pkg-nagios-plugins-contrib
pkg-nagios-plugins-contrib copied to clipboard
bzed
check-running-kernel: Compensate for CONFIG_VERSION_SIGNATURE suffix
Dear Bernd and Jan,
while working on recent improvements to the check_running_kernel program at #91, we also found another issue. In order to keep things separated, we've split this amendment off the other patch and want to report about our observations here first.
The problem was that the comparison of running kernel's /proc/version against the on-disk version failed on Ubuntu kernels and derivates, because Ubuntu (and maybe others?) adds another suffix to the on-disk string defined by CONFIG_VERSION_SIGNATURE. At runtime, this string is apparently stripped off and presented through /proc/version_signature instead, so /proc/version does not match the original representation. Sigh.
Based on the findings outlined below, we ask for further guidance. The problem might have to be solved differently than with our ad hoc patch.
With kind regards, Andreas.
Introduction
We discovered that on both a bullseye-based PVE/Proxmox machine, and on another vanilla Ubuntu 20.04 machine, both running 5.x Linux kernel versions, there was a suffix added to the on-disk kernel image, which we stripped off using sed in order to satisfy the comparison operation in an ad hoc manner, see patch below.
Observations
We've only been able to spot this on systems running non-vanilla Debian derivates with 5.x Linux kernel versions. On a standard Debian bullseye machine running 5.10.0-12, this is not an issue.
No suffix on vanilla Debian
root@kraftwerk:~$ dd if=/boot/vmlinuz-5.10.0-12-amd64 bs=16913 skip=1 | xzcat | strings | grep "Linux version"
Linux version 5.10.0-12-amd64 ([email protected]) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.103-1 (2022-03-07)
Empty () suffix on PVE kernel
root@zapato:~$ dd if=/boot/vmlinuz-5.13.19-2-pve bs=17100 skip=1 | zstd -d | strings | grep "Linux version"
Linux version 5.13.19-2-pve (build@proxmox) (gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP PVE 5.13.19-4 (Mon, 29 Nov 2021 12:10:09 +0100) ()
Assigned () suffix on Ubuntu kernel
It's (Ubuntu 5.13.0-30.33~20.04.1-generic 5.13.19), to be precise.
root@next ~$ dd if=/boot/vmlinuz-5.13.0-30-generic bs=17100 skip=1 | zstd -d | strings | grep "Linux version"
Linux version 5.13.0-30-generic (buildd@lcy02-amd64-003) (gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #33~20.04.1-Ubuntu SMP Mon Feb 7 14:25:10 UTC 2022 (Ubuntu 5.13.0-30.33~20.04.1-generic 5.13.19)
Research
After researching the topic a bit, we discovered that it is apparently an Ubuntu-specific thing, triggered by the CONFIG_VERSION_SIGNATURE compile time option. Indeed, on those systems, there is a synthetic /proc/version_signature file containing this suffix, which does not seem to be present on systems running vanilla Debian.
root@next ~ # cat /proc/version_signature
Ubuntu 5.13.0-27.29~20.04.1-generic 5.13.19
Solution
This patch made things work for us in a quick manner before knowing any details about the background. It might want to be elaborated a bit further now.
Index: pkg-nagios-plugins-contrib/dsa/checks/dsa-check-running-kernel
===================================================================
--- dsa-check-running-kernel.dist 2022-03-12 21:36:28.000000000 +0100
+++ dsa-check-running-kernel 2022-03-12 21:36:32.000000000 +0100
@@ -226,6 +228,9 @@
exit $WARNING
fi
+# Adjustment for PVE/Proxmox and Ubuntu kernels: Strip off the last fragment.
+on_disk_version=$(echo "$on_disk_version" | sed -E 's/(.*) \(.*\)$/\1/')
+
if [ "$(uname -s)" = "Linux" ]; then
running_version="`cat /proc/version`"
if [ -z "$running_version" ] ; then
References
- https://ubuntu.com/kernel
- https://wiki.ubuntu.com/Kernel/FAQ#Kernel.2FFAQ.2FGeneralVersionRunning.How_can_we_determine_the_version_of_the_running_kernel.3F
- https://stackoverflow.com/questions/70740713/heroku-understanding-what-version-of-linux-kernel-is-used
- https://patchwork.ozlabs.org/project/ubuntu-kernel/patch/[email protected]/
I can confirm this issue:
# /tmp/check_running_kernel
WARNING: Running kernel does not match on-disk kernel image: [Linux version 5.13.0-39-generic (buildd@lcy02-amd64-080) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022 != Linux version 5.13.0-39-generic (buildd@lcy02-amd64-080) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022 (Ubuntu 5.13.0-39.44~20.04.1-generic 5.13.19)]
# cat /proc/version_signature
Ubuntu 5.13.0-39.44~20.04.1-generic 5.13.19
# cat /proc/version
Linux version 5.13.0-39-generic (buildd@lcy02-amd64-080) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022
Applying the patch would fix it:
# /tmp/check_running_kernel
OK: Running kernel matches on disk image: [Linux version 5.13.0-39-generic (buildd@lcy02-amd64-080) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #44~20.04.1-Ubuntu SMP Thu Mar 24 16:43:35 UTC 2022]
