close(PROCESS);
chomp($output);
print $output;



query_unix_partitions.pl

#!/usr/bin/perl

if (($ARGV[0] ne "query") && ($ARGV[0] ne "get") && ($ARGV[0] ne "index") && ($ARGV[0] ne "num_indexes")) {
print "usage:\n\n";
print "./query_unix_partitions.pl index\n";
print "./query_unix_partitions.pl num_indexes\n";
print "./query_unix_partitions.pl query {device,mount,total,used,available,percent}\n";
print "./query_unix_partitions.pl get {device,mount,total,used,available,percent} DEVICE\n";
exit;
}

open(DF, "/bin/df -P -k|");
#open(DF, "/bin/df -P -k");
#/dev/hda2 20157744 18553884 579860 97% /var
if (/^(\/\S+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)%\s+(\/\S*)$/) {
my %output = (
device => $1,
mount => $6,
total => $2,
used => $3,
available => $4,
percent => $5
);

if ($ARGV[0] eq "index") {
print "$1\n";
}elsif ($ARGV[0] eq "num_indexes") {
$count++;
}elsif (($ARGV[0] eq "get") && ($ARGV[2] eq $1)) {
print $output{$ARGV[1]};
}elsif ($ARGV[0] eq "query") {
print "$output{device}:$output{$ARGV[1]}\n";
}
}
}

close(DF);

if ($ARGV[0] eq "num_indexes") {
print "$count\n";
}


Can anyone help

SG
Last edited by SpeedyGonzales on Thu May 03, 2018 4:42 am, edited 1 time in total.
User avatar
phalek
Developer
Posts: 2838
Joined: Thu Jan 31, 2008 6:39 am
Location: Kressbronn, Germany
Contact:

Re: Errors in perl scripts

Post by phalek »

Check the "SetGUID" part from here:

https://www.urban-software.com/cacti-ho ... ne-poller/

There's also some new perl scripts which you can download. As usual, whatever you do, make a backup first.
Greetings,
Phalek
---
Need more help ? Read the Cacti documentation or my new Cacti 1.x Book
Need on-site support ? Look here Cacti Workshop
Need professional Cacti support ? Look here CereusService
---
Plugins : CereusReporting
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

Thanks phalek

instructions followed and new files uploaded

worked like a charm

all unix graphs now working

:D :D :D
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

Hi again

does this affect ICMP ping in any way?

I now have 2 devices that were working fine but now it shows the devices as down although in the device settings it is getting a timed response from the ICMP ping
User avatar
phalek
Developer
Posts: 2838
Joined: Thu Jan 31, 2008 6:39 am
Location: Kressbronn, Germany
Contact:

Re: Errors in perl scripts

Post by phalek »

Can you post the code for the ping script ( place it in between code tags ) ?
Greetings,
Phalek
---
Need more help ? Read the Cacti documentation or my new Cacti 1.x Book
Need on-site support ? Look here Cacti Workshop
Need professional Cacti support ? Look here CereusService
---
Plugins : CereusReporting
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

It's the script I have just uploaded to fix the other unix graphs

#!/usr/bin/perl

# take care for tcp:hostname or TCP:ip@
$host = $ARGV[0];
$host =~ s/tcp:/$1/gis;

# old linux version use "icmp_seq"
# newer use "icmp_req" instead
open(PROCESS, "ping -c 1 $host | grep 'icmp_[s|r]eq' | grep time |");
#open(PROCESS, "ping -c 1 $host | grep icmp_req | grep time ");

$ping = <PROCESS>;
close(PROCESS);
$ping =~ m/(.*time=)(.*) (ms|usec)/;

if ($2 == "") {
print "U"; # avoid cacti errors, but do not fake rrdtool stats
}elsif ($3 eq "usec") {
print $2/1000; # re-calculate in units of "ms"
}else{
print $2;
}
User avatar
phalek
Developer
Posts: 2838
Joined: Thu Jan 31, 2008 6:39 am
Location: Kressbronn, Germany
Contact:

