monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: monitoring FIFOs permissions


From: Martin Pala
Subject: Re: monitoring FIFOs permissions
Date: Mon, 26 Dec 2005 00:16:26 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051007 Debian/1.7.12-1

Olivier Kaloudoff wrote:
Hello,

    I am using the wonderful monit since more than one
year now, and there is only one feature missing to me;

    When I try to put a FIFO to be monitored like this;

check file SER_FIFO_PROD path /vservers/sip.domain.com/run/ser_fifo
   if failed perm 777
     then exec "/etc/kalou_net/prod/sip.domain.com/ser_fifo_perms.sh"

    Monit won't accept it, and shout;

address@hidden ~]# monit

/etc/monitrc:16: Error: The path in a check file test must point to a file '/vservers/sip.domain.com/run/ser_fifo' /etc/monitrc:18: Error: the executable does not exist '/etc/kalou_net/prod/sip.domain.com/ser_fifo_perms.sh'


Is there any way to have fifo monitoring ? Does it cause any
special trouble or could it be simply treated as a file ?



Olivier


--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general

First of all, thanks for your support, we very appreciate it :)


Regarding the problem - FIFOs are special devices which cannot be handled by standard 'file' service check (which controls the type of monitored object). There is no checksum, size nor match test for fifo.

In the attachment is the patch which implements new service check for fifos. It allows to use just relevent basic tests which are currently implemented: uid, gid, permission and timestamp.

Example syntax:

  check fifo qmgr-fifo with path /var/spool/postfix/public/qmgr
    if failed permission 622 then alert
    if failed uid postfix then alert
    if failed gid postdrop then alert

If developers will agree, i can add it to the cvs.


Cheers,
Martin














diff -Naur monit/CHANGES.txt monit-mp/CHANGES.txt
--- monit/CHANGES.txt   2005-12-25 22:35:02.000000000 +0100
+++ monit-mp/CHANGES.txt        2005-12-25 23:25:12.000000000 +0100
@@ -22,6 +22,12 @@
        if cpu usage (system) > 30% then alert
        if cpu usage (wait) > 20% then alert
 
+*  Added fifo (named pipe) resource check. Example:
+     check fifo qmgr-fifo with path /var/spool/postfix/public/qmgr
+       if failed permission 622 then alert
+       if failed uid postfix then alert
+       if failed gid postdrop then alert
+
 *  Added support for Oracle SQLNet protocol test. Monit can now ping
    Oracle server. Thanks to Artyom Khafizov < afk at inbox!ru >.
    Example usage:
diff -Naur monit/file.c monit-mp/file.c
--- monit/file.c        2005-12-04 09:45:31.000000000 +0100
+++ monit-mp/file.c     2005-12-25 23:14:02.000000000 +0100
@@ -242,6 +242,22 @@
 
 
 /**
+ * Check if this is a fifo
+ * @param fifo A path to the fifo to check
+ * @return TRUE if fifo exist, otherwise FALSE
+ */
+int File_isFifo(char *fifo) {
+  
+  struct stat buf;
+  
+  ASSERT(fifo);
+
+  return (stat(fifo, &buf) == 0 && S_ISFIFO(buf.st_mode));
+  
+}
+
+
+/**
  * Check if the file exist on the system
  * @file A path to the file to check
  * @return TRUE if file exist otherwise FALSE
diff -Naur monit/file.h monit-mp/file.h
--- monit/file.h        2005-12-04 09:45:31.000000000 +0100
+++ monit-mp/file.h     2005-12-25 23:14:09.000000000 +0100
@@ -94,6 +94,14 @@
 
 
 /**
+ * Check if this is a fifo
+ * @param fifo A path to the fifo to check
+ * @return TRUE if fifo exist, otherwise FALSE
+ */
+int File_isFifo(char *fifo);
+
+
+/**
  * Check if the file exist on the system
  * @file A path to the file to check
  * @return TRUE if file exist otherwise FALSE
diff -Naur monit/http/cervlet.c monit-mp/http/cervlet.c
--- monit/http/cervlet.c        2005-11-28 23:08:53.000000000 +0100
+++ monit-mp/http/cervlet.c     2005-12-25 23:55:46.000000000 +0100
@@ -92,6 +92,7 @@
 static void do_home_device(HttpRequest, HttpResponse);
 static void do_home_directory(HttpRequest, HttpResponse);
 static void do_home_file(HttpRequest, HttpResponse);
+static void do_home_fifo(HttpRequest, HttpResponse);
 static void do_home_process(HttpRequest, HttpResponse);
 static void do_home_host(HttpRequest, HttpResponse);
 static void do_about(HttpRequest, HttpResponse);
@@ -273,6 +274,7 @@
   do_home_process(req, res);
   do_home_device(req, res);
   do_home_file(req, res);
+  do_home_fifo(req, res);
   do_home_directory(req, res);
   do_home_host(req, res);
   
