Package: waagent Version: 2.2.18-3 Severity: serious The waagent includes support for installing and updating arbitrary extensions. This mechanism is used for example to reset passwords and ssh keys, but also to install various other, also commercial, components on the system, controlled by the management platform.
One of this components is a diagnostics agent used to extract metrics from the system. This extension is installed without user consent if the user enables serial console output (boot diagnostics) via the Azure Portal. There is no need to explicitely request the metrics part. This extension starts two daemons as root: | root 663 0.1 0.5 125160 18436 ? Sl 09:51 0:00 python /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027/diagnostic.py -daemon | root 2116 0.1 0.5 955884 18896 ? Sl 09:51 0:00 \_ /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027/bin/mdsd -A -C -c /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027/./xmlCfg.xml -p 2 | root 2061 0.0 0.0 19900 2376 ? S 09:51 0:00 /opt/omi/bin/omiserver -d | root 2165 0.0 0.2 301484 7948 ? Sl 09:51 0:00 \_ /opt/omi/bin/omiagent 9 11 --destdir / --providerdir /opt/omi/lib --idletimeout 90 --loglevel WARNING One of the binaries includes a statically linked OpenSSL: | # strings /var/lib/waagent/Microsoft.OSTCExtensions.LinuxDiagnostic-2.3.9027/bin/mdsd | grep "^OpenSSL 1\.0\.2" | OpenSSL 1.0.2l 25 May 2017 The other binaries come dynamically linked against either libssl0.9.8 or libssl1.0.0. The version is checked against the "openssl" tool, so no automatic installation takes place on Stretch and newer. This daemon listens on UNIX sockets available to all users: | srw-rw-rw- 1 root root 0 Jan 19 09:51 /var/run/mdsd/lad_mdsd_bond.socket | srw-rw-rw- 1 root root 0 Jan 19 09:51 /var/run/mdsd/lad_mdsd_djson.socket | srw-rw-rw- 1 root root 0 Jan 19 09:51 /var/run/mdsd/lad_mdsd_json.socket Bastian -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages waagent depends on: ii bind9-host [host] 1:9.11.2+dfsg-5 ii ca-certificates 20170717 ii eject 2.1.5+deb1+cvs20081104-13.2 ii iptables 1.6.1-2+b1 ii net-tools 1.60+git20161116.90da8a0-1 pn openssh-server <none> ii openssl 1.1.0g-2 ii parted 3.2-18 ii python3 3.6.4-1 ii python3-pkg-resources 38.2.4-2 ii sudo 1.8.21p2-3 waagent recommends no packages. waagent suggests no packages.
