Syslog 3.1 has a hardcoded path for sh which causes issues running other scripts

[bmfmancini]

Hey Everyone,

I ran into an issue with syslog 3.1 where it would execute a shell script but would not execute a python script the Log would repport the script was executed without error but the script was not actually run I even created a simple hello world script to log to a file same deal

I came across the below block of code and I notice that exec_background has a hardcoded path to /bin/sh I removed that path still no go I changed

exec_background('/bin/sh', $command);

To

exec($command);

And that resolved my issue

See the original block

if ($alert['open_ticket'] == 'on' && strlen(read_config_option('syslog_ticket_command'))) {
                                    if (is_executable(read_config_option('syslog_ticket_command'))) {
                                        exec(read_config_option('syslog_ticket_command') .
                                            " --alert-name='" . clean_up_name($alert['name']) . "'" .
                                            " --severity='"   . $alert['severity'] . "'" .
                                            " --hostlist='"   . implode(',',$hostlist) . "'" .
                                            " --message='"    . $alert['message'] . "'");
                                    }
                                }
                            }
                        }else{
                            /* get a list of hosts impacted */
                            $hostlist[] = $a['host'];
                        }

                        if (trim($alert['command']) != '' && !$ignore) {
                            $command = alert_replace_variables($alert, $a);
                            cacti_log("SYSLOG NOTICE: Executing '$command'", true, 'SYSTEM');
                            exec_background('/bin/sh', $command);
                        }
                    }

Is there a reason to have the exec_background vs exec ? I will send a pull request but just want to understand the original design

Thanks !

[cigamit]

exec_background is a Cacti function https://github.com/Cacti/cacti/blob/ad7f9e7e30a5c55d3b09d807153377e41bfa294e/src/lib/poller.php#L132 that takes into account whether Cacti is running on Windows or Linux and what arguments are passed.

[bmfmancini]

Thanks @cigamit I will re-test with exec_background but I am sure the hardcoded shell path should be removed not all script being run will be shell in my opinion

[bmfmancini]

Ah actually I noticed this

in syslog_process.php

the only files included are

include(dirname(FILE) . '/../../include/cli_check.php'); include(dirname(FILE) . '/config.php'); include_once(dirname(FILE) . '/functions.php');

I dont see poller.php being included which I would think would be required for that function to work I dont see exec_background mentioned in any other file in the syslog files aside from setup.php

[cigamit]

Have you tried putting the python command (with full path) in front of the command? so /usr/bin/python /path/to/my/script.py

[bmfmancini]

yes it also fails until you removed the path to sh I figure it must be running /bin/sh /usr/bin/python /path/to/script

[cigamit]

cli_check.php includes global.php, which then includes the lib/poller.php.

Otherwise you would be getting an error in your cacti log about it, and Cacti would be disabling the plugin.

[bmfmancini]

ah ok makes sense

[bmfmancini]

OK I just tried again with background_exec($command) that breaks it log shows the command is being executed but doesnt move that to exec($command) and back to working state

[cigamit]

ya, we may have a to make a change to pass "-c" tell /bin/sh that its a command as /bin/sh can execute python just fine like so

[root@localhost ~]# /bin/sh -c "/usr/bin/python ~/test.py"
Hello World
[root@localhost ~]# /bin/sh -c "~/test.py"
Hello World

Your other option for now is to wrap the python script in a shell executor

#!/bin/sh
/usr/bin/python /path/to/my/script.py

[cigamit]

So try changing it to exec_background('/bin/sh -c ', '"' . $command . '"');

[cigamit]

That whole section does need to be changed though, as 1) It doesn't work on Windows 2) It allows arbitrary commands to be run

[bmfmancini]

So try changing it to exec_background('/bin/sh -c ', '"' . $command . '"');

trying now

[bmfmancini]

No go

I did run that command using /bin/sh -c command manually as the apache user and it did execute the script but not via php it will only work with exec($command)

[bmfmancini]

  if (trim($alert['command']) != '' && !$ignore) {
      $command = alert_replace_variables($alert, $a);
       cacti_log("SYSLOG NOTICE: Executing '$command'", true, 'SYSTEM'); 
      exec($command);#working
      #exec_background('/bin/sh -c ', '"' . $command . '"'); #not working 

[TheWitness]

Likely cause your Debian system is running 'dash' as it's default shell.

[bmfmancini]

This is a rhel system Default shell is bash though

On Tue., Mar. 9, 2021, 18:30 TheWitness, notifications@github.com wrote:

Likely cause your Debian system is running 'dash' as it's default shell.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/Cacti/plugin_syslog/issues/151#issuecomment-794602449, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADGEXTCQTTPJ52KFP22GBK3TC2OQVANCNFSM4Y2E44OA .

[TheWitness]

Yea, makes no sense, pushing a workaround.

[TheWitness]

Should be fixed now. Close if so.