@@ -1145,6 +1147,75 @@
 }
 
 
+static void do_home_fifo(HttpRequest req, HttpResponse res) {
+  
+  Service_T  s;
+  char      *status;
+  int        on= TRUE;
+  int        header= TRUE;
+  
+  for(s= servicelist_conf; s; s= s->next_conf) {
+    
+    if(s->type != TYPE_FIFO) continue;
+    
+    if(header) {
+      
+      out_print(res,
+       "<br><p>&nbsp;</p>"
+       "<table cellspacing=0 cellpadding=3 border=0 width=\"90%%\">"
+       "<tr>"
+       "<td width=\"20%%\"><h3><b>Fifo</b></h3></td>"
+       "<td align=\"left\"><h3><b>Status</b></h3></td>"
+       "<td align=\"right\"><h3><b>Permission</b></h3></td>"
+       "<td align=\"right\"><h3><b>UID</b></h3></td>"
+       "<td align=\"right\"><h3><b>GID</b></h3></td>"
+       "</tr>");
+      
+      header= FALSE;
+      
+    }
+
+    status= get_service_status_html(s);
+    out_print(res,
+      "<tr %s>"
+      "<td width=\"20%%\"><a href='/%s'>%s</a></td>"
+      "<td align=\"left\">%s</td>",
+      on?"bgcolor=\"#EFEFEF\"":"",
+      s->name, s->name,
+      status);
+    FREE(status);
+    
+    if(!Util_hasServiceStatus(s)) {
+      
+      out_print(res,
+       "<td align=\"right\">-</td>"
+       "<td align=\"right\">-</td>"
+       "<td align=\"right\">-</td>");
+
+    } else {
+      
+      out_print(res,
+       "<td align=\"right\">%o</td>"
+       "<td align=\"right\">%d</td>"
+       "<td align=\"right\">%d</td>",
+       s->inf->st_mode & 07777,
+       s->inf->st_uid,
+       s->inf->st_gid);
+
+    }
+    
+    out_print(res, "</tr>");
+
+    on= on?FALSE:TRUE;
+    
+  }
+  
+  if(!header)
+    out_print(res, "</table>");
+  
+}
+
+
 static void do_home_directory(HttpRequest req, HttpResponse res) {
   
   Service_T        s;
@@ -1996,6 +2067,7 @@
 static void print_service_params_perm(HttpResponse res, Service_T s) {
 
   if(s->type == TYPE_FILE ||
+     s->type == TYPE_FIFO ||
      s->type == TYPE_DIRECTORY ||
      s->type == TYPE_DEVICE) {
 
@@ -2018,6 +2090,7 @@
 static void print_service_params_uid(HttpResponse res, Service_T s) {
 
   if(s->type == TYPE_FILE ||
+     s->type == TYPE_FIFO ||
      s->type == TYPE_DIRECTORY ||
      s->type == TYPE_DEVICE) {
 
@@ -2040,6 +2113,7 @@
 static void print_service_params_gid(HttpResponse res, Service_T s) {
 
   if(s->type == TYPE_FILE ||
+     s->type == TYPE_FIFO ||
      s->type == TYPE_DIRECTORY ||
      s->type == TYPE_DEVICE) {
 
