Environment
NetIQ Access Manager 4.3
NetIQ Access Manager Admin Console
NetIQ Access Manager Appliance
NetIQ Access Manager Admin Console
NetIQ Access Manager Appliance
Situation
Running a nessus scan on NAM 4.3.1 reports the following critical risk:
"Plugin 44657 - Linux Daemons with Broken Links to Executable"
where the report of the event shows
This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not been restarted. And if the changes are security-related, the system may remain vulnerable to attack until the daemon is restarted.
Alternatively, it could result from an attacker removing files in an effort to hide malicious activity.
The following daemon is associated with a broken link to an
executable :
- 161 udp: (/usr/sbin/snmpd)
"Plugin 44657 - Linux Daemons with Broken Links to Executable"
where the report of the event shows
Synopsis
A daemon on the remote Linux host may need to be restarted.Description
By examining the '/proc' filesystem on the remote Linux host, Nessus has identified at least one currently-running daemon for which the link to the corresponding executable is broken.This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not been restarted. And if the changes are security-related, the system may remain vulnerable to attack until the daemon is restarted.
Alternatively, it could result from an attacker removing files in an effort to hide malicious activity.
Solution
Inspect each reported daemon to determine why the link to the executable is broken.Risk Factor
CriticalCVSS Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)Plugin Information:
Publication date: 2010/02/17, Modification date: 2015/10/21Ports
tcp/0
The following daemon is associated with a broken link to an
executable :
- 161 udp: (/usr/sbin/snmpd)
Resolution
Although snmp can be started using rcnovell script, it can not be manage from /usr/sbin/snmpd (cannot be started/stopped from here). Though Nessus treated it as critical, it does not apply to NAM and can be ignored.