OKAY:
So it boils down to this, as soon as mk-job whatever_script runs once, the log messages start appearing every minute in /var/log/auth.log
May 25 11:33:24 hostname su: (to root) root on none
May 25 11:33:24 hostname su: pam_unix(su:session): session opened for user root(uid=0) by (uid=0)
May 25 11:33:24 hostname su: pam_unix(su:session): session closed for user root
I’m looking at /usr/bin/mk-job - but I don’t see it calling su anywhere. What’s the deal here?
I have noticed that only on hosts that monitor jobs with mk-job, when I manually Reschedule 'Checkmk' service
The infamous 3 log lines appear (And they appear every minute also), on other hosts this does not happen.
I guess we could call this a “semantic” bug.
/usr/bin/check_mk_agent:
Is this the problem?
- Yep this is definitely the line causing the logs to appear. I just copied the else clause into the main if, so they’re both the same (both just do the head command). No annoying logs appear now, and there’s only one difference - the jobs names are now prepended with
./in the web-ui, and they appear as new jobs.
I do understand this change presents a security issue, but I’m sure there is a proper solution.
Dev team, please help me out, I’m pretty sure most of the detective work is done by now.