@@ -2061,7 +2135,9 @@
 
 static void print_service_params_timestamp(HttpResponse res, Service_T s) {
 
-  if(s->type == TYPE_FILE || s->type == TYPE_DIRECTORY) {
+  if(s->type == TYPE_FILE ||
+     s->type == TYPE_FIFO ||
+     s->type == TYPE_DIRECTORY) {
 
     if(!Util_hasServiceStatus(s)) {
 
@@ -2377,7 +2453,9 @@
            "monitoring status", monitornames[s->monitor]);
 
     if(Util_hasServiceStatus(s)) {
-      if(s->type == TYPE_FILE || s->type == TYPE_DIRECTORY || 
+      if(s->type == TYPE_FILE ||
+         s->type == TYPE_FIFO || 
+         s->type == TYPE_DIRECTORY || 
          s->type == TYPE_DEVICE) {
         out_print(res,
                "  %-33s %o\n"
@@ -2387,7 +2465,9 @@
                "uid", (int)s->inf->st_uid,
                "gid", (int)s->inf->st_gid);
       }
-      if(s->type == TYPE_FILE || s->type == TYPE_DIRECTORY) {
+      if(s->type == TYPE_FILE ||
+         s->type == TYPE_FIFO || 
+         s->type == TYPE_DIRECTORY) {
         ctime_r(&s->inf->timestamp, time);
         out_print(res,
                "  %-33s %s",
diff -Naur monit/l.l monit-mp/l.l
--- monit/l.l   2005-12-22 11:30:22.000000000 +0100
+++ monit-mp/l.l        2005-12-25 23:07:26.000000000 +0100
@@ -324,6 +324,11 @@
                     return CHECKSYSTEM;
                   }
 
+check[ \t]+fifo {
+                    BEGIN(SERVICE_COND);
+                    return CHECKFIFO;
+                  }
+
 group[ \t]+       {
                     BEGIN(STRING_COND);
                     return GROUP;
diff -Naur monit/monitor.h monit-mp/monitor.h
--- monit/monitor.h     2005-12-15 12:09:55.000000000 +0100
+++ monit-mp/monitor.h  2005-12-25 23:13:41.000000000 +0100
@@ -130,6 +130,7 @@
 #define TYPE_PROCESS       3
 #define TYPE_HOST          4
 #define TYPE_SYSTEM        5
+#define TYPE_FIFO          6
 
 #define RESOURCE_ID_CPU_PERCENT       1
 #define RESOURCE_ID_MEM_PERCENT       2
@@ -825,6 +826,7 @@
 int  check_directory(Service_T);
 int  check_remote_host(Service_T);
 int  check_system(Service_T);
+int  check_fifo(Service_T);
 int  check_URL(Service_T s);
 int  sha_md5_stream (FILE *, void *, void *);
 void reset_procinfo(Service_T);
diff -Naur monit/monit.pod monit-mp/monit.pod
--- monit/monit.pod     2005-12-21 17:34:43.000000000 +0100
+++ monit-mp/monit.pod  2005-12-26 00:05:20.000000000 +0100
@@ -1212,9 +1212,8 @@
 
 =head2 TIMESTAMP TESTING
 
-The timestamp statement may only be used in a file or directory
-service entry. If specified in the control file, monit will
-compute a timestamp for a file or directory.
+The timestamp statement may only be used in a file, fifo or directory
+service entry.
 
 The timestamp test in constant form is used to verify various
 timestamp conditions. Syntax (keywords are in capital):
@@ -1554,9 +1553,9 @@
 
 =head2 PERMISSION TESTING
 
-Monit can monitor the permissions for files, directories and
-devices. This test may only be used within a file, directory or
-device service entry in the monit control file.
+Monit can monitor the permissions. This test may only be used
+within a file, fifo, directory or device service entry in the
+monit control file.
 
 The syntax for the permission statement is:
 
@@ -1596,9 +1595,9 @@
 
 =head2 UID TESTING
 
-monit can monitor the owner user id (uid) for files, directories
-and devices. This test may only be used within a file, directory
-or device service entry in the monit control file.
+monit can monitor the owner user id (uid). This test may only be
+used within a file, fifo, directory or device service entry in
+the monit control file.
 
 The syntax for the uid statement is:
 
@@ -1635,9 +1634,9 @@
 
 =head2 GID TESTING
 
-monit can monitor the owner group id (gid) for files, directories
-and devices. This test may only be used within a file, directory
-or device service entry in the monit control file.
+monit can monitor the owner group id (gid). This test may only
+be used within a file, fifo, directory or device service entry
+in the monit control file.
 
 The syntax for the gid statement is:
 
@@ -2685,7 +2684,16 @@
 entry. If monit runs in passive mode or the start methods is not
 defined, monit will just send alerts on errors.
 
