[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: monitoring FIFOs permissions
|
From: |
Martin Pala |
|
Subject: |
Re: monitoring FIFOs permissions |
|
Date: |
Mon, 26 Dec 2005 00:16:26 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051007 Debian/1.7.12-1 |
Olivier Kaloudoff wrote:
Hello,
I am using the wonderful monit since more than one
year now, and there is only one feature missing to me;
When I try to put a FIFO to be monitored like this;
check file SER_FIFO_PROD path /vservers/sip.domain.com/run/ser_fifo
if failed perm 777
then exec "/etc/kalou_net/prod/sip.domain.com/ser_fifo_perms.sh"
Monit won't accept it, and shout;
address@hidden ~]# monit
/etc/monitrc:16: Error: The path in a check file test must point to a
file '/vservers/sip.domain.com/run/ser_fifo'
/etc/monitrc:18: Error: the executable does not exist
'/etc/kalou_net/prod/sip.domain.com/ser_fifo_perms.sh'
Is there any way to have fifo monitoring ? Does it cause any
special trouble or could it be simply treated as a file ?
Olivier
--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general
First of all, thanks for your support, we very appreciate it :)
Regarding the problem - FIFOs are special devices which cannot be
handled by standard 'file' service check (which controls the type of
monitored object). There is no checksum, size nor match test for fifo.
In the attachment is the patch which implements new service check for
fifos. It allows to use just relevent basic tests which are currently
implemented: uid, gid, permission and timestamp.
Example syntax:
check fifo qmgr-fifo with path /var/spool/postfix/public/qmgr
if failed permission 622 then alert
if failed uid postfix then alert
if failed gid postdrop then alert
If developers will agree, i can add it to the cvs.
Cheers,
Martin
diff -Naur monit/CHANGES.txt monit-mp/CHANGES.txt
--- monit/CHANGES.txt 2005-12-25 22:35:02.000000000 +0100
+++ monit-mp/CHANGES.txt 2005-12-25 23:25:12.000000000 +0100
@@ -22,6 +22,12 @@
if cpu usage (system) > 30% then alert
if cpu usage (wait) > 20% then alert
+* Added fifo (named pipe) resource check. Example:
+ check fifo qmgr-fifo with path /var/spool/postfix/public/qmgr
+ if failed permission 622 then alert
+ if failed uid postfix then alert
+ if failed gid postdrop then alert
+
* Added support for Oracle SQLNet protocol test. Monit can now ping
Oracle server. Thanks to Artyom Khafizov < afk at inbox!ru >.
Example usage:
diff -Naur monit/file.c monit-mp/file.c
--- monit/file.c 2005-12-04 09:45:31.000000000 +0100
+++ monit-mp/file.c 2005-12-25 23:14:02.000000000 +0100
@@ -242,6 +242,22 @@
/**
+ * Check if this is a fifo
+ * @param fifo A path to the fifo to check
+ * @return TRUE if fifo exist, otherwise FALSE
+ */
+int File_isFifo(char *fifo) {
+
+ struct stat buf;
+
+ ASSERT(fifo);
+
+ return (stat(fifo, &buf) == 0 && S_ISFIFO(buf.st_mode));
+
+}
+
+
+/**
* Check if the file exist on the system
* @file A path to the file to check
* @return TRUE if file exist otherwise FALSE
diff -Naur monit/file.h monit-mp/file.h
--- monit/file.h 2005-12-04 09:45:31.000000000 +0100
+++ monit-mp/file.h 2005-12-25 23:14:09.000000000 +0100
@@ -94,6 +94,14 @@
/**
+ * Check if this is a fifo
+ * @param fifo A path to the fifo to check
+ * @return TRUE if fifo exist, otherwise FALSE
+ */
+int File_isFifo(char *fifo);
