CarbonWolf / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

SSHFS Mount Instability - Scan Continues #101

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Start Unix agentless scan.
2. Some <unknown instability> happens with SSH/SSHFS

What is the expected output? What do you see instead?
I expect the scan to stop if the SSHFS mount drops.
I expect the scan to generate some error if the scan is unable to access the 
SSHFS mount point. 
Instead I see the scan run indefinitely, with no errors, and without trying to 
cleanup the hung SSHFS mount.
I expect the 

What version of the product are you using? On what operating system?
0.5.1 Ubuntu 11.04-based VirtualBox VM

Please provide any additional information below.
SSHFS still shows mount point on OpenDLP system, but the scan is still showing 
"running" status.
If I disable the scan, the sshfs process stays active. I have to reboot the 
system, or kill -9 the process to get it to go away.
The scan appears to run indefinitely in this state.

I did some investigation into SSHFS to determine if there were some options I 
could pass to SSH or SSHFS to get them to cleanup nicely. Here is what I found:

1. Add reconnect option to the sshfs command in 
/var/www/OpenDLP/bin/agentless-unix.pl. this should cause SSHFS to reconnect 
automatically if it fails.
2. Add the following lines to /etc/ssh/ssh)config. These options should allow 
the ssh client to cleanup if there is some connectivity issue with the server, 
and prevent the SSHFS mount from hanging.
ServerAliveInterval 15
ServerAliveCountMax 5

I don't know if this will resolve the issue yet. I am still testing. I will 
update if this change helps.

The main goal is to ensure that:
1. The SSHFS mount is stable. If it drops, it should reconnect.
2. The scan system should detect the drop, and automatically pause the scan 
until the SSHFS mount reconnects. Additionally, the scan system should error 
and stop the scan if the SSHFS mount cannot reconnect.

Original issue reported on code.google.com by briana...@gmail.com on 24 Oct 2013 at 4:54

GoogleCodeExporter commented 8 years ago
The changes to the agentless-unix.pl script, and to ssh_config seem to make a 
difference in the stability of the SSHFS mount, and the ability of the scan to 
complete without stalling.

Original comment by briana...@gmail.com on 29 Oct 2013 at 5:20

GoogleCodeExporter commented 8 years ago
For #1 (the reconnect option to the sshfs command), can you send your changes? 
I will implement these changes in the next release.

Original comment by andrew.O...@gmail.com on 20 Nov 2013 at 2:19

GoogleCodeExporter commented 8 years ago
Sorry for the delay. I have been on other projects, and hand not been keeping 
up with my todo list. 

SSH Configuraiton
# diff /etc/ssh/ssh_config /etc/ssh/ssh_config.default
54,57d53
<
< # Set some timeout values to address issue with SSHFS Mounts
< ServerAliveInterval 15
< ServerAliveCountMax 5

Original comment by briana...@gmail.com on 14 Feb 2014 at 7:24

GoogleCodeExporter commented 8 years ago
agentless-unix.pl

# diff /var/www/OpenDLP/bin/agentless-unix.pl ~/defaults/agentless-unix.pl
198c198
<       $command .= "\@" . "$target" . ":/ $local_dir -o 
reconnect,idmap=none,password_stdin,nonempty,UserKnownHostsFile=/dev/null,Strict
HostKeyChecking=no";
---
>       $command .= "\@" . "$target" . ":/ $local_dir -o 
idmap=none,password_stdin,nonempty,UserKnownHostsFile=/dev/null,StrictHostKeyChe
cking=no";

Original comment by briana...@gmail.com on 14 Feb 2014 at 7:27