This seems to be an artefact of the "xymon" command, perhaps sanitising
input. If I run this command:
printf "data `uname -n`.TEST\ntesting\ \ntesting\n" | { telnet 127.1
1984; sleep 1; }
the message gets to xymon as is, with a backslash and some trailing
spaces, as in "testing\<space><space><space><newline>testing<newline>". If
I change the command after the pipe to xymon, like so:
printf "data `uname -n`.TEST\ntesting\ \ntesting\n" | xymon 127.1 @
then the message appears as "testingtesting" with all of the whitespace
stripped out. This effect happens for when one or more spaces or tabs
follows a backslash and is then followed by a newline. (Interestingly, a
carriage return in the whitespace seems to also corrupt the string after
the newline - possibly leading to a buffer overflow in some cases - and
while this is unlikely in the output of "ps", there may be other ways to
abuse xymon with this technique.)
So I think the issue is triggered for you when the ps output has "sed ...
security.cron:<space>".
I suspect if you clean up the output of the "ps" line in
xymonclient-linux.sh to remove trailing whitespace, then it might fix your
problem. Something like this:
ps -Aww f -o
pid,ppid,user,start,state,pri,pcpu,time:12,pmem,rsz:10,vsz:10,cmd | sed 's/
*$//'
J
On Fri, 22 Mar 2024 at 07:11, John Horne <user-e95f1ec2f147@xymon.invalid> wrote:
On Thu, 2024-03-21 at 15:38 +0000, John Horne wrote:
I need to do more testing, but am a little lost as to whether the bug
(if it
exists) is in the 'ps' output, the way it is recorded in the hostdata
file or
in the processing of the 'procs' test.
Running tcpdump of what is being sent to the main Xymon server shows that
the
corrupted line is occurring on the client. So I need to look into the
xymonclient side of things.
John.
--
John Horne | Senior Operations Analyst | Technology and Information
Services
University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK
[https://www.plymouth.ac.uk/images/email_footer.gif]<;
http://www.plymouth.ac.uk/worldclass>;
This email and any files with it are confidential and intended solely for
the use of the recipient to whom it is addressed. If you are not the
intended recipient then copying, distribution or other use of the
information contained is strictly prohibited and you should not rely on it.
If you have received this email in error please let the sender know
immediately and delete it from your system(s). Internet emails are not
necessarily secure. While we take every care, University of Plymouth
accepts no responsibility for viruses and it is your responsibility to scan
emails and their attachments. University of Plymouth does not accept
responsibility for any changes made after it was sent. Nothing in this
email or its attachments constitutes an order for goods or services unless
accompanied by an official order form.
![https://www.plymouth.ac.uk/images/email_footer.gif]<](https://www.plymouth.ac.uk/images/email_footer.gif]<){kind=link}