+
+
+/**
* Check if the file exist on the system
* @file A path to the file to check
* @return TRUE if file exist otherwise FALSE
diff -Naur monit/http/cervlet.c monit-mp/http/cervlet.c
--- monit/http/cervlet.c 2005-11-28 23:08:53.000000000 +0100
+++ monit-mp/http/cervlet.c 2005-12-25 23:55:46.000000000 +0100
@@ -92,6 +92,7 @@
static void do_home_device(HttpRequest, HttpResponse);
static void do_home_directory(HttpRequest, HttpResponse);
static void do_home_file(HttpRequest, HttpResponse);
+static void do_home_fifo(HttpRequest, HttpResponse);
static void do_home_process(HttpRequest, HttpResponse);
static void do_home_host(HttpRequest, HttpResponse);
static void do_about(HttpRequest, HttpResponse);
@@ -273,6 +274,7 @@
do_home_process(req, res);
do_home_device(req, res);
do_home_file(req, res);
+ do_home_fifo(req, res);
do_home_directory(req, res);
do_home_host(req, res);
@@ -1145,6 +1147,75 @@
}
+static void do_home_fifo(HttpRequest req, HttpResponse res) {
+
+ Service_T s;
+ char *status;
+ int on= TRUE;
+ int header= TRUE;
+
+ for(s= servicelist_conf; s; s= s->next_conf) {
+
+ if(s->type != TYPE_FIFO) continue;
+
+ if(header) {
+
+ out_print(res,
+ "<br><p> </p>"
+ "<table cellspacing=0 cellpadding=3 border=0 width=\"90%%\">"
+ "<tr>"
+ "<td width=\"20%%\"><h3><b>Fifo</b></h3></td>"
+ "<td align=\"left\"><h3><b>Status</b></h3></td>"
+ "<td align=\"right\"><h3><b>Permission</b></h3></td>"
+ "<td align=\"right\"><h3><b>UID</b></h3></td>"
+ "<td align=\"right\"><h3><b>GID</b></h3></td>"
+ "</tr>");
+
+ header= FALSE;
+
+ }
+
+ status= get_service_status_html(s);
+ out_print(res,
+ "<tr %s>"
+ "<td width=\"20%%\"><a href='/%s'>%s</a></td>"
+ "<td align=\"left\">%s</td>",
+ on?"bgcolor=\"#EFEFEF\"":"",
+ s->name, s->name,
+ status);
+ FREE(status);
+
+ if(!Util_hasServiceStatus(s)) {
+
+ out_print(res,
+ "<td align=\"right\">-</td>"
+ "<td align=\"right\">-</td>"
+ "<td align=\"right\">-</td>");
+
+ } else {
+
+ out_print(res,
+ "<td align=\"right\">%o</td>"
+ "<td align=\"right\">%d</td>"
+ "<td align=\"right\">%d</td>",
+ s->inf->st_mode & 07777,
+ s->inf->st_uid,
+ s->inf->st_gid);
+
+ }
+
+ out_print(res, "</tr>");
+
+ on= on?FALSE:TRUE;
+
+ }
+
+ if(!header)
+ out_print(res, "</table>");
+
+}
+
+
static void do_home_directory(HttpRequest req, HttpResponse res) {
Service_T s;
@@ -1996,6 +2067,7 @@
static void print_service_params_perm(HttpResponse res, Service_T s) {
if(s->type == TYPE_FILE ||
+ s->type == TYPE_FIFO ||
s->type == TYPE_DIRECTORY ||
s->type == TYPE_DEVICE) {
@@ -2018,6 +2090,7 @@
static void print_service_params_uid(HttpResponse res, Service_T s) {
if(s->type == TYPE_FILE ||
+ s->type == TYPE_FIFO ||
s->type == TYPE_DIRECTORY ||
s->type == TYPE_DEVICE) {
@@ -2040,6 +2113,7 @@
static void print_service_params_gid(HttpResponse res, Service_T s) {
if(s->type == TYPE_FILE ||
+ s->type == TYPE_FIFO ||
s->type == TYPE_DIRECTORY ||
s->type == TYPE_DEVICE) {
@@ -2061,7 +2135,9 @@
static void print_service_params_timestamp(HttpResponse res, Service_T s) {
- if(s->type == TYPE_FILE || s->type == TYPE_DIRECTORY) {
+ if(s->type == TYPE_FILE ||
+ s->type == TYPE_FIFO ||
+ s->type == TYPE_DIRECTORY) {
if(!Util_hasServiceStatus(s)) {
@@ -2377,7 +2453,9 @@
"monitoring status", monitornames[s->monitor]);
if(Util_hasServiceStatus(s)) {
