Has anyone seen this happen? On several Ubuntu server systems (10.04, 14.04, 15.10), I'll be scrolling through the bash history with the up-arrow, and suddenly there will be a ton a code with the word "tideway" used in it very often. I'll check the dot-bash_history file, and sure enough there are large sections of script/code in there which I obviously did not type.
Where did it come from? How do I stop it?
Here's a short sample:
tw_command() { cpuspeed=`egrep '^(cpu MHz|cpu clock|clock)' /proc/cpuinfo | cut -f2 -d: | sed -e 's/.[0-9]*//' -e 's/Mhz//i' -e 's/ //g' | head -n 1`; cputype=`egrep '^cpu[^a-z]*:' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "${cputype}" = "" ]; then cputype=`egrep '^model name' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^arch' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^(cpu model|family|vendor_id|machine|Processor)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; logical=`egrep '^[pP]rocessor' /proc/cpuinfo | sort -u | wc -l`; physical=0; cores=0; threads_per_core=0; if [ "`echo $cputype | cut -c-2`" = "PA" ]; then cpufamily=`egrep '^(cpu family)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "`echo $cpufamily | cut -c-7`" = "PA-RISC" ]; then cputype="${cp(tideway_i=__TIDEWAY; echo ${tideway_i}_CMD_START__; tw_command; echo ${tideway_i}_CMD_END__) tw_command() { cpuspeed=`egrep '^(cpu MHz|cpu clock|clock)' /proc/cpuinfo | cut -f2 -d: | sed -e 's/.[0-9]*//' -e 's/Mhz//i' -e 's/ //g' | head -n 1`; cputype=`egrep '^cpu[^a-z]*:' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "${cputype}" = "" ]; then cputype=`egrep '^model name' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^arch' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^(cpu model|family|vendor_id|machine|Processor)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; logical=`egrep '^[pP]rocessor' /proc/cpuinfo | sort -u | wc -l`; physical=0; cores=0; threads_per_core=0; if [ "`echo $cputype | cut -c-2`" = "PA" ]; then cpufamily=`egrep '^(cpu family)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "`echo $cpufamily | cut -c-7`" = "PA-RISC" ]; then cputype="${cpprintf("hostid: ");
I am not personally familiar with it, but it seems very clear that it's something being executed by BMC ADDM (http://www.bmc.com/it-solutions/atrium-discovery-dependency-mapping.html). -Adam
On 16-01-29 08:46 AM, Kevin McGregor wrote:
Has anyone seen this happen? On several Ubuntu server systems (10.04, 14.04, 15.10), I'll be scrolling through the bash history with the up-arrow, and suddenly there will be a ton a code with the word "tideway" used in it very often. I'll check the dot-bash_history file, and sure enough there are large sections of script/code in there which I obviously did not type.
Where did it come from? How do I stop it?
Here's a short sample:
tw_command() { cpuspeed=`egrep '^(cpu MHz|cpu clock|clock)' /proc/cpuinfo | cut -f2 -d: | sed -e 's/.[0-9]*//' -e 's/Mhz//i' -e 's/ //g' | head -n 1`; cputype=`egrep '^cpu[^a-z]*:' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "${cputype}" = "" ]; then cputype=`egrep '^model name' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^arch' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^(cpu model|family|vendor_id|machine|Processor)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; logical=`egrep '^[pP]rocessor' /proc/cpuinfo | sort -u | wc -l`; physical=0; cores=0; threads_per_core=0; if [ "`echo $cputype | cut -c-2`" = "PA" ]; then cpufamily=`egrep '^(cpu family)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "`echo $cpufamily | cut -c-7`" = "PA-RISC" ]; then cputype="${cp(tideway_i=__TIDEWAY; echo ${tideway_i}_CMD_START__; tw_command; echo ${tideway_i}_CMD_END__) tw_command() { cpuspeed=`egrep '^(cpu MHz|cpu clock|clock)' /proc/cpuinfo | cut -f2 -d: | sed -e 's/.[0-9]*//' -e 's/Mhz//i' -e 's/ //g' | head -n 1`; cputype=`egrep '^cpu[^a-z]*:' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "${cputype}" = "" ]; then cputype=`egrep '^model name' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^arch' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^(cpu model|family|vendor_id|machine|Processor)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; logical=`egrep '^[pP]rocessor' /proc/cpuinfo | sort -u | wc -l`; physical=0; cores=0; threads_per_core=0; if [ "`echo $cputype | cut -c-2`" = "PA" ]; then cpufamily=`egrep '^(cpu family)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "`echo $cpufamily | cut -c-7`" = "PA-RISC" ]; then cputype="${cpprintf("hostid: ");
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Ack! Nasty. I'll look into it. Thanks for the pointer!