-=item 3. CHECK DEVICE <unique name> PATH <path>
+=item 3. CHECK FIFO <unique name> PATH <path>
+
+<path> is the absolute path to the fifo. If the fifo does not
+exist or disappeared, monit will call the entry's start method if
+defined, if <path> does not point to a fifo type (for
+instance a directory), monit will disable monitoring of this
+entry. If monit runs in passive mode or the start methods is not
+defined, monit will just send alerts on errors.
+
+=item 4. CHECK DEVICE <unique name> PATH <path>
 
 <path> is the path to the device block special file, mount point,
 file or a directory which is part of a filesystem. It is
@@ -2701,7 +2709,7 @@
 passive mode or the start methods is not defined, monit will just
 send alerts on errors.
 
-=item 4. CHECK DIRECTORY <unique name> PATH <path>
+=item 5. CHECK DIRECTORY <unique name> PATH <path>
 
 <path> is the absolute path to the directory. If the directory
 does not exist or disappeared, monit will call the entry's start
@@ -2710,13 +2718,13 @@
 mode or the start methods is not defined, monit will just send
 alerts on errors.
 
-=item 5. CHECK HOST <unique name> ADDRESS <host address> 
+=item 6. CHECK HOST <unique name> ADDRESS <host address> 
 
 The host address can be specified as a hostname string or as an
 ip-address string on a dotted decimal format. Such as,
 tildeslash.com or "64.87.72.95".
 
-=item 6. CHECK SYSTEM <unique name>
+=item 7. CHECK SYSTEM <unique name>
 
 The system name is usualy hostname, but any descriptive name can be
 used. This test allows to check general system resources such as
diff -Naur monit/process.c monit-mp/process.c
--- monit/process.c     2005-12-25 22:22:12.000000000 +0100
+++ monit-mp/process.c  2005-12-25 23:55:38.000000000 +0100
@@ -79,10 +79,11 @@
 char monitornames[][STRLEN]=  {"not monitored", "monitored", "initializing"};
 char statusnames[][STRLEN]=   {"accessible", "accessible", "accessible",
                                "running", "online with all services",
-                               "running"};
+                               "running", "accessible"};
 char servicetypes[][STRLEN]=  {"Device", "Directory", "File", "Process",
-                               "Remote Host", "System"};
-char pathnames[][STRLEN]=     {"Path", "Path", "Path", "Pid file", "Path", ""};
+                               "Remote Host", "System", "Fifo"};
+char pathnames[][STRLEN]=     {"Path", "Path", "Path", "Pid file", "Path", "",
+                               "Path"};
 char icmpnames[][STRLEN]=     {"Echo Reply", "", "", "Destination Unreachable",
                                "Source Quench", "Redirect", "", "",
                                "Echo Request", "", "", "Time Exceeded",
diff -Naur monit/p.y monit-mp/p.y
--- monit/p.y   2005-12-22 11:30:22.000000000 +0100
+++ monit-mp/p.y        2005-12-25 23:14:33.000000000 +0100
@@ -260,7 +260,7 @@
 %token <number> REPLYLIMIT REQUESTLIMIT STARTLIMIT WAITLIMIT GRACEFULLIMIT 
 %token <number> CLEANUPLIMIT 
 %token <real> REAL
-%token CHECKPROC CHECKDEV CHECKFILE CHECKDIR CHECKHOST CHECKSYSTEM
+%token CHECKPROC CHECKDEV CHECKFILE CHECKDIR CHECKHOST CHECKSYSTEM CHECKFIFO
 %token CPUUSAGE MEMUSAGE MEMKBYTE CHILDREN SYSTEM
 %token RESOURCE MEMORY TOTALMEMORY LOADAVG1 LOADAVG5 LOADAVG15 
 %token MODE ACTIVE PASSIVE MANUAL CPU CPUUSER CPUSYSTEM CPUWAIT
@@ -303,6 +303,7 @@
                 | checkdir optdirlist
                 | checkhost opthostlist
                 | checksystem optsystemlist
+                | checkfifo optfifolist
                 ;
 
 optproclist     : /* EMPTY */
@@ -410,6 +411,24 @@
                 | resourcesystem
                 ;
 