Re: Errors in perl scripts

Post by phalek »

Can you check if these commands return anything ( and post it here) :

Code: Select all

 ping -c 1 127.0.0.1 | grep 'icmp_[s|r]eq' | grep time
and from within the scripts directory:

Code: Select all

perl ping.pl 127.0.0.1
Greetings,
Phalek
---
Need more help ? Read the Cacti documentation or my new Cacti 1.x Book
Need on-site support ? Look here Cacti Workshop
Need professional Cacti support ? Look here CereusService
---
Plugins : CereusReporting
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.026 ms

and

0.0.28
User avatar
phalek
Developer
Posts: 2838
Joined: Thu Jan 31, 2008 6:39 am
Location: Kressbronn, Germany
Contact:

Re: Errors in perl scripts

Post by phalek »

Are you sure it is 0.0.28 instead of 0.028 ?
Greetings,
Phalek
---
Need more help ? Read the Cacti documentation or my new Cacti 1.x Book
Need on-site support ? Look here Cacti Workshop
Need professional Cacti support ? Look here CereusService
---
Plugins : CereusReporting
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

sorry, yes

0.028
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Errors in perl scripts

Post by netniV »

ICMP pings require that you have root privileges to create socket-level packets I believe. This is why spine is normally set using SetUID as root and then downgrades itself.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

it is

-rwxr-xr-x 1 root root 548 Apr 20 13:21 ping.pl
netniV
Cacti Guru User
Posts: 3441
Joined: Sun Aug 27, 2017 12:05 am

Re: Errors in perl scripts

Post by netniV »

No, that looks like the root is owner, but I don't see the setuid bit.

Code: Select all

-rwsr-sr-x 1 root root 423864 Dec  7 14:38 /usr/local/spine/bin/spine
See the difference? Yours are executable, but unless the user is root when running the script, they won't have root privileges.
Cacti Developer & Release Manager
The Cacti Group

Director
BV IT Solutions Ltd

+--------------------------------------------------------------------------+

Cacti Resources:
Cacti Website (including releases)
Cacti Issues
Cacti Development Releases
Cacti Development Documentation
SpeedyGonzales
Posts: 34
Joined: Fri Sep 16, 2016 7:51 am

Re: Errors in perl scripts

Post by SpeedyGonzales »

It is set the same as the others and they work

-rwxr-xr-x 1 root root 256 Jul 20 2015 diskfree.pl
-rwxr-xr-x 1 root root 92 Jul 20 2015 diskfree.sh
-rwxr-xr-x 1 root root 174 Jul 20 2015 linux_memory.pl
-rwxr-xr-x 1 root root 336 Apr 20 13:22 loadavg_multi.pl
-rwxr-xr-x 1 root root 401 Jul 20 2015 loadavg.pl
-rwxr-xr-x 1 root root 548 Apr 20 13:21 ping.pl

AND

"Can you check if these commands return anything ( and post it here) :
Code:
ping -c 1 127.0.0.1 | grep 'icmp_[s|r]eq' | grep time"

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.023 ms

"and from within the scripts directory:
Code:
perl ping.pl 127.0.0.1"

0.028

It seems to work fine but cacti is showing the devices with ICMP ping only as down on the monitor page
tertius
Cacti User
Posts: 82
Joined: Wed Mar 01, 2017 2:34 pm

Re: Errors in perl scripts

Post by tertius »

On a reasonably modern Linux system, it's not required to set the suid bit of any of the perl scripts, because the icmp stuff is done by calling programs like ping from the scripts. And ping has been given the capability to use icmp:

Code: Select all

$ getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep
At least on my systems, redhat-based, the privilege to use raw sockets is given to ping not by suid, but by giving it the capability cap_net_raw. This is not visible in the file system by using ls, so many admins may not be aware of it. But if you just install from the distribution repositories, don't tamper with the system and just use it, it just works.
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests