2011年7月 6日

improper command pipelining after MAIL from xxx

[ReTweet This!] カテゴリ:xymon

xymonでSMTPをチェックしてると、maillogにこんなログが記録されているのに気づいた。

Jul 6 06:56:05 xxx postfix/smtpd[xxxxx]: improper command pipelining after MAIL from xxx

んー、読んで字のごとくでimproper commandをxymonが投げちゃっているんだよね。無視しててもいいんだけど、ログにこういうのが出ること自体ちょっとほっておけない正確なので(A型)、xymonの設定をいじってみることにした。

 設定をいじってみるとは言っても、何をどうしたらいいのかわからないので、とりあえずGoogle先生に頼ってみる。残念ながら日本語の情報は全く存在していないので、英語の情報を中心に調べていく。xymonの投げるコマンドがイマイチだという事が判明。解決策として、smtpチェックの時に使っているコマンドを定義しているprotocols.cfgの該当部分を下記に書き換えてみたら、うまくいきました。

[smtp]
send "mail\r\n"
expect "503"
send "quit\r\n"
expect "220"
options banner
port 25

なんか、いろいろいじっていたのでここだけで直ったのか自信ないけど、とりあえずこの作業は必要だったと思われ。この手のプロトコルを直接話すのは、全然経験値がないのでもうちょっと自力で何とかできるようになりたいなぁ。

投稿者 ymkx : 2011年7月 6日 17:06 |

xymon 4.3.3

[ReTweet This!] カテゴリ:xymon

 本業であるサーバ管理業務でサーバ監視にxymonというソフトウェアを使用しています。以前はhobbitと呼ばれていたソフトですが、ある日突然xymonに変更になったあれですな。

 xymonはかなり手軽に導入できるサーバ監視ソフトで、xymonサーバを一台導入すればあとは監視サーバにxymonクライアントをインストールしていくだけで簡単にサーバ監視が出来ます。うちでは、5年くらい前から使っているのかな、まだ当日はhobbitという名前だったね。

 で、そんなxymonですが、いつの間にか4.3系がリリースされていたので、最新版のxymon 4.3.3にバージョンアップしました。最初、上書きインストールをしたらいろいろおかしくなっちゃったので、一度ディレクトリを綺麗にしてから新たにインストールしました。

 っと、4.2.3まではhobbitなんとかっていうコマンドとか設定ファイルがあったのですが、4.3.3ではその辺りが完全に変わっていますね。スタートアップコマンドも、xymon.shに変わっていました。そして、一番迷ったのは設定ファイル。インストールディレクトリのserver/etc/配下に設置されるファイルですが、ここは大幅に変わっています。
 監視ホストを登録しているbb-hostsはhosts.cfgへ、アラートを出すときのアクションを決めるhobbit-alerts.cfgはalerts.cfgへ、各サーバの監視項目などを設定するhobbit-clients.cfgはanalysis.cfgとhobbitがらみの名称を外すべく、設定ファイル名が変更されたようです。
 見た目も若干変更したようですが、それ以外の機能はぱっと見何が変わったのかよくわからないですね。とりあえず、4.2.3からのChangesはこんな感じです。


Changes from 4.3.2 -> 4.3.3 (6 May 2011)
========================================
* rev6684
* SECURITY FIX: Some CGI parameters were used to construct
filenames of historical logfiles without being sanitized,
so they could be abused to read files on the webserver.
* SECURITY FIX: More cross-site scripting vulnerabilities.
* Remove extra "," before "History" button on status-view
* Critical view: Shring priority-column to 10% width
* hosts.cfg loader: Check for valid IP spec (nibbles in
0-255 range). Large numbers in a nibble were accepted,
triggering problems when trying to ping the host.
* Alert macros no longer limited to 8kB

Changes from 4.3.1 -> 4.3.2 (4 Apr 2011)
========================================
* rev6672
* Web UI: Fix bug introduced with the 4.3.1 XSS fixes.

