Something wrote host names to /etc/sssd/sssd.conf

MonitorGuy · Post by **MonitorGuy** » Tue Mar 02, 2021 1:26 pm

During this past weekends scheduled patching, our Linux admin noted something wrote all the monitored host names in Nagios to this file: /etc/sssd/sssd.conf

hostname01 Not Found
hostname02 Not Found
hostname03 Not Found
hostname04 Not Found
hostname05 Not Found

I guess the changes to the file caused a process not to startup after reboot, and removing the "hostname Not Found" entries resolved the issue.

I searched logfiles on the Nagios server and came up empty, so checking here to see if anyone else noticed this behavior, or knows how this might happen?

Just updated Nagios XI to 5.8.1
Previously on 5.7.5
RHEL 7.9

Thanks!

Post by **cdienger** » Wed Mar 03, 2021 4:41 pm

Very odd and the only time I've heard of something like this. sssd.conf is a configuration file so it wouldn't be surprising that the service that uses it wouldn't start if it had unrecognized entries like this. Do you have any Nagios checks that work with the file or service?

MonitorGuy · Post by **MonitorGuy** » Thu Mar 04, 2021 1:14 pm

Here are the service monitors:

check_ssh
check_xi_service_status
check_local_mem
check_local_load
check_http
check_local_disk
check_mailq

Checked the scripts, nothing stood out as having anything to do with sssh.conf

We know the file got updated on Feb 9th, but that's all we have so far...

Craig

ssax · Post by **ssax** » Fri Mar 05, 2021 5:00 pm

There's nothing that I know of that would write anything in there.

Considering sssd is using for directory services/authentication it could be related if your system is ad/ldap integrated but none of our product should touch that file.

Were they under a specific column or anything? Can you PM me the file with how it looked?

MonitorGuy · Post by **MonitorGuy** » Mon Mar 08, 2021 9:55 am

PM Submitted...

benjaminsmith · Post by **benjaminsmith** » Tue Mar 09, 2021 5:55 pm

Hi Craig,

We went over the files here that you sent, and there's nothing in Nagios XI by default that would touch that file. Do you have any custom or automated processes (ie. chef, puppet..etc.) that be writing there?

Benjamin

MonitorGuy · Post by **MonitorGuy** » Wed Mar 10, 2021 10:18 am

That was the first thing I checked, all the custom scripts have been checked and nothing related to sssd was found.

Could a setting in the Nagios XI GUI touch that file for any reason?

Thanks,

Craig

ssax · Post by **ssax** » Wed Mar 10, 2021 6:16 pm

I grepped our entire codebase and nothing was found.

I'm also very familiar with our code and I've never seen anything touch that file.

You can try searching the entire server to see if you can find anything but we have no idea how they got in that file:

Code: Select all

grep -Rnw sssd.conf /

Nagios Support Forum

Something wrote host names to /etc/sssd/sssd.conf

Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf

Re: Something wrote host names to /etc/sssd/sssd.conf