False positives for applet.py (system-config-printer)
list Jaap Winius
Hi folks, Our virtual workstations run CUPS along with the "system-config-printer" package, which provides a "graphical interface to configure the printing system." Unfortunately, Xymon keeps reporting false-positives for this package, in particular for lines involving this one python script: /usr/bin/python3 /usr/share/system-config-printer/applet.py Xymon often erroneously reports that such processes have "libs linked that were upgraded", even though no upgrades have taken place. Also, there may be multiple reports of this per user and per session, and these will persist even after the user has logged out. Can anyone explain how to prevent these false positives? I imagine the solution will involve creating /etc/xymon/libs.local.yaml with a few lines added to it. Our virtual workstations run Debian 11.4 (Bullseye) with Xfce 4.16, cups 2.3.3op2-3+deb11u2, system-config-printer 1.5.14-1, xrdp 0.9.12-1.1 and xymon-client 4.3.30-1. The xymon server is also runs version 4.3.30-1 on top of Debian 11.4. Thanks, Jaap
list Jaap Winius
Hi folks, Adam Thorn mentioned to me in an exchange a few months ago that "the libs test pretty much just runs the lsof command and looks for files which are either 'deleted' or 'DEL', so you can do this check for yourself for a particular pid." His example command didn't quite work, but I get the idea. In the case of applet.py, I find lines like the following: applet.py 237463 jwinius 2w unknown 0,51 /nfs/home/jwinius/.xsession-errors (deleted) nfs.umrk.nl:/nfs/home) What must be added to /etc/xymon/libs.local.yaml to whitelist lines like this for all users? Thanks, Jaap Quoting Jaap Winius via Xymon <xymon at xymon.com>:
▸
Hi folks, Our virtual workstations run CUPS along with the "system-config-printer" package, which provides a "graphical interface to configure the printing system." Unfortunately, Xymon keeps reporting false-positives for this package, in particular for lines involving this one python script: /usr/bin/python3 /usr/share/system-config-printer/applet.py Xymon often erroneously reports that such processes have "libs linked that were upgraded", even though no upgrades have taken place. Also, there may be multiple reports of this per user and per session, and these will persist even after the user has logged out. Can anyone explain how to prevent these false positives? I imagine the solution will involve creating /etc/xymon/libs.local.yaml with a few lines added to it. Our virtual workstations run Debian 11.4 (Bullseye) with Xfce 4.16, cups 2.3.3op2-3+deb11u2, system-config-printer 1.5.14-1, xrdp 0.9.12-1.1 and xymon-client 4.3.30-1. The xymon server is also runs version 4.3.30-1 on top of Debian 11.4. Thanks, Jaap
list Jaap Winius
Hi folks,
After more experimentation, I've managed to get Xymon to give me the "all green" again, but only after adding a rather generic line to libs.local.yaml:
- '.*\(deleted\).*'
Any more specific and the aforementioned false positive pops up again. Any suggestions on how to make it more specific would be welcome.
▸
Thanks,
Jaap
Quoting Jaap Winius via Xymon <xymon at xymon.com>:
Hi folks, Adam Thorn mentioned to me in an exchange a few months ago that "the libs test pretty much just runs the lsof command and looks for files which are either 'deleted' or 'DEL', so you can do this check for yourself for a particular pid." His example command didn't quite work, but I get the idea. In the case of applet.py, I find lines like the following: applet.py 237463 jwinius 2w unknown 0,51 /nfs/home/jwinius/.xsession-errors (deleted) nfs.umrk.nl:/nfs/home) What must be added to /etc/xymon/libs.local.yaml to whitelist lines like this for all users? Thanks, Jaap Quoting Jaap Winius via Xymon <xymon at xymon.com>:Hi folks, Our virtual workstations run CUPS along with the "system-config-printer" package, which provides a "graphical interface to configure the printing system." Unfortunately, Xymon keeps reporting false-positives for this package, in particular for lines involving this one python script: /usr/bin/python3 /usr/share/system-config-printer/applet.py Xymon often erroneously reports that such processes have "libs linked that were upgraded", even though no upgrades have taken place. Also, there may be multiple reports of this per user and per session, and these will persist even after the user has logged out. Can anyone explain how to prevent these false positives? I imagine the solution will involve creating /etc/xymon/libs.local.yaml with a few lines added to it. Our virtual workstations run Debian 11.4 (Bullseye) with Xfce 4.16, cups 2.3.3op2-3+deb11u2, system-config-printer 1.5.14-1, xrdp 0.9.12-1.1 and xymon-client 4.3.30-1. The xymon server is also runs version 4.3.30-1 on top of Debian 11.4. Thanks, Jaap
list Adam Thorn
▸
On 21/08/2022 11:52, Jaap Winius via Xymon wrote:
After more experimentation, I've managed to get Xymon to give me the "all green" again, but only after adding a rather generic line to libs.local.yaml: ?? - '.*\(deleted\).*' Any more specific and the aforementioned false positive pops up again. Any suggestions on how to make it more specific would be welcome.
That's a rather far-reaching config line; it will mean any and all (deleted) files will be ignored by the libs test, if you've put it under '*' ! The crucial line in the libs script is return 1 if $path =~ $regexp; i.e. you want a perl regular expression for the entries in libs.local.yml. Given you mentioned /nfs/home/jwinius/.xsession-errors (deleted) nfs.umrk.nl:/nfs/home) you could thus try, perhaps, - '^/nfs/home/.*/\.xsession-errors ' (NB the trailing space is deliberate, given the example string you'd like to match). Look for online tutorials about perl regular expressions if it's not clear what's going on there. Adam