Changes from 4.3.0 -> 4.3.1 (3 Apr 2011)
========================================
* Web UI: SECURITY FIX - fix potential cross-site scripting vulnerabilities.
Initial report by David Ferrest (email April 1st 2011).
* Solaris Makefile: Drop guessing of what linker is being used, since we
get it wrong too often.
* configure: Add missing include to fix compile failure on
some systems.
* get_ostype(): Check that we have a valid OS identifier.
Dont assume we can write to the string passed us.
* xymond user messages: Improve error message for oversize messages.
Document the MAXMSG_USER setting.
* combostatus: Make the set of error-colors configurable. Change default set so
BLUE and PURPLE are not considered errors (only RED is an error by default).
* xymon(1) manpage: Add missing description of some fields available in the
xymondboard command.
* hosts.cfg manpage: Fix wrong NOPROP interpretation. From Thomas Brand.
* Demotool: Change Hobbit->Xymon

Changes from 4.3.0 RC 1 -> 4.3.0 (4 Mar 2011)
=============================================
* Critical view and other webpages: Make the 'All systems OK' message
configurable. Also allow the header/footer for the Critical Systems
view to be configurable.
Suggestion and preliminary patch from Buchan Milne.
* xymonnet: Improve error report when HTTP tests get an empty response -
'HTTP error 0' sounds weird.
* report / snapshot CGI's: Fix buffer overrun in the HTML delimiter
generated in the "please wait..." message. Also, fix potential buffer
overrun in report CGI if invoked with a large value for the "style"
parameter.
Reported by Rolf Biesbroek.
* Graph definitions (graphs.cfg): Multi graphs cannot use a regex pattern.
Problem report by Brian Majeska
* Solaris interface statistics: Filter out "mac" and "wrsmd" devices at
the client side.
Update RRD handler to also filter "wrsmd" at the server side, like we
already did for "mac" devices.
Cf. http://www.xymon.com/archive/2009/06/msg00204.html
* Documentation: Document the XMH_* fields available in xymondboard commands.
* Documentation: Document SPLITNCV and "trends" methods of doing
custom graphs.
* RRD definitions: Allow override of --step/-s option for rrdcreate,
from template supplied in rrddefinitions.cfg.
Suggestion from Brian Majeska.
* mailack: Remove restriction on how long a subjectline/message body can be.
* Build procedure: Add notice about running upgrade script before
installing the new version.
* xymond_alert: Document --trace option
* Alerts: For recovery messages, add information so you can tell
whether the recovery was due to the service actually recovering, or
if it was merely disabled.
* xymond_alert: Fix missing element in array of alert status texts used
for tracing.
Spotted by Dominique Frise.
* Add support for FreeBSD v8 modified ifstat output
* Documentation: Update information about the Xymon mailing lists
following move to Mailman and new archive URL.
* HP/UX client: Use "swapinfo" to extract memory utilisation data,
instead of the hpux-meminfo utility.
By Earl Flack http://lists.xymon.com/pipermail/xymon/2010-December/030100.html

