08-28-2008 12:27 PM - edited 03-06-2019 01:03 AM
Does anyone know what these files/directories do and why they they should be on a 3750 switch??
Directory of tmpsys:/
6 drw- 0 <no date> eem_lib_syst
5 drw- 0 <no date> eem_lib_user
4 drw- 0 <no date> eem_policy
14 -rw- 0 <no date> eem_rpc_0
15 -rw- 0 <no date> eem_rpc_1
24 -rw- 0 <no date> eem_rpc_10
25 -rw- 0 <no date> eem_rpc_11
26 -rw- 0 <no date> eem_rpc_12
27 -rw- 0 <no date> eem_rpc_13
28 -rw- 0 <no date> eem_rpc_14
29 -rw- 0 <no date> eem_rpc_15
16 -rw- 0 <no date> eem_rpc_2
17 -rw- 0 <no date> eem_rpc_3
18 -rw- 0 <no date> eem_rpc_4
19 -rw- 0 <no date> eem_rpc_5
20 -rw- 0 <no date> eem_rpc_6
21 -rw- 0 <no date> eem_rpc_7
22 -rw- 0 <no date> eem_rpc_8
23 -rw- 0 <no date> eem_rpc_9
7 drw- 0 <no date> eem_temp
1 dr-x 0 <no date> lib
ALSO SEE:
sand1#cd tmpsys:/lib
sand1#dir
Directory of tmpsys:/lib/
2 drw- 0 <no date> tcl
09-03-2008 01:52 PM
Here is the URL for the dir command description .
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_store_pki_cred.html#wp1051283
09-03-2008 03:58 PM
It looks as if the tmpsys directory is really a storage space for Cisco's new Software License Activation.
http://www.cisco.com/en/US/products/ps9677/products_ios_technology_home.html
The questions I have are related to the tcl and how the whole thing works. TCL is kind of a risky language to have around on network devices.
I originally saw some logs that said that a device was getting written to via snmp. Furthermore the source of the writes was the network management server IP address.
The network management server didn't show any configuration changes though. The only thing I found was these files. The only way to write to my devices, using snmp, is to come from the ip address of the network management server. Did Call Home do some analysis and probing around to find this out or did a hacker gain access to my 3750's? I couldn't tell from the info that I have been able to locate about Software License Activation.
09-05-2008 10:07 AM
This is an embedded event manager specific file system that is used to store scripts and libraries. More info on EEM is here:
http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html
Note that there is no documentation on this file system because traversing the filesystem or viewing files in the filesystem is not required to use EEM.
09-05-2008 10:31 AM
Bruce, tmpsys: is used by EEM as an alternative to system: for performance reasons. Some accesses to system: directories/files cause the running config to be generated if it has been modified and not saved. This happens because the size of the running-config file must be accurate and available for fstat directory accounting. EEM's use of tmpsys: insures consistent performance when EEM policies are triggered. Thanks, Clyde
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: