search

VMware VCM 5.3 Guia de Resolução de Problemas Página 66

  • Descarregar
  • Adicionar aos meus manuais
  • Imprimir
Vista de página 65
The Collector reports the job succeeded, but there is still no data
Determine if there are problems with the suid programs in
/opt/CMAgent/ECMu/1.0/bin
The permissions should be:
RunHigh: owner root, group cfgsoft, mode r-sr-x---
RunLow: owner csi_acct, group csi_acct, mode r-xr-s---
RunRemote: owner root, group cfgsoft, mode r-sr-x---
NOTE The csi_acct name may be different if the Agent is installed using a different account.
Account and Group Information
The csi_acct must also be properly created. The csi_acct user should not have a shell that permits logins.
The shell for csi_acct must be listed in the CSIRegistry's "NoLoginShells", and the no login shell must exist
on the system. The primary group for the csi_acct user by default is the csi_acct group (like the csi_acct
user name this group name can be changed during Agent installto use another name or an existing group.
Using an existing group may cause security risks depending on the priviliges that group has); this group is
given no elevated permissions (like the standard "nobody" group). The cfgsoft group must always be
created; this name must be used. The csi_acct user must be a member of the cfgsoft group, but the cfgsoft
group should not be the cs_acct's primary group. If the install creates these groups/account, the uninstall
will remove them; if they were pre-existing, the uninstall will not remove them.
If the permissions are correct, then check the dbe for errors that RunHigh, RunLow, and/or RunRemote
failed. In this case, it will not tell you the cause of the error. RunHigh/RunLow will log some generic error
messages to syslog on failure; however, for better messages you can rebuild the RunHigh/Low/Remote
program with more detailed logging enabled: Search for a commented out syslog entry in the code.
Enabling detailed logging gives an error message in syslog containing an error code which can then be
located in the source file to determine the error condition. This is deliberately obfuscated so prevent a leak
of error information that could enable an 'attack'.
When troubleshooting the setuid binaries, nsswitch.conf should also be checked to confirm that all user
lookups are going to the files first. If not, the users may need to be created in YP/LDAP/AD, etc. A
common problem is that the user is partially created in the cloud, so the security checks fail. If NONE of
the user information is in the cloud, the secondary check to files should work properly.
Also, the mount options for the file system should be checked. A common security practice is to mount
/usr, /opt, and /usr/local with 'notsetuid/nosuid' options to prevent setuid binaries from running. This will
prevent RunHigh/RunLow/RunRemote from functioning.
VCM Troubleshooting Guide
66 VMware, Inc.
Vista de página 65
1 2 ... 61 62 63 64 65 66 67 68

Comentários a estes Manuais

Sem comentários
Manuais e produtos relacionados com não VMware VCM 5.3
não VMware VMWARE CLOUD DIRECTOR 1.0 - TECHNICAL NOTE Guia do Utilizador   (44 páginas)
não VMware CONVERTER STANDALONE 4.3 Manual do Utilizador   (43 páginas)
não VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 - RESPOSITORY Manual do Utilizador   (7 páginas)
  • Printekmobile Newhank EKL Digital Watchdog Mosaic Theory
  • KanexPro Comutadores de vídeo Blue Microphones Microfones Oster Misturadores A.O. Smith não Kompernass Despertadores
  • Bork VC AMB 9618 ** LG LAS453B Asus P9X79 LE Husqvarna QW148183 BE QUIET! Dark Power
  • Cricket ZTE Memo Guia do Utilizador Samsung RS61781GDSR Manual do Utilizador Alesis SR-16 Manual do Utilizador Hampton Bay 14926 Manual de Instruções AEG L6FB6548EX Manual do Utilizador

    • © 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.033 s |
    Manymanuals.com Manymanuals.de Manymanuals.fr Manymanuals.it
    Manymanuals.pl Manymanuals.cz Manymanuals.es Manymanuals-pt.com