Changes from 4.3.0 beta 3 -> 4.3.0 RC 1 (23 Jan 2011)
=====================================================
* hosts.cfg badldap documentation: Document that for LDAP URL's you must
use 'badldapurl'. Reported by Simo Hmami.
* xymond flap detection: Make number of tracked status changes and the
flap-check period configurable. Change the defaults to trigger flapping
at more than 5 status changes in a 30 minute period.
* sendmessage: Enhanced error reporting, to help track down communication
problems.
* xymond_client: Fix Windows SVC status handling to avoid coredumps,
memory corruption and other nasties.
Will now report the real name of the service, instead of the pattern used in
the analysis.cfg file.
NOTE: Slight change to status message format.
* Client handler: Fix owner/user check parsing. Reported by Ian Marsh
http://www.xymon.com/archive/2011/01/msg00133.html (also broken in 4.2.3).
* xymongen: Fix broken --doc-window option handling. Reported by Tom Schmitt.
* Xymongen: Fix documentation of the --doc-window/--no-doc-window options.
* Webpage background: Use a CSS and a new set of gif's to implement a
background that works on all displays, regardless of width. Uses a new
xymonbody.css stylesheet which can also control some other aspects of the
webpage. From Francois Claire.
* Documentation: The xymon 'rename' command should be used AFTER renaming
a host in hosts.cfg, not before. From Tom Georgoulias.
* Memory status: Add some sanity checks for the memory utilisation reported
by clients. Occasionally we get completely bogus data from clients, so only
act on them if percentages do not exceed 100.
* Critical systems view: Add "--tooltips" option so you can save screen space
by hiding the host descriptions in a tooltip, like we do on the statically
generated pages. Feature request from Chris Morris.
* Solaris client: Report "swap -l" in addition to "swap -s" for swap usage.
Backend prefers output from "swap -l" when determining swap utilisation.
* Webpage menu: Use the CSS and GIF's by Malcolm Hunter - they are much nicer
than the ones from Debian. Distribute both the blue and the grey version,
and configure which one to use in xymonserver.cfg.
* Graph zoom: Use float variables when calculating the upper/lower limits
of the graph. Fixes vertical zoom.
* xymond: Make sure we do not perform socket operations on invalid sockets
(e.g. those from a scheduled task pseudo-connection)
* Installation: Remove any existing old commands before creating symlinks
* xymonproxy: Fix broken compatibility option '--bbdisplay'
* Fix eventlog summary/count enums so they dont clash with Solaris predefined
entities
* History- and hostdata-modules: Dont save data if there is less than 5%
free space on the filesystem. Also, dont save hostdata info more than 5
times per hour.
* Historical statuslog display: Work-around for crash when status-log is
empty
* fping.sh configure sub-script: Fix syntax error in suggested 'sudoers'
configuration, and point to the found fping binary. From Steff Coene.
* namematch routine: Fix broken matching when doing simple matching against
two strings where one was a subset of the other.
http://www.xymon.com/archive/2010/11/msg00177.html . Reported by Elmar Heeb
who also provided a patch, although I chose a different solution to this.
* Xymon net: Fix broken compile when LDAP-checks are disabled. Reported by
Roland Soderstrom, fix from Ralph Mitchell.
* xymon(7) manpage: Drop notice that renaming in 4.3.0 is not complete
* Installation: Setup links for the commonly used Hobbit binaries
(bb, bbcmd, bbdigest, bbhostgrep, bbhostshow)
* Upgrade script: Setup symlinks for the old names of the standard webpages
* xymonserver.cfg.DIST: Missing end-quote in compatibility
BBSERVERSECURECGIURL setting. From Ralph Mitchell
* xymongrep: Fix broken commandline parsing resulting from trying to be
backwards-compatible. Reported by Jason Chambers.

Changes from 4.3.0 beta 2 -> 4.3.0 beta 3 (15 Nov 2010)
=======================================================

* Reflect the renaming of the project at Sourceforge
in documentation, links etc.
* Any data going into graphs can now trigger a status to
change color, if the value of the data is outside
thresholds. This can be used to e.g. trigger an alert
if the response-time of a network test is longer than
expected, even though the service is responding. Also
works for custom tests that feed data into graphs.
(see analysis.cfg "DS" definition). This uses a
new xymond command, "modify".
* Clients can now use several modules to send "client"
data to the Xymon server, all of which are passed to
(specialised) client-data processors on the Xymon server.
* All tools for the "Critical Systems View" now have a
"--config=FILENAME" option for which file to load
the configuration from.

