Debug mode enabled for F5

Vendor

F5

Description

Indeni will alert if one of the debug mechanisms on a device is enabled when the default is for it to be disabled.

Remediation Steps

Turn off the debug as soon as possible.Follow the applicable remediation steps. mcpd-force-reload: Delete the file /service/mcpd/forceload (https://support.f5.com/csp/article/K13030), tm.rstcause.log: https://support.f5.com/csp/article/K13223, tm.rstcause.pkt: https://support.f5.com/csp/article/K13223

How does this work?

This alert logs into the F5 load balancer and verifies that the debug daemon is not activated by checking where the sym link /etc/alternatives/tmm is pointing to.

Why is this important?

The tmm.debug daemon can be enabled in order to gather additional metrics when the F5 unit crashes. However, this state is not desireable in a normal set-up as the tmm debug daemon performs slower than the default version.

Without Indeni how would you find this?

Login to the device with SSH and run "ls -l /etc/alternatives/tmm" and verify that the sym link is not pointing to "/usr/bin/tmm.debug"

View Source Code
single