Bug 15023 - amandaidx/amindexd runs uncontrollably after an nmap probe
amandaidx/amindexd runs uncontrollably after an nmap probe
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: amanda (Show other bugs)
7.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-08-01 14:05 EDT by Dean Pentcheff
Modified: 2008-05-01 11:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-01 16:02:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dean Pentcheff 2000-08-01 14:05:12 EDT
An nmap probe of a newly-installed Pinstripe system ("nmap -O -v" from a
neighboring machine) caused the launch of amindexd, which proceeded to loop
uncontrollably.  The following messages appeared (repeatedly) in
/var/log/secure:

Aug  1 12:24:43 b210 tcpd[958]: connect from unknown
Aug  1 12:24:43 b210 tcpd[958]: warning: can't get client address: Invalid
argument
Aug  1 12:24:43 b210 tcpd[958]: connect from unknown
Aug  1 12:24:43 b210 tcpd[958]: warning: can't get client address: Invalid
argument
...

The following process was responsible:
tcpd /usr/lib/amanda/amindexd

Checking /etc/xinetd.d/amandaidx showed that it was set initially to
"disable=no".  That may not be the best way to set it "out of the box". 
People using the Amanda system will need to turn on the client and/or
server portions manually -- there's little reason to have that potential
service on by default.  Apparently there may also be a problem with the
default Amanda setup, if a simple nmap probe can trigger off a looping
client.  

The looping service was killed by
1. Change /etc/xinetd.d/amandaidx from "disable=no" to "disable=yes".
2. /etc/rc.d/xinetd restart
3. kill -9 [PID of remaining "tcpd /usr/lib/amanda/amindexd" process]
Comment 1 Chris Evans 2000-08-01 16:02:39 EDT
AFAIK, the amanda services will be disabled by default in the final version, for
security.
I believe the infinite looping behaviour is a bug in the xinetd config files.
There are two amanda config files in /etc/xinetd.d/
Both launch "tcpd" as the server. I think that's totally bogus. xinetd is
already linked with tcp_wrappers!
Comment 2 Bill Nottingham 2000-08-01 16:12:03 EDT
This also got fixed in the -17 build.

Note You need to log in before you can comment on or make changes to this bug.