GET 24/7 LIVE HELP NOW

Announcement

Announcement Module
Collapse
No announcement yet.

Be careful with pt-agent

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Be careful with pt-agent

    When you run "pt-agent --install", the configuration file it creates, /etc/percona/agent/my.cnf, will contain the username and password of a user with SUPER privileges. While this is necessary for the agent to function, the file and path to it are WORLD READABLE. This is NOT necessary. This means any user on the system will be able to access your database with this user account.

    You should immediately change the permissions on the file to something more restrictive, like 0600. You can also set the permissions on the path to it (/etc/percona/agent) to something more secure, like 0700. If you installed the agent as a non-root user, the path may or may not be different.

    I filed a bug #1306326 for this on 11 April but Percona has not responded.
    --Jeff

  • #2
    Hi Jeff, have you heard anything yet? I'll check into this for you and will ask someone from the Percona Cloud Tools team to post a followup here.
    Is this an emergency? Get immediate assistance from Percona Support 24/7. Click here.

    Comment


    • #3
      Jeff, the info I got is that a new agent will be rolled out that will work a bit differently and should eliminate this issue. I don't have info on timing yet but I will let you know when I hear something.
      Is this an emergency? Get immediate assistance from Percona Support 24/7. Click here.

      Comment


      • #4
        Hi, the new percona-agent can be downloaded from here: http://www.percona.com/downloads/percona-agent/LATEST/
        Extract the tarball and run the install script; it should replace the old pt-agent.
        Is this an emergency? Get immediate assistance from Percona Support 24/7. Click here.

        Comment

        Working...
        X