Configuration files:
* Document the "directory" include syntax
* Allow the "include" and "directory" definitions to be
indented.

xymongen:
* New "--no-nongreen" option for bbgen disables generating the
"All Non-green" page, since this is not useful on large
installations.
* If xymongen cannot load the current status from xymond,
abort updating of the webpages instead of generating
a 100% green set of webpages.

xymonnet:
* New "--source-ip=ADDRESS" option for xymonnet to
set the default source IP used for network tests.
* HTTP tests now use the source-IP.
* New "--ping-tasks=N" option for xymonnet to split
the ping-tests to multiple processes. Needed to speed
up ping of large installations.
* Disable support for the old Big Brother syntax for
HTTP proxies in web checks. Necessary to allow testing
of URL's beginning with "http". If necessary, the old
Big Brother compatible behaviour is enabled with the
new "--bb-proxy-syntax" option for xymonnet.

xymonproxy:
* Rename "--bbdisplay" option to "--server".
* Drop support for sending data to Big Brother servers.
This means that the Big Brother "page" messages will
no longer be relayed by bbproxy, so the "--bbpager"
and "--hobbitd" options have been removed.

msgcache / xymonfetch:
* Fix off-by-one bug when reading data. Could lead to
data corruption, crashes and other nasty behaviour.
* Remove port-numbers from the "Message received from..."
line so these don't show up as multi-source.

xymonlaunch:
* Support for cron-style time specification, so tasks
will run at specific times.

xymon tool:
* New "--response" option overrides auto-detection of
whether to expect a response back from the server.
* Support the new "usermsg" and "modify" commands.

hosts.cfg configuration settings:
* New "multihomed" option disables the multi-source detection
for a host.

xymond:
* Support multiple client-collector modules for each host.
* Detect when the same host receives updates from multiple source
IP adresses. Usually indicates a misconfigured client reporting
with the name of another server. May erroneously flag some
multi-homed hosts, so this check can be disabled with the
"multihomed" flag in bb-hosts.
* Detect when a status is rapidly switching between to states.
In that case, the most severe state is enforced until the
flapping stops. Such flapping would lead to a huge number of
status messages being stored as historical logs.
* Fix rare bug where missing status-log data could crash xymond.
* Fix small memory leak in processing "config" and "download" commands.

xymond_capture:
* New server-side tool to capture selected messages from a Xymon channel.

xymond_channel:
* New "--filter" option allows use of a regular expression to filter
data being passed to the worker module based on the message
summary line.

xymond_client:
* Fix bug where very large client messages could result in
the next message processed being corrupted. Typically, this
would cause semi-random disk graphs to appear, or bogus
alerts triggering.
* Test for filesystems running out of i-nodes. Currently only the
Linux client reports data for this.
* Test for any data going into graphs triggering a "modify" of
a status if the value is outside limits.
* Mangle filenames with a colon (i.e. Windows filenames) when
passing them to other status-messages, e.g. xymond_rrd.
* Detect/discard duplicated update-messages and discard them.

xymond_history:
* The SAVESTATUSLOG setting can now select which status-logs to
save as historical logs.

xymond_rootlogin.pl:
* Sample serverside module in Perl.

xymond_rrd:
* Explicitly update access-times when updating RRD files on Linux,
since the memory-mapped I/O on this platform does not modify
timestamps, causing Xymon to consider all graphs stale.
* Detect/discard duplicated update-messages and discard them.
* New "--no-cache" option disables caching of RRD updates.
* SPLITNCV bug fixed.
* Support output from newer versions of the ntp.org "sntp" tool.

Top-changing hosts/statuses:
* Eventlog CGI application can now report the most changing
hosts/statuses.

perfdata CGI:
* New "--page=REGEXP" option for selecting which hosts to include.

BBWin client:
* Fix clock offset calculation in cases where "epoch" time is
reported without a decimal part.

Linux client:
* lsb_release may be installed in /usr/bin

SCO Unixware client:
* New client

AIX client:
* Fix wrong data collected in graphs (RRD files) for AIX
memory/swap utilisation.

