What you are seeing is now entirely normal and is a result of changes that
were made for the security APAR IY21527.
The platform AIX or Solaris (or Digital or NT) makes no difference.
As soon as you apply this APAR e-fix, or NetView 6.0.3, or NetView
Version 7.1, you will see that all characters which might have special
meaning to a shell in UNIX are now preceded by an escape when used in
command by ovactiond, nvcorrd, actionsvr, or trapd.
Because it is possible for someone to imbed a command inside a varbind,
and thus cause a command to be issued (with root authority) when you echo
that varbind to a file, some characters are now considered illegal and are
escaped (that is, preceded by an escape character) when they appear in a
varbind.
You can either adjust your script accordingly to deal with them or you can
make everything operate as it did before (and leave open the possible
security hole) by setting an environment variable to disable the security
checking. I would advise adjusting the script. For example, wherever you
have $NVATTR_2 , you can replace it with
`echo $NVATTR_2 | sed "s:\\\\\\::g"`
and the sed will remove the escape characters.
The recommended method to disable it all is to create a file called
/usr/OV/bin/netnmrc.pre and in it put the line:
export AdditionalLegalTrapCharacters=disable
Then either reboot or ovstop all the daemons (ovstop nvsecd) and restart
them using /etc/netnmrc (AIX) or /etc/init.d/netnmrc (Solaris).
This is all documented in the e-fix for the APAR. and was carried over
into the 7.1 Release Notes, but was left off of the 6.0.3 Release Notes.
James Shanks
Level 3 Support for Tivoli NetView for UNIX and NT
Tivoli Software / IBM Software Group
"Regina King" <rking@dss.state.la.us>
06/19/2002 01:23 PM
To: <nv-l@lists.tivoli.com>
cc:
Subject: [nv-l] Paging display & nvaction.alog display
I am running Netview 6.0.3 on AIX 4.3.3 on 7025 F80 Rs6000. I have a
ruleset in use that sends out pages when a router/switch go down. For
sometime now I have been getting additional characters in the display on
the pager. For example, a POP site router dssnot.dss.state.la.us went
down. The display on the router that came back was
dssnot\.dss\.state\.la\ us DOWN. Where are the back slashes coming from ?
Is this message that appears in nvaction.alog after the page message,
relating to the page message?
2002/06/18 12:19:43 .//nl_Actionsvr.C[807] : Varbind contained an =3D
illegal character.
Issuing sanitized version of the varbind:
Regina King, IT Support Specialist
LA Dept. of Social Services
rking@dss.state.la.us
225-342-4731
---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com
*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)
|