On Fri, Jan 29, 2016 at 5:20 PM, Adam Thompson athompso@athompso.net wrote:
I am not personally familiar with it, but it seems very clear that it's something being executed by BMC ADDM ( http://www.bmc.com/it-solutions/atrium-discovery-dependency-mapping.html). -Adam
On 16-01-29 08:46 AM, Kevin McGregor wrote:
Has anyone seen this happen? On several Ubuntu server systems (10.04, 14.04, 15.10), I'll be scrolling through the bash history with the up-arrow, and suddenly there will be a ton a code with the word "tideway" used in it very often. I'll check the dot-bash_history file, and sure enough there are large sections of script/code in there which I obviously did not type.
Where did it come from? How do I stop it?
Here's a short sample:
tw_command() { cpuspeed=`egrep '^(cpu MHz|cpu clock|clock)' /proc/cpuinfo | cut -f2 -d: | sed -e 's/.[0-9]*//' -e 's/Mhz//i' -e 's/ //g' | head -n 1`; cputype=`egrep '^cpu[^a-z]*:' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "${cputype}" = "" ]; then cputype=`egrep '^model name' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^arch' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^(cpu model|family|vendor_id|machine|Processor)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; logical=`egrep '^[pP]rocessor' /proc/cpuinfo | sort -u | wc -l`; physical=0; cores=0; threads_per_core=0; if [ "`echo $cputype | cut -c-2`" = "PA" ]; then cpufamily=`egrep '^(cpu family)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "`echo $cpufamily | cut -c-7`" = "PA-RISC" ]; then cputype="${cp(tideway_i=__TIDEWAY; echo ${tideway_i}_CMD_START__; tw_command; echo ${tideway_i}_CMD_END__) tw_command() { cpuspeed=`egrep '^(cpu MHz|cpu clock|clock)' /proc/cpuinfo | cut -f2 -d: | sed -e 's/.[0-9]*//' -e 's/Mhz//i' -e 's/ //g' | head -n 1`; cputype=`egrep '^cpu[^a-z]*:' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "${cputype}" = "" ]; then cputype=`egrep '^model name' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^arch' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; if [ "${cputype}" = "" ]; then cputype=`egrep '^(cpu model|family|vendor_id|machine|Processor)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; fi; logical=`egrep '^[pP]rocessor' /proc/cpuinfo | sort -u | wc -l`; physical=0; cores=0; threads_per_core=0; if [ "`echo $cputype | cut -c-2`" = "PA" ]; then cpufamily=`egrep '^(cpu family)' /proc/cpuinfo | sort -u | cut -f2 -d: | sed -e 's/^ //' | head -n 1`; if [ "`echo $cpufamily | cut -c-7`" = "PA-RISC" ]; then cputype="${cpprintf("hostid: ");
Roundtable mailing listRoundtable@muug.mb.cahttp://www.muug.mb.ca/mailman/listinfo/roundtable
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
On 2016-01-29 Adam Thompson wrote:
I am not personally familiar with it, but it seems very clear that it's something being executed by BMC ADDM
This isn't supposed to happen in properly-working scripts. Either the shell itself, or your rc files, should recognize it's not a human tty and not log its history. I'm pretty sure your app must be doing some weird stuff to the shell to make it log its history. Probably some poking around in the source could disable that.
On 2016-01-30 05:11 AM, Trevor Cordes wrote:
On 2016-01-29 Adam Thompson wrote:
I am not personally familiar with it, but it seems very clear that it's something being executed by BMC ADDM
This isn't supposed to happen in properly-working scripts. Either the shell itself, or your rc files, should recognize it's not a human tty and not log its history. I'm pretty sure your app must be doing some weird stuff to the shell to make it log its history. Probably some poking around in the source could disable that.
I've seen similar behaviour from the SolarWinds Application Performance Monitoring product: it explicitly allocates a TTY when ssh'ing to a monitored host (every 5 bloody minutes...) just in case any commands would otherwise fail. Hence bash thinks it's a human logging in and records the commands. Blech.
-
Adam Thompson -
Kevin McGregor -
Trevor Cordes