/usr/lib/tiger/scripts/check_runprocs is in tiger 1:3.2.3-12.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 2002, 2003 Javier Fernandez-Sanguino Peña
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# check_runprocs jfs 12/06/2002
# This module will check if the processes configured in tigerrc
# are running currently in the system. If any of the processes
# is not running a FAIL: will be issued.
# This is a lightweight software watchdog, I know :)
#
# 08/12/2003 - jfs - Fixed dependancies.
# 03/31/2005 - jfs - Use comm instead of fname so that the names of the
# processes are not truncated (Debian bug #288086)
# 04/15/2005 - jfs - Capture arguments in an extra value, use fname first
# and then check against comm
#
#-----------------------------------------------------------------------------
TigerInstallDir="/usr/lib/tiger"
#
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds PS GREP || exit 1
message CONFIG init003c "" "$0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Checking running processes "
haveallcmds PS GREP || exit 1
processes=$Tiger_Running_Procs
[ -z "$processes" ] && {
message ERROR con009e "" "There are no running process configured. Please add the Tiger_Running_Procs variable to tigerrc."
exit 1
}
# TODO: Check if this is portable, 'ps' options tend to vary
# amongst UNIX systems (see the ps(1) manpage)
for proc in $processes
do
# NOTE: Command when used last should expand to the maximum COLUMN with
# (probably 80), if the command is longer than that we might need to set
# COLUMNS or use the -w switch (portable?)
# TODO: I dislike spawning a 'ps' process per configured process
# maybe this could be rewritten more optimally? (jfs)
$PS -eo pid,user,state,comm,command,args |
$GREP $proc | {
found="no"
while read pid user state comm command args
do
[ "$proc" = "$comm" ] || [ "$proc" = "$command" ] && [ "$state" != "T" ] && [ "$state" != "Z" ] && found="yes"
done
[ "$found" = "no" ] && message FAIL misc020f "" "The process '$proc' has not been found running in the processes table."
}
done
exit 0
|