- if(s->type == TYPE_FILE || s->type == TYPE_DIRECTORY ||
+ if(s->type == TYPE_FILE ||
+ s->type == TYPE_FIFO ||
+ s->type == TYPE_DIRECTORY ||
s->type == TYPE_DEVICE) {
out_print(res,
" %-33s %o\n"
@@ -2387,7 +2465,9 @@
"uid", (int)s->inf->st_uid,
"gid", (int)s->inf->st_gid);
}
- if(s->type == TYPE_FILE || s->type == TYPE_DIRECTORY) {
+ if(s->type == TYPE_FILE ||
+ s->type == TYPE_FIFO ||
+ s->type == TYPE_DIRECTORY) {
ctime_r(&s->inf->timestamp, time);
out_print(res,
" %-33s %s",
diff -Naur monit/l.l monit-mp/l.l
--- monit/l.l 2005-12-22 11:30:22.000000000 +0100
+++ monit-mp/l.l 2005-12-25 23:07:26.000000000 +0100
@@ -324,6 +324,11 @@
return CHECKSYSTEM;
}
+check[ \t]+fifo {
+ BEGIN(SERVICE_COND);
+ return CHECKFIFO;
+ }
+
group[ \t]+ {
BEGIN(STRING_COND);
return GROUP;
diff -Naur monit/monitor.h monit-mp/monitor.h
--- monit/monitor.h 2005-12-15 12:09:55.000000000 +0100
+++ monit-mp/monitor.h 2005-12-25 23:13:41.000000000 +0100
@@ -130,6 +130,7 @@
#define TYPE_PROCESS 3
#define TYPE_HOST 4
#define TYPE_SYSTEM 5
+#define TYPE_FIFO 6
#define RESOURCE_ID_CPU_PERCENT 1
#define RESOURCE_ID_MEM_PERCENT 2
@@ -825,6 +826,7 @@
int check_directory(Service_T);
int check_remote_host(Service_T);
int check_system(Service_T);
+int check_fifo(Service_T);
int check_URL(Service_T s);
int sha_md5_stream (FILE *, void *, void *);
void reset_procinfo(Service_T);
diff -Naur monit/monit.pod monit-mp/monit.pod
--- monit/monit.pod 2005-12-21 17:34:43.000000000 +0100
+++ monit-mp/monit.pod 2005-12-26 00:05:20.000000000 +0100
@@ -1212,9 +1212,8 @@
=head2 TIMESTAMP TESTING
-The timestamp statement may only be used in a file or directory
-service entry. If specified in the control file, monit will
-compute a timestamp for a file or directory.
+The timestamp statement may only be used in a file, fifo or directory
+service entry.
The timestamp test in constant form is used to verify various
timestamp conditions. Syntax (keywords are in capital):
@@ -1554,9 +1553,9 @@
=head2 PERMISSION TESTING
-Monit can monitor the permissions for files, directories and
-devices. This test may only be used within a file, directory or
-device service entry in the monit control file.
+Monit can monitor the permissions. This test may only be used
+within a file, fifo, directory or device service entry in the
+monit control file.
The syntax for the permission statement is:
@@ -1596,9 +1595,9 @@
=head2 UID TESTING
-monit can monitor the owner user id (uid) for files, directories
-and devices. This test may only be used within a file, directory
-or device service entry in the monit control file.
+monit can monitor the owner user id (uid). This test may only be
+used within a file, fifo, directory or device service entry in
+the monit control file.
The syntax for the uid statement is:
@@ -1635,9 +1634,9 @@
=head2 GID TESTING
-monit can monitor the owner group id (gid) for files, directories
-and devices. This test may only be used within a file, directory
-or device service entry in the monit control file.
+monit can monitor the owner group id (gid). This test may only
+be used within a file, fifo, directory or device service entry
+in the monit control file.
The syntax for the gid statement is:
@@ -2685,7 +2684,16 @@
entry. If monit runs in passive mode or the start methods is not
defined, monit will just send alerts on errors.
