/usr/lib/maas/beacon-monitor is in maas-common 2.4.0~beta2-6865-gec43e47e6-0ubuntu1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | #!/bin/sh -euf
# Copyright 2016-2017 Canonical Ltd. This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).
# Utility script to wrap `tcpdump`, so that this script can be called with
# `sudo` without allowing MAAS access to read arbitrary network traffic.
# This script is designed to be as minimal as possible, to prevent arbitrary
# code execution.
if [ $# -ne 1 ]; then
echo "Writes beacon traffic (and beacon traffic on VLANs) to stdout" >&2
echo "using tcpdump's binary PCAP format." >&2
echo "" >&2
echo "Usage:" >&2
echo " $0 <interface>" >&2
exit 32
fi
FILTER="udp dst port 5240"
exec "${SNAP:-}/usr/sbin/tcpdump" --interface "$1" --direction=in \
--no-promiscuous-mode --packet-buffered --immediate-mode \
--snapshot-length=16384 -n -w - \
"($FILTER) or (vlan and $FILTER)"
|