[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tiger-devel] [RFC] check_finddeleted

From: Nicolas François
Subject: Re: [Tiger-devel] [RFC] check_finddeleted
Date: Fri, 30 Jan 2004 00:20:01 +0100
User-agent: Mutt/

Hello all,

sorry for my late response.

I finally submitted a task:
(I'm the anonymous submitter. I don't know what happended, I thought I
was logged in)

A real tiger script is now available.

> > A - servers using a deleted file are more critical
> >   Those classes would be reported as:
> >     * FAIL the process "name" (pid,user,group?) of the server "name" 
> > (pid,user,group?) is using a deleted file.
> >     * WARN the process "name" (pid,user,group?) is using a deleted file.
> >   Should we report the group?
> group as in process id group?

That's what I implemented, but it's probably not what I really wanted.
group, as in /etc/group, combined with user will show the
permissions of the process.

> > B - Which name of process to report
> >   Actually, depending on the class, either the 8 letters truncated
> >   command name from lsof is reported, or the executable name with
> >   arguments (from ps -o cmd).
> This is not completely portable either :( This fails on HP-UX.
>       $ ps -o cmd
>       ps: illegal option -- o
>       usage: ps [-edaflP] [-u ulist] [-g glist] [-p plist] [-t tlist] [-R
> prmgroup]
> I can get this to work by the following:
>       $ export UNIX95=1
>       $ ps -o args
> but the output is truncated to a certain length.  The only way I know of
> to get the full command length is only available in HP-UX 11.11 where
> they added a -x option to the ps command.

My current implementation only use the non-truncated command provided
by lsof (all characters from proc or user structure, according to the
man page).

> As different side note ... the command-line can be changed, so ps is not
> the best way to get the process name. There are a several programs that
> I know of that do this ... sshd, postgres, etc.
>       $ ps -e -o cmd | grep sshd
>       /usr/sbin/sshd
>       sshd: rbrad [priv]
>       sshd: address@hidden/4
>       grep sshd
>       $ ps -e -o cmd | grep postgres:
>       postgres: stats buffer process
>       postgres: stats collector process
>       postgres: rbrad vsm [local] idle
>       grep postgres:
> Not sure if this matters ... but wanted let you know there might be
> problems on other operating systems and with some programs.

Thanks for the feedback.

This issue is also mentioned here:
I will later test if it's possible to make a script that compare ps
output and executable names (and perhaps other infos). I was aware that
such check could produce a lot of false positives (scripts). There is
apparently even more.

> >   Is a pure shell code preferable?
> It make it easier to port and is more inline with the tiger philsophy,
> but honestly doesn't matter to me.

I will try to convert my script. It should be OK.

> There is 1 bug in the tools you should be aware of (I sent a private
> email to Javi with this info already) but the new task link does not
> work.  Use this link to add a new task:
>       https://savannah.nongnu.org/task/?group=tiger&func=additem

It's probably fixed now. The "Submit a Task" link points to


reply via email to

[Prev in Thread] Current Thread [Next in Thread]