-=item 3. CHECK DEVICE <unique name> PATH <path>
+=item 3. CHECK FIFO <unique name> PATH <path>
+
+<path> is the absolute path to the fifo. If the fifo does not
+exist or disappeared, monit will call the entry's start method if
+defined, if <path> does not point to a fifo type (for
+instance a directory), monit will disable monitoring of this
+entry. If monit runs in passive mode or the start methods is not
+defined, monit will just send alerts on errors.
+
+=item 4. CHECK DEVICE <unique name> PATH <path>
<path> is the path to the device block special file, mount point,
file or a directory which is part of a filesystem. It is
@@ -2701,7 +2709,7 @@
passive mode or the start methods is not defined, monit will just
send alerts on errors.
-=item 4. CHECK DIRECTORY <unique name> PATH <path>
+=item 5. CHECK DIRECTORY <unique name> PATH <path>
<path> is the absolute path to the directory. If the directory
does not exist or disappeared, monit will call the entry's start
@@ -2710,13 +2718,13 @@
mode or the start methods is not defined, monit will just send
alerts on errors.
-=item 5. CHECK HOST <unique name> ADDRESS <host address>
+=item 6. CHECK HOST <unique name> ADDRESS <host address>
The host address can be specified as a hostname string or as an
ip-address string on a dotted decimal format. Such as,
tildeslash.com or "64.87.72.95".
-=item 6. CHECK SYSTEM <unique name>
+=item 7. CHECK SYSTEM <unique name>
The system name is usualy hostname, but any descriptive name can be
used. This test allows to check general system resources such as
diff -Naur monit/process.c monit-mp/process.c
--- monit/process.c 2005-12-25 22:22:12.000000000 +0100
+++ monit-mp/process.c 2005-12-25 23:55:38.000000000 +0100
@@ -79,10 +79,11 @@
char monitornames[][STRLEN]= {"not monitored", "monitored", "initializing"};
char statusnames[][STRLEN]= {"accessible", "accessible", "accessible",
"running", "online with all services",
- "running"};
+ "running", "accessible"};
char servicetypes[][STRLEN]= {"Device", "Directory", "File", "Process",
- "Remote Host", "System"};
-char pathnames[][STRLEN]= {"Path", "Path", "Path", "Pid file", "Path", ""};
+ "Remote Host", "System", "Fifo"};
+char pathnames[][STRLEN]= {"Path", "Path", "Path", "Pid file", "Path", "",
+ "Path"};
char icmpnames[][STRLEN]= {"Echo Reply", "", "", "Destination Unreachable",
"Source Quench", "Redirect", "", "",
"Echo Request", "", "", "Time Exceeded",
diff -Naur monit/p.y monit-mp/p.y
--- monit/p.y 2005-12-22 11:30:22.000000000 +0100
+++ monit-mp/p.y 2005-12-25 23:14:33.000000000 +0100
@@ -260,7 +260,7 @@
%token <number> REPLYLIMIT REQUESTLIMIT STARTLIMIT WAITLIMIT GRACEFULLIMIT
%token <number> CLEANUPLIMIT
%token <real> REAL
-%token CHECKPROC CHECKDEV CHECKFILE CHECKDIR CHECKHOST CHECKSYSTEM
+%token CHECKPROC CHECKDEV CHECKFILE CHECKDIR CHECKHOST CHECKSYSTEM CHECKFIFO
%token CPUUSAGE MEMUSAGE MEMKBYTE CHILDREN SYSTEM
%token RESOURCE MEMORY TOTALMEMORY LOADAVG1 LOADAVG5 LOADAVG15
%token MODE ACTIVE PASSIVE MANUAL CPU CPUUSER CPUSYSTEM CPUWAIT
@@ -303,6 +303,7 @@
| checkdir optdirlist
| checkhost opthostlist
| checksystem optsystemlist
+ | checkfifo optfifolist
;
optproclist : /* EMPTY */
@@ -410,6 +411,24 @@
| resourcesystem
;
+optfifolist : /* EMPTY */
+ | optfifolist optfifo
+ ;
+
+optfifo : start
+ | stop
+ | timestamp
+ | timeout
+ | every
+ | alert
+ | permission
+ | uid
+ | gid
+ | mode
+ | group
+ | depend
+ ;
+
setalert : SET alertmail '{' eventoptionlist '}' formatlist reminder {
addmail($<string>2, &mailset, &Run.maillist, eventset,
$<number>7);
}
@@ -730,6 +749,15 @@
}
;
+checkfifo : CHECKFIFO SERVICENAME PATHTOK PATH {
+ check_name($<string>2);
+ if(!File_isFifo($4))
+ yyerror2("The path in a check fifo test"
+ " must point to a named fifo");
+ createservice(TYPE_FIFO, $<string>2, $4, check_fifo);
+ }
+ ;
+
start : START argumentlist { addcommand(START); }
| START argumentlist useroptionlist { addcommand(START); }
;
diff -Naur monit/validate.c monit-mp/validate.c
--- monit/validate.c 2005-12-16 22:42:25.000000000 +0100
+++ monit-mp/validate.c 2005-12-25 23:12:42.000000000 +0100
@@ -393,6 +393,57 @@
/**
+ * Validate a given fifo service s. Events are posted according to
+ * its configuration. In case of a fatal event FALSE is returned.