Solaris client:
* Ignore "mac" interfaces in interface-statistics. These are
physical interfaces aggregated into a multi-link virtual
interface - statistics are collected for the virtual interface.

IBM MQ:
* New collector module and sub-client.

CGI applications:
* New XYMONCGILOGDIR setting in xymonserver.cfg sets a
directory where CGI debug output is stored.

BEA/NetApp/Database add-on:
* Server side updated to hobbit-perl-cl ver. 1.21. Among
other things, this means that Tablespace utilisation is
now graphed.

Devmon add-on:
* Server side updated to current version.


Changes from 4.3.0 beta 1 -> 4.3.0 beta 2 (24 Apr 2009)
=======================================================
* New "--shuffle" option for bbtest-net to run network tests
in a random order.
* Client startup script now exports important environment variables,
so they are actually used in systems with a traditional shell.
* hobbitlaunch no longer crashes if there are no tasks
* Client configure script includes librt for clock_gettime()
* New client support for mainframes: z/OS, z/VM, z/VSE
* Enhanced eventlog and top-changing hosts webpages.
* Revert debian package pathnames back to use "hobbit", so
updates from 4.2.x will actually work.
* Ghostlist options in hobbitcgi.cfg had no effect because
of typo in setting name.
* "data" messages could crash hobbitd.
* Debug output from hobbitd_channel now logs only the relevant
data instead of the full message.
* trimhistory now informs the history module to re-open the
"allevents" file after trimming it.
* devmon template fix
* New "rrdcachectl" utility included.
* Fixed sorting routine (affected holiday list and others)
* Fix generic crash in communications module between Xymon
programs, where an empty response message would crash caller.

Changes from 4.2.3 -> 4.3.0 beta 1 (09 Feb 2009)
================================================
Core changes:
* New API's for loadhosts and sendmessage, in preparation for
the full 5.0 changes.
* Always use getcurrenttime() instead of time().
* Support for defining holidays as non-working days in alerts and
SLA calculations.
* Hosts which appear on multiple pages in the web display can
use any page they are on in the alerting rules and elsewhere.
* Worker modules (RRD, client-data parsers etc) can operate on
remote hosts from the hobbitd daemon, for load-sharing.
* Various bugfixes collected over time.

Network test changes:
* Merged new network tests from trunk: SOAP-over-HTTP,
SSL minimum cipher strength
* Changed network test code to always report a validity period
for network tests, so it it possible to run network tests less
often than every 30 minutes (e.g. once an hour).
* Make the content-type setting in HTTP POST tests configurable.
* Make the source-address used for TCP tests configurable.
* Make the acceptable HTTP result codes configurable.
* Use and save HTTP session cookies.

Web changes
* Support generic drop-down lists in templates.
* "NOCOLUMNS" changed to work for all columns.
* New "group-sorted" definition to auto-sort hosts in a group
* Use browser tooltips for host comments
* "Compact" status allows several statuses to appear as a single
status on the overview webpages.
* Trends page can select the time period to show. Buttons provided
for the common selections.
* Ghost list report now lists possible candidates for a ghost,
based on IP-address or unqualified hostname.

Report changes
* Number of outages as SLA parameter

Miscellaneous
* hobbitlaunch support for running tasks only on certain hosts,
and for a maximum time.
* Alert script get a unique ID for each alert.

かなり膨大の変更点が、、、4.2.3から4.3系にバージョンアップした際、特に4.3.0のリリースまでのβやRC等のリリースの際に多くの変更点があるようです。4.3になってからのバージョンアップはセキュリティフィックスが中心ですかね。

 まだ、インストールして使い始めたばかりなので、いろいろチェックしながら使っていきたいと思います。まだ、1つの監視サーバだけのバージョンアップなので、問題なければメインの監視サーバもバージョンアップしたいと思います。

投稿者 ymkx : 2011年7月 6日 11:00 |