When running data collection (DC) jobs using a UNIX standard, the job runs for a long time and time out. The console displays a message regarding command that have been halted.
Error 1: This query was halted before completion - Query timed out in command execution: find /* -name "*" -nouser -o -nogroup @lt/dev/null
This is not always regarding a "find" command it could also be on a "du" or other file or filesystem commands being runs for a long time.
The timeouts are due to the DC accessing remote filesystem. By doing so the "find" or "du" commands are not excluding the filesystem like nfs or autofs. (correct usage of pruning option)
For RedHat the FindOptions for the following checks have been modified to exclude the remote mounts.
Are there no '.' or group/world-writable directories in root's $PATH?
Do world-writable directories have sticky bit set?
No unauthorized SUID system executables?
No unauthorized SGID system executables?
Do unowned files exist on the system?
No unauthorized world-writable files?
For HP-UX the FindOptions for the following checks have been modified to exclude the remote mounts:
5.7.1 Are system files world-writable?
5.3.1 Do unauthorized world-writable files exist on the system?
5.5.2 Are there any unauthorized SGID executables on the server?’
5.5.1 Are there any unauthorized SUID executables on the server?
5.6.1 Are any orphan files and directories present on the system?
5.4.2 Are Set-GID removed from system executables?
5.4.1 Are the Set-UID removed from system executables?"
7.5.1 Are the system log files protected from unauthorized users?
8.8.1 Are write permissions not allowed to group and others on configuration files inside home directories?
8.6.2 Does the PATH attribute of root not contain group/world writable directory?
Agentless only -> In CCS Manager, following 2 dlls have been modified at this location ‘C:\Program Files (x86)\Symantec\CCS\Reporting and Analytics\DPS\control\Unix’
For Solaris checks modified are:
7.9.5 Are directories in root users PATH, world writeable?
7.9.4 Are directories in root users PATH, group writeable?
5.4.1 Has the sticky bit been set on all world writeable directories?
5.5.1 Do world writeable files exist on the system?"
5.7.1 Does the system have any orphan files and directories?
5.6.2 Does the system contain any SGID System Executables?
5.6.1 Does the system contain any SUID System Executables?
5.8.1 Does the system contain any Files and Directories with Extended Attributes?
The find options will exclude nfs, autofs and proc.
For Security Essentials for AIX 5.x and 6.1, FindOptions for the following checks have been modified to exclude the remote mounts:
The issue can happen in both Agent based and Agentless data collection setup.