Hi,

Chris <fisch....@gmx.de> writes:

> [main] #338 uses non-existing /var/ossec/bin/ossec-agentd
> [main] #338 is not a child

this is by design of the wazuh-agent and might trigger a false positive
in needrestart - putting binaries into /var looks something special.

> [main] #25460 uses non-existing /usr/lib/postfix/sbin/pickup
> [main] #25460 is a child of #430

Is your postfix chrooted? Could you please post:

stat /usr/lib/postfix/sbin/pickup
stat /proc/25460/root/usr/lib/postfix/sbin/pickup


Regards,
Thomas


> [main] #338 exe => /var/ossec/bin/ossec-agentd
> [main] #338 is wazuh-agent.service
> [main] #430 exe => /usr/lib/postfix/sbin/master
> [main] #430 is postfix@-.service
>
>
> cat /proc/338/cgroup
> -------------
>
> 12:cpuset:/
> 11:hugetlb:/
> 10:perf_event:/
> 9:blkio:/
> 8:net_cls,net_prio:/
> 7:memory:/
> 6:rdma:/
> 5:cpu,cpuacct:/
> 4:freezer:/
> 3:pids:/system.slice/wazuh-agent.service
> 2:devices:/system.slice/wazuh-agent.service
> 1:name=systemd:/system.slice/wazuh-agent.service
>
>
> cat /proc/25460/cgroup
> ----------------------
>
> 12:cpuset:/
> 11:hugetlb:/
> 10:perf_event:/
> 9:blkio:/
> 8:net_cls,net_prio:/
> 7:memory:/
> 6:rdma:/
> 5:cpu,cpuacct:/
> 4:freezer:/
> 3:pids:/system.slice/system-postfix.slice/postfix@-.service
> 2:devices:/system.slice/system-postfix.slice
> 1:name=systemd:/system.slice/system-postfix.slice/postfix@-.service
>
> cat /proc/430/cgroup
> --------------------
>
> 12:cpuset:/
> 11:hugetlb:/
> 10:perf_event:/
> 9:blkio:/
> 8:net_cls,net_prio:/
> 7:memory:/
> 6:rdma:/
> 5:cpu,cpuacct:/
> 4:freezer:/
> 3:pids:/system.slice/system-postfix.slice/postfix@-.service
> 2:devices:/system.slice/system-postfix.slice
> 1:name=systemd:/system.slice/system-postfix.slice/postfix@-.service
>
>
> As you have mentioned cgroups i'm also getting the following output from
> the postfix services within the containers:
>
> Jan 28 15:51:51 example systemd[1]: postfix.service: Failed to reset
> devices.list: Operation not permitted
> Jan 28 15:51:51 example systemd[1]: postfix.service: Failed to set
> invocation ID on control group /system.slice/postfix.service, ignoring:
> Operation not permitted
>
> Not sure if this is related here.
>
>> Thanks,
>> Thomas
>> 
>> 
>> Chris <fisch....@gmx.de> writes:
>> 
>>> Package: needrestart
>>> Version: 2.11-3
>>> Severity: normal
>>>
>>> Dear Maintainer,
>>>
>>> having Postfix and the wazuh-agent package from [1] on a current Debian
>>> Stretch 9.3 running within an LXC container shows the following services
>>> as required for a restart even if the services, the container or the
>>> host was freshly restarted:
>>>
>>> postfix@-.service
>>> wazuh-agent.service
>>>
>>> Running needrestart with the -v parameter shows this output:
>>>
>>> [main] eval /etc/needrestart/needrestart.conf
>>> [main] needrestart v2.11
>>> [main] running in root mode
>>> [Core] Using UI 'NeedRestart::UI::stdio'...
>>> [main] detected systemd
>>> [main] #372 uses non-existing /var/ossec/bin/ossec-agentd
>>> [main] #372 is not a child
>>> [main] #1047 uses non-existing /usr/lib/postfix/sbin/pickup
>>> [main] #1047 is a child of #438
>>> [main] #372 exe => /var/ossec/bin/ossec-agentd
>>> [main] #372 is wazuh-agent.service
>>> [main] #438 exe => /usr/lib/postfix/sbin/master
>>> [main] #438 is postfix@-.service
>>> [Kernel] Linux: kernel release 4.13.13-5-pve, kernel version #1 SMP PVE 
>>> 4.13.13-36 (Mon, 15 Jan 2018 12:36:49 +0100)
>>> [Kernel/Linux] Did not find any linux images.
>>> Failed to retrieve available kernel versions.
>>> Restarting services...
>>> Services to be restarted:
>>> Restart «postfix@-.service»? [Ynas?] n
>>> Restart «wazuh-agent.service»? [Ynas?] n
>>> Services being skipped:
>>>  systemctl restart postfix@-.service
>>>  systemctl restart wazuh-agent.service
>>> No containers need to be restarted.
>>> No user sessions are running outdated binaries.
>>>
>>> The two mentioned binaries which doesn't exist according to needrestart
>>> output are there and accessible:
>>>
>>> ls -la /var/ossec/bin/ossec-agentd
>>>
>>> -rwxr-x--- 1 root root 528136 Dez 22 18:59 /var/ossec/bin/ossec-agentd
>>>
>>> ls -la /usr/lib/postfix/sbin/pickup
>>>
>>> -rwxr-xr-x 1 root root 14408 Sep 27 06:56 /usr/lib/postfix/sbin/pickup
>>>
>>> ls -la 
>>>
>>> Not sure what causes this behavior. If there are any additional info i
>>> could / need to provide please let me know.
>>>
>>> Thanks,
>>>
>>> [1] 
>>> https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_deb.html
>> 
>

-- 

    ::  WWW:                        https://fiasko-nw.net/~thomas/  ::
   :::  Jabber:                   xmpp:tho...@jabber.fiasko-nw.net  :::
    ::  flickr:             https://www.flickr.com/photos/laugufe/  ::

Reply via email to