Hi shaochieh.chiang,
Thanks for getting back to me.
I still need more information, how many services, processes and so on are you
monitoring?
Can you share your monitrc configuration?
Your log also contain errors from nginx ... have you tried to solve
them?
I'm still not convinced that your
Hi Eduardo,
so we should roll back to 1:5.16-2 then? yes once rolled back that error
is gone.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart
Hi shaochieh.chiang,
Could you try to downgrade the package version as below:
sudo apt-get install monit=1:5.16-2
And see if you can reproduce the error?
I've also found this on monit bug tracker:
https://bitbucket.org/tildeslash/monit/issues/327
It might be related to what you're facing.
--
from our /var/log/monit.log:
[UTC Oct 8 03:45:56] error: 'nginx' failed protocol test [HTTP] at
[localhost]:80/api/wmsnode/services/health/ [TCP/IP] -- HTTP: Error receiving
data -- Resource temporarily unavailable
[UTC Oct 8 03:45:56] error: Mail: No mail servers are defined -- see
m
Us that thrown by your code? Under what circumstances will that be thrown?
I'll sift through the logs and find out. Do you have a way to turn on
verbose logs?
Thanks,
Don
Eduardo dos Santos Barretto <1786...@bugs.launchpad.net> 於 2018年10月8日 週一
下午9:55 寫道:
> Hi shaochieh.chiang,
>
> I appreciate
Hi shaochieh.chiang,
I appreciate you taking the time to report it and helping make Ubuntu
better.
My tests didn't give the "cannot parse response", and from the feedback
received above, it appears that no one faced this so far.
So could you give more information?
Which are the steps to reprodu
$ dpkg -l |grep monit
ii monit 1:5.16-2ubuntu0.2
amd64utility for monitoring and managing daemons or similar programs
all those start, stop, monitor, unmonitor, restart actions against certain
component is working fine just "monit r
Thanks for testing the package and giving feedback!
I really appreciate it.
So based on your feedback and on my tests, we just released monit
1:5.16-2ubuntu0.2 to the repository.
It should be available for upgrade in a few minutes depending on the mirrors.
If you encounter any problems, please
I've tried 1:5.16-2ubuntu0.2 and it looks to fix the reported issue -
i.e., commands such as "monit status", "monit restart all", "monit
restart all" work as intended, rather than producing the "Invalid
action" error message
--
You received this bug notification because you are a member of Ubunt
did some quick testing (also on a single host) and the "Invalid action"
error is not appearing with the 1:5.16-2ubuntu0.2 version.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest
I've tested (on a single host) and early indications are that the issue
is resolved. If I notice any bad stuff I will report back.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest
Thanks to Carlos Peñas for proposing the fix.
Can anyone test the new version?
You can download it from here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
This new version if approved will be released on Monday, as we don't
want to release today and not having any
Interestingly, monit 5.18 and up no longer works with the ansible monit module:
https://github.com/ansible/ansible/issues/29322
** Bug watch added: github.com/ansible/ansible/issues #29322
https://github.com/ansible/ansible/issues/29322
--
You received this bug notification because you are a
In our experience, Trusty appears to be fine - it is just Xenial that is
affected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To man
Question: is it better to cherry-pick monit's CVE patch or patch the
existing patch with
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/comments/28?
They seem to take very different approaches.
Also, it looks like monit's official patch will not work against 5.16,
it wasn't incorpor
Has anyone seen the same problem in Trusty (Ubuntu 14.04)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about
** Changed in: monit (Ubuntu)
Assignee: (unassigned) => Eduardo dos Santos Barretto (ebarretto)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 're
Thanks for reporting this bug and helping make Ubuntu better.
I'm sorry this affected you all.
I would like you to ask the reporter and all the involved people in the
thread to always include the last person listed as Maintainer for the
package (you can check this in the debian/changelog) in the
Is see that monit is up to 5.25.3
Updating to upstream would make more sense than doing a poorly written
and untested backport to an ancient version.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786
This makes zero sense.
I see this in the changelog:
monit (1:5.16-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: CSRF vulnerability
- debian/patches/CVE-2016-7067.patch: The following http services
are no longer implemented for GET method and require CSRF
prote
This is an inexcusable regression. Is there a way to submit NMUs?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications
Confirmed it broke monit the same way on all our live 16.04 servers.
Also em unable to re-monitor service that once went un-monitored due to failure
attempts.
Gives the dreaded:
`Invalid action "action=monitor"`
message.
Haven't yet tested how that affects general reportability and recovereability
This is also affecting my company. We use monit on all boxes for process
management and have had to pin on a downrev version.
Do we know if the package maintainer knows that this is an issue? Can we
get some confirmation of that?
--
You received this bug notification because you are a member of
I'm also affected for all the same reasons mentioned above. Would be
good if Canonical could resolve this ASAP.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks comma
I am facing the same issue as well. Not with "all" command but with any
service. e.g.
monit restart webserver
does not work now, it was working before.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1
Found bug link on monit tracker:
https://bitbucket.org/tildeslash/monit/issues/766/running-monit-restart-
all-on-command-line
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patc
Trying to make a decision if we make a change to our Chef scripts to
make this workaround permanent as there isn't much activity on this bug.
We are holding off automated deployments as we were hoping for a fix.
Any idea on when this patch by theist will make it in?