+optfifolist     : /* EMPTY */
+                | optfifolist optfifo
+                ;
+
+optfifo         : start
+                | stop
+                | timestamp
+                | timeout
+                | every
+                | alert
+                | permission
+                | uid
+                | gid
+                | mode
+                | group
+                | depend
+                ;
+
 setalert        : SET alertmail '{' eventoptionlist '}' formatlist reminder {
                     addmail($<string>2, &mailset, &Run.maillist, eventset, 
$<number>7);
                   }
@@ -730,6 +749,15 @@
                   }
                 ;
 
+checkfifo       : CHECKFIFO SERVICENAME PATHTOK PATH {
+                   check_name($<string>2);
+                   if(!File_isFifo($4))
+                     yyerror2("The path in a check fifo test"
+                              " must point to a named fifo");
+                   createservice(TYPE_FIFO, $<string>2, $4, check_fifo);
+                  }
+                ;
+
 start           : START argumentlist { addcommand(START); }
                 | START argumentlist useroptionlist { addcommand(START); }
                 ;
diff -Naur monit/validate.c monit-mp/validate.c
--- monit/validate.c    2005-12-16 22:42:25.000000000 +0100
+++ monit-mp/validate.c 2005-12-25 23:12:42.000000000 +0100
@@ -393,6 +393,57 @@
 
 
 /**
+ * Validate a given fifo service s. Events are posted according to 
+ * its configuration. In case of a fatal event FALSE is returned.
+ */
+int check_fifo(Service_T s) {
+
+  struct stat stat_buf;
+
+  ASSERT(s);
+
+  if(stat(s->path, &stat_buf) != 0) {
+    Event_post(s, EVENT_NONEXIST, STATE_FAILED, s->action_NONEXIST,
+      "'%s' fifo doesn't exist", s->name);
+    return FALSE;
+  } else {
+    s->inf->st_mode= stat_buf.st_mode;
+    s->inf->st_uid= stat_buf.st_uid;
+    s->inf->st_gid= stat_buf.st_gid;
+    s->inf->timestamp= MAX(stat_buf.st_mtime, stat_buf.st_ctime);
+    DEBUG("'%s' fifo existence check passed\n", s->name);
+    Event_post(s, EVENT_NONEXIST, STATE_PASSED, s->action_NONEXIST,
+      "'%s' fifo exist", s->name);
+  }
+
+  if(!S_ISFIFO(s->inf->st_mode)) {
+    Event_post(s, EVENT_INVALID, STATE_FAILED, s->action_INVALID,
+      "'%s' is not fifo", s->name);
+    return FALSE;
+  } else {
+    DEBUG("'%s' is fifo\n", s->name);
+    Event_post(s, EVENT_INVALID, STATE_PASSED, s->action_INVALID,
+      "'%s' is fifo", s->name);
+  }
+
+  if(s->perm)
+    check_perm(s);
+
+  if(s->uid)
+    check_uid(s);
+
+  if(s->gid)
+    check_gid(s);
+
+  if(s->timestamplist)
+    check_timestamp(s);
+
+  return TRUE;
+
+}
+
+
+/**
  * Validate a remote service.
  * @param s The remote service to validate
  * @return FALSE if there was an error otherwise TRUE
diff -Naur monit/xml.c monit-mp/xml.c
--- monit/xml.c 2005-11-30 01:02:35.000000000 +0100
+++ monit-mp/xml.c      2005-12-25 23:08:57.000000000 +0100
@@ -190,7 +190,9 @@
   {
     if(Util_hasServiceStatus(S)) {
       if(S->type == TYPE_FILE || 
-         S->type == TYPE_DIRECTORY || S->type == TYPE_DEVICE) {
+         S->type == TYPE_DIRECTORY ||
+         S->type == TYPE_FIFO ||
+         S->type == TYPE_DEVICE) {
         buf_print(B,
                "\t\t<mode>%o</mode>\r\n"
                "\t\t<uid>%d</uid>\r\n"
@@ -199,7 +201,9 @@
                (int)S->inf->st_uid,
                (int)S->inf->st_gid);
       }
-      if(S->type == TYPE_FILE || S->type == TYPE_DIRECTORY)  {
+      if(S->type == TYPE_FILE ||
+         S->type == TYPE_FIFO ||
+         S->type == TYPE_DIRECTORY)  {
         buf_print(B,
                "\t\t<timestamp>%ld</timestamp>\r\n",
                (long)S->inf->timestamp);

reply via email to

[Prev in Thread] Current Thread [Next in Thread]