+ */
+int check_fifo(Service_T s) {
+
+ struct stat stat_buf;
+
+ ASSERT(s);
+
+ if(stat(s->path, &stat_buf) != 0) {
+ Event_post(s, EVENT_NONEXIST, STATE_FAILED, s->action_NONEXIST,
+ "'%s' fifo doesn't exist", s->name);
+ return FALSE;
+ } else {
+ s->inf->st_mode= stat_buf.st_mode;
+ s->inf->st_uid= stat_buf.st_uid;
+ s->inf->st_gid= stat_buf.st_gid;
+ s->inf->timestamp= MAX(stat_buf.st_mtime, stat_buf.st_ctime);
+ DEBUG("'%s' fifo existence check passed\n", s->name);
+ Event_post(s, EVENT_NONEXIST, STATE_PASSED, s->action_NONEXIST,
+ "'%s' fifo exist", s->name);
+ }
+
+ if(!S_ISFIFO(s->inf->st_mode)) {
+ Event_post(s, EVENT_INVALID, STATE_FAILED, s->action_INVALID,
+ "'%s' is not fifo", s->name);
+ return FALSE;
+ } else {
+ DEBUG("'%s' is fifo\n", s->name);
+ Event_post(s, EVENT_INVALID, STATE_PASSED, s->action_INVALID,
+ "'%s' is fifo", s->name);
+ }
+
+ if(s->perm)
+ check_perm(s);
+
+ if(s->uid)
+ check_uid(s);
+
+ if(s->gid)
+ check_gid(s);
+
+ if(s->timestamplist)
+ check_timestamp(s);
+
+ return TRUE;
+
+}
+
+
+/**
* Validate a remote service.
* @param s The remote service to validate
* @return FALSE if there was an error otherwise TRUE
diff -Naur monit/xml.c monit-mp/xml.c
--- monit/xml.c 2005-11-30 01:02:35.000000000 +0100
+++ monit-mp/xml.c 2005-12-25 23:08:57.000000000 +0100
@@ -190,7 +190,9 @@
{
if(Util_hasServiceStatus(S)) {
if(S->type == TYPE_FILE ||
- S->type == TYPE_DIRECTORY || S->type == TYPE_DEVICE) {
+ S->type == TYPE_DIRECTORY ||
+ S->type == TYPE_FIFO ||
+ S->type == TYPE_DEVICE) {
buf_print(B,
"\t\t<mode>%o</mode>\r\n"
"\t\t<uid>%d</uid>\r\n"
@@ -199,7 +201,9 @@
(int)S->inf->st_uid,
(int)S->inf->st_gid);
}
- if(S->type == TYPE_FILE || S->type == TYPE_DIRECTORY) {
+ if(S->type == TYPE_FILE ||
+ S->type == TYPE_FIFO ||
+ S->type == TYPE_DIRECTORY) {
buf_print(B,
"\t\t<timestamp>%ld</timestamp>\r\n",
(long)S->inf->timestamp);