--
You received this bug noti
It looks like theist provided a good patch. What is the next step
necessary to get that patch integrated and release a new version? And
about how long would that take? I'm debating whether I need to put in a
better workaround on my servers, or if I can hold off until a fix is
released. I'd even be
@theist Thanks, that helps.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug go to:
https://bugs.la
@jjtrash According to the changelog [1] and the Debian CVE database [2],
it seems that monit CLI issues its commands to monit thru an HTTP server
that can be accessible from outside. The security patch tries to
leverage it by adding a CSRF token to the HTTP call. Without it may be
possible to send
I have successfully pinned all my relevant systems to the working version of
monit. Now I have a dilemma:
- Do I want to have a secure system, or
- Do I want to be able to use monit (thereby allowing me to deploy code, etc)
I don't know how exposed I am now. If I'm not exposed much, then it's
not
The attachment "deduplicate 'action=' in CLI http request" seems to be a
patch. If it isn't, please remove the "patch" flag from the attachment,
remove the "patch" tag, and if you are a member of the ~ubuntu-
reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad
This is the same patch I mentioned in comment #28
This works for me in a test environment, this is not extensively tested,
however.
** Patch added: "deduplicate 'action=' in CLI http request"
https://bugs.launchpad.net/ubuntu/+source/monit/+bug/1786910/+attachment/5181265/+files/invalid_actio
ansible plays to downgrade and place on hold:
tasks:
- name: downgrade monit
apt: name=monit=1:5.16-2 force=yes state=present
- dpkg_selections:
name: monit
selection: hold
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is sub
I think all the problem is in the latest CVE-2016-7067.patch which
features this change like this:
- "%s",
+ "securitytoken=%s&action=%s",
+ token,
the %s comes from a var which already has an "action=" in it
I tried locall
How could this BS pass QA? All monit commands are broken, so even the
most simple test should have failed!
This patch breaks a lot of servers and the only current workaround is to
downgrade to a vulnerable version and either pin that version or disable
unattended security upgrades. But "Importance
This bug is tormenting, my servers do not stop sending emails to me, to warn me
of this bug.
I have crontab that warns me every 3 minutes about this errors like:
Invalid action "action=start"
Invalid action "action=monitor"
I tryed downgrad withi:
sudo apt-get install monit=1:5.16-2 -y --allow-
There is unattended-upgrade running background and every its in
`/etc/apt/apt.conf.d/50unattended-upgrades`
It does upgrade if
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
is available
you can comment
${dist
Also encountered this issue, pschiffe solution seems to work temporarily
for us.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manag
To add to my last comment, you can download the monit sourcecode here:
https://mmonit.com/monit/dist/monit-5.25.2.tar.gz
You can specify the non-default destination for the monitrc config file with
this:
./configure --sysconfdir /etc/monit
./make
Then you can make this into a .deb file with:
che
Another option if you want to run the latest version: The pre-compiled
generic monit package from the monit project works OK without this
problem, but Ubuntu stores the config files in a non-default location so
you have to specify the path to /etc/monit/monitrc with each command.
--
You received
@pschiffe Excellent suggestion thanks. I'll do that.
I will say, though, that now I have potential human error in the process
of remembering to un-hold it when a fix for this package comes out. I
can live with it, though.
--
You received this bug notification because you are a member of Ubuntu
B
Jimmy: after you downgrade the monit package, you can pin it to the
current version with command: `apt-mark hold monit`
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch brea
I'm seeing this issue as well. I believe the severity to be medium to
high for the following reason:
- I have automatic security updates turned on, and I want to keep it that way
- I don't know of a way to pin the version of monit
- every morning my system upgrades monit to the bad version and I h
Same problem here, Downgrading works fine.
Thanks @Jason Brodie
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications
Same problem here, @kschutt's workaround works here too. Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications a
Same problem here, above workaround works for us too. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications abo
As stated above you can roll back a version and it seems to be happy
again.
sudo apt-get install monit=1:5.16-2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks comm
For those of you using Chef with Ubuntu, the following worked for us as
part of our deploy recipes:
package 'Install Monit 1:5.16-2' do
package_name 'monit'
version '1:5.16-2'
options '--allow-downgrades'
end
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
We have the same problem. It's affecting several of our projects and
causing issues with our deployment process.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks comm
Same issue
```
01 Invalid action "action=stop"
01 Invalid action "action=stop"
```
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart
we have the same problem here!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug go to:
https://bugs
Is there any update to this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug go to:
https://bugs.l
** Description changed:
Running 'monit restart all' on command line was working yesterday
13.8.2018 but after latest security patch was installed it gives an
error 'Invalid action “action=restart”'
Ubuntu 16.04.4 LTS
monit:
- Installed: 1:5.16-2ubuntu0.1
+ Installed: 1:5.16-2ubuntu0
Other actions are also affected:
$ monit restart tomcat
Invalid action "action=restart"
$ monit stop tomcat
Invalid action "action=stop"
$ monit start tomcat
Invalid action "action=start"
$ monit monitor tomcat
Invalid action "action=monitor"
$ monit unmonitor tomcat
Invalid action "action=unm
Same here, this program broke a few things for me
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug
Same here, several automated servers affected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug go
@henryoswald for the time being, you need to revert the monit package to
1:5.16-2, try manually in a server with
sudo apt-get install monit=1:5.16-2
If your servers are automatically provisioned with some third party tool
(chef, puppet, bash scripts, etc) then you would need to update them
ac
To confirm we are seeing this on all our servers which is causing quite
a lot of problems for us. Details on how to roll this back would be
welcome.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/178691
We are facing the same issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notifications about this bug go to:
https://bugs.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: monit (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Late
We're seeing the same issue. This breaks a lot on running machines.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786910
Title:
Latest patch breaks command line 'restart all'
To manage notificatio
The root cause is the `action` parameter for the HTTP POST request to
`localhost:2812/_doaction` being `action=restart`, whereas it should be
just `restart`. So in the request payload you find something like
`...&action=action=restart...`. This is obviously wrong and should be
fixed asap.
--
You
63 matches
Mail list logo
