search cancel

Query timed out in command execution: su - <user> -c env

book

Article ID: 241095

calendar_today

Updated On:

Products

Control Compliance Suite Standards Server

Issue/Introduction

I have encountered the same issue when upgrading and scanning RHEL servers to CCS Agent version 12.5.2:

I am getting the same error message when trying to scan RHEL_7 servers (screenshot below)

,

With the build-in standard - CIS Red Hat Enterprise Linux 7.x Benchmark v2.1.1

Cause

The issue is caused by a defect in the product, where a check that should only be checking root account is checking other users.
In this case a user has an interactive login, instead of CCS getting anything back the command is waiting for input and CCS is waiting for output or at least the command to return with no output.
Since neither happens CCS waits until the time out is reached.    

    35B9|2022/05/03|06:41:47|     BvCUUserEnumerator.cpp|  212|Information: - Filter condition passed for Local user ermclnt UID x GID x Shell /opt/erm/bin/update_clientsh HomeDir /var/opt/erm/client -- USERTYPE=Local  AND Shell!=/sbin/nologin AND Shell!=/bin/nologin
    35B9|2022/05/03|06:41:47|     BvCUCommandWrapper.cpp|  309|Information: - ExecuteCommand : CommandPath= : _>#SuDo#<_ file /var/opt/erm/client </dev/null 
    35B9|2022/05/03|06:41:47|     BvCUUserDataSource.cpp|  663|Information: - ermclnt
    35B9|2022/05/03|06:41:47|     BvCUUserDataSource.cpp|  931|Information: -  GetEnvAndUmaskInfo called with ermclnt 12325
    35B9|2022/05/03|06:41:47|     BvCUUserDataSource.cpp|  958|Information: - Logged on user id is 
    35B9|2022/05/03|06:41:47|     BvCUUserDataSource.cpp|  959|Information: - 0
    35B9|2022/05/03|06:41:47|     BvCUCommandWrapper.cpp|  309|Information: - ExecuteCommand : CommandPath= : _>#SuDo#<_ su - ermclnt -c env 

Resolution

This was fixed in SCU 2021-1 and the newer Standard "CIS Benchmark for Red Hat Enterprise Linux 7 v2.2.0"

Make sure you are running on a current supported SCU and using the newest Standard and not a deprecated Standard.

Refer to the following for all the predefined Standards, both current and deprecated.

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/control-compliance-suite/12-5-2/ccs-support-matrix-v123000389-d8e133191/Predefined-technical-standards-in-Control-Compliance-Suite.html