Weird bug - babel SVN Build BC070806 - Agents offline

[davidp]

Hi all,

  I've just set up a babel server here on a dedicated server which use a MySQL database on another server.  Nothing wrong transpires from the log file (as in: no mysql connection problem).  The server is currently in verbose mode to better trace what goes on.

  The console server is also running on a dedicated server (my web server) thus I have a different connection to mysql, which also works.  I can create agents, but they invariably declare themselves offline.

   On the babel server, I get entries like:

[code:1][V] 01-31-08 04:35:51 - Preparing to process data file at /var/spool/babel/data_in/thor.1201753846.data
[V] 01-31-08 04:35:51 - Registering audit #4 from agent 'thor'
[V] 01-31-08 04:35:52 - Deleting data file[/code]

   So I expect no communication problem between the server and the sql server, and since I'm able to use the console, the sql communication is supposed to be all right on that side too.

   The only disgression I did from the original setup is that I do not allow the the mysql user to do anything else than insert / select / delete / alter records.  Is there a right (like execute scripts) which is needed to operate babel on the mysql server?

Best regards,
David

[Manuel Arostegui]

Hi David,

Can you confirm me you're using version 2.0 of babel?

[davidp]

I'm using the SVN trunk version 1.1

I recompiled it because it runs on a x64 CPU.

David

[Sancho Lerena]

Hi all,

   The only disgression I did from the original setup is that I do not allow the the mysql user to do anything else than insert / select / delete / alter records.  Is there a right (like execute scripts) which is needed to operate babel on the mysql server?

Best regards,
David

Seems to be everything ok. Offline Agents have data inside ?. What is the interval for that agents ?. Remember that interval in babel is in MINUTES, so a 10080 interval is for gathering data every week.

[davidp]

The agents are still declared offline, although on the server, I get a lot of :

[code:1]Registering audit #x from agent 'host'[/code]

On the babel console, I see that the policy is run, but it's like it has returned no data or something.

[Manuel Arostegui]

Can you run the agent in debug mode and see if the XML has any data?

[davidp]

If started in gdb, the output is as follow:

[code:1]babel-server v1.0.0 (build 080131) 2005-2007 (web site ommited)

Program received signal SIGSEGV, Segmentation fauilt.
0x00002ac88e67cbb0 in strlen () from /lib64/libc.so.6[/code]

The bt command returns the following:
[code:1]#0  0x00002b988549abb0 in strlen () from /lib64/libc.so.6

#1  0x00002b988546a84d in vfprintf () from /lib64/libc.so.6

#2  0x00002b988548cb7d in vasprintf () from /lib64/libc.so.6

#3  0x00002b98847fcc50 in g_vasprintf () from /usr/lib64/libglib-2.0.so.0

#4  0x00002b98847ee590 in g_strdup_vprintf () from /usr/lib64/libglib-2.0.so.0

#5  0x00002b98847c1a68 in ?? () from /usr/lib64/libglib-2.0.so.0

#6  0x00002b98847c1b21 in g_set_error () from /usr/lib64/libglib-2.0.so.0

#7  0x000000000040df78 in babel_db_connection_query ()

#8  0x000000000040fc92 in babel_server_init_source ()

#9  0x000000000040fe58 in babel_server_start ()

#10 0x0000000000406ce9 in main ()

[/code]
I guess it's expected from code coming from trunk, but it was running flawlessly previously so I'm a bit at a loss.  No update has been done on the OS either.

[Manuel Arostegui]

Oh no, you miunderstood me, or I didn't explain myself well.
I meant put the agent in debug mode, this means, edit babel_agent.conf and set debug 1
debug mode means that the agent will run as expected but the XML will remain in /var/spool/babel/data_out it won't be copied to the server so you can analyze it.

So, set the debug mode and when the agent is done, take a look at the XML and see if there's data in it.

Let us know what's going on!

[davidp]

As requested, here's an exert from a typical xml file on the babel server "/var/spool/babel/babel_in":

[code:1]<xml>
<babeldata>
<agent><name><CDATA></name>
<version><CDATA></version>
<timestamp>02/15/08 05:26:40</timestamp>
<os><CDATA></os>
<interval>10080</interval>
<os_version><CDATA></os_version>
<policy_name><CDATA></policy_name>
<policy_version><CDATA></policy_version>
</agent>
<module><modulename>Account Policy</modulename><moduletype>user_policy</moduletype>
<moduledata><item><CDATA> is not <CDATA></item><data>/etc/login.defs</data></moduledata>
<moduledata><item><CDATA> is not <CDATA></item><data>/etc/login.defs</data></moduledata>
<moduledata><item><CDATA> is not <CDATA></item><data>/etc/login.defs</data></moduledata>
<moduledata><item><CDATA> is not <CDATA></item><data>/etc/login.defs</data></moduledata>

.
.
.
<moduledata><item><CDATA></item><data>Service enabled</data></moduledata>
<moduledata><item><CDATA></item><data>Service enabled</data></moduledata>
<moduledata><item><CDATA></item><data>Service enabled</data></moduledata>
<moduledata><item><CDATA></item><data>Service enabled</data></moduledata>
</module>
<module><modulename>SnmpAgent</modulename><moduletype>remote</moduletype>
<moduledata><item><CDATA>_<CDATA></item><data>Dangerous community name</data></moduledata>
</module>
<module><modulename>SetUID Files</modulename><moduletype>setuid</moduletype>
<moduledata><item><CDATA></item></moduledata>
<moduledata><item><CDATA></item></moduledata>
</module>
<module><modulename>Tomcat5</modulename><moduletype>remote</moduletype>
</module>
<module><modulename>UID0</modulename><moduletype>uid0</moduletype>
</module>
</babeldata>
[/code]

Regards,
David

[Sancho Lerena]

As requested, here's an exert from a typical xml file on the babel server "/var/spool/babel/babel_in":
Regards,
David

Rename to .xml and try to open locally with a browser (mozilla/firefox) to check if XML is correct. This could the first problem, some 1.1 modules generate bad XML...

[Manuel Arostegui]

Hi Davidp

did you delete any data of that XML before posting it here?
There's no name for the agent in that XML, that could be a problem

[Sancho Lerena]

Hi Davidp

did you delete any data of that XML before posting it here?
There's no name for the agent in that XML, that could be a problem

A big problem :-)

[davidp]

It seems that something in the "trunk" branch of svn was broken after all.

I solved the problem by compiling from ./branch version of babelserver instead ./trunk and everything began working properly.

This thread can now be closed, thanks for the help. :)

Regards,
David

[Manuel Arostegui]

Could be, even though I installed a Babel (with all its components; agent, database, console and server) three days ago and I didn't face any problem. I got it directly from the trunk/
Your problem is weird :-/

[davidp]

Were you using a i386 or x64 system?

The problem I experienced was with a x64 system.

If you tell me what to type in gdb, I can compile it with symbols and let you see where it crashes.

Regards,
David