Hi folks,
Adam Thorn mentioned to me in an exchange a few months ago that "the libs test pretty much just runs the lsof command and looks for files which are either 'deleted' or 'DEL', so you can do this check for yourself for a particular pid." His example command didn't quite work, but I get the idea. In the case of applet.py, I find lines like the following:
applet.py 237463 jwinius 2w unknown 0,51 /nfs/home/jwinius/.xsession-errors (deleted) nfs.umrk.nl:/nfs/home)
What must be added to /etc/xymon/libs.local.yaml to whitelist lines like this for all users?
Thanks,
Jaap
Quoting Jaap Winius via Xymon <xymon at xymon.com>:
Hi folks,
Our virtual workstations run CUPS along with the "system-config-printer" package, which provides a "graphical interface to configure the printing system." Unfortunately, Xymon keeps reporting false-positives for this package, in particular for lines involving this one python script:
/usr/bin/python3 /usr/share/system-config-printer/applet.py
Xymon often erroneously reports that such processes have "libs linked that were upgraded", even though no upgrades have taken place. Also, there may be multiple reports of this per user and per session, and these will persist even after the user has logged out.
Can anyone explain how to prevent these false positives? I imagine the solution will involve creating /etc/xymon/libs.local.yaml with a few lines added to it.
Our virtual workstations run Debian 11.4 (Bullseye) with Xfce 4.16, cups 2.3.3op2-3+deb11u2, system-config-printer 1.5.14-1, xrdp 0.9.12-1.1 and xymon-client 4.3.30-1. The xymon server is also runs version 4.3.30-1 on top of Debian 11.4.
Thanks,
Jaap