The customer reported that all data collection jobs against certain UNIX servers (in this case HPUX) were failing when trying to execute the ps command using the -eo switch. The customer also stated that the -o switch did not exist on the target UNIX servers and were able to demonstrate it by running the command on a UNIX terminal as evidence.
The Data Collection job results contained an error similar to this example:
unix-machine.corp.local: Error executing datasource handler for Agentless target Command 'sudo -S ps -eo "state user ruser group rgroup uid ruid gid rgid pid ppid pgid sid pri pcpu vsz sz nice cls time etime flags tty addr comm wchan" </dev/null =7C sudo -S sed 1d' failed with error: ps: illegal option -- o=0D=0A usage: ps [-edaxzflP] [-u ulist] [-g glist] [-p plist] [-t tlist] [-R prmgroup] [-Z psetidlist]=0D=0A
The ps –o option on the target HPUX server (with sudo) requires environment variable UNIX95 to be set prior to executing the command. The following statement gives the UNIX command call that is used to set the parameter from the CCS UNIX Agentless debug logs:
:SetEnvironmentVariable : Path= : UNIX95=1; export UNIX95; PATH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/contrib/bin:/usr/lbin:/usr/ccs/bin:$PATH; export PATH
As the ps command is being used with sudo in this case, it was determined that the sudo package 1.6.9 or higher supports one option “–E” which preserves the environment variables while executing the command. The customer's target HPUX servers contained sudo package version 1.6.7 which does not support the –E option and that is why
when running ps –eo command with sudo, the UNIX95 environment variable is unset, and the data collection then fails.
The solution for this issue is to install sudo package 1.6.9 or higher in order to obtain the "-E" switch. Further, the sudo version required for CCS UNIX Agentless is 1.6.9 or higher.
Symantec CCS versions 22.214.171.124.1031 Product Update (PU) 2013-1, Security Content Update (SCU) 2013-2 (and higher)
- UNIX Agentless (sudo)
Hewlett Packard HPUX versions 11.11 & 11.31