slitaz-dev-tools rev 39
Add srvwatch
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Mon Mar 14 09:14:05 2011 +0100 (2011-03-14) |
| parents | 50448e6a6061 |
| children | 7392e83f539c |
| files | mirror-tools/rootfs/usr/sbin/srvwatch |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/mirror-tools/rootfs/usr/sbin/srvwatch Mon Mar 14 09:14:05 2011 +0100 1.3 @@ -0,0 +1,179 @@ 1.4 +#!/bin/sh 1.5 + 1.6 +# Check daemon with pidfile: usage check_pidfile $PIDFILE $DAEMON 1.7 +active_pidfile() 1.8 +{ 1.9 + if [ ! -e $1 ]; then 1.10 + return 1 1.11 + elif grep -qs "Name:.$(basename $2)$" \ 1.12 + /proc/$(cat $1 | sed 's/[^0-9]//g')/status ; then 1.13 + return 0 1.14 + else 1.15 + rm -f $1 1.16 + return 2 1.17 + fi 1.18 +} 1.19 + 1.20 +log() 1.21 +{ 1.22 + cat > /var/log/svrwatch.log.$$ <<EOT 1.23 +$(tail -n 50 /var/log/svrwatch.log 2> /dev/null) 1.24 +$(date) $@ 1.25 +EOT 1.26 + mv -f /var/log/svrwatch.log.$$ /var/log/svrwatch.log 1.27 +} 1.28 + 1.29 +cron_leak() 1.30 +{ 1.31 + mem=$(top -b -n1 | grep cron | grep -v grep | awk '{ print $5 }') 1.32 + case "$mem" in 1.33 + *m) [ ${mem%m} -gt 500 ] && { 1.34 + log "restart crond (use $mem)" 1.35 + /etc/init.d/crond restart > /dev/null 2>&1 1.36 + } 1.37 + ;; 1.38 + esac 1.39 +} 1.40 + 1.41 +make_pem() 1.42 +{ 1.43 +names="DNS:*.$1, DNS:$1" 1.44 +if grep -q '# req_extensions' /etc/ssl/openssl.cnf; then 1.45 + sed -i 's/^# req_extensions.*/req_extensions = multiname/' \ 1.46 + /etc/ssl/openssl.cnf 1.47 + cat >> /etc/ssl/openssl.cnf << EOT 1.48 + 1.49 +[ multiname ] 1.50 +subjectAltName = $names 1.51 +EOT 1.52 +else 1.53 + sed -i "s/^subjectAltName.*/subjectAltName = $names/" /etc/ssl/openssl.cnf 1.54 +fi 1.55 +false && cat > multiname.ext <<EOT 1.56 +[ multiname ] 1.57 +subjectAltName = $names 1.58 +EOT 1.59 + 1.60 +# -extfile multiname.ext -extensions multiname 1.61 +openssl req -new -x509 -keyout $2 -extensions multiname \ 1.62 + -out $2 -days 3650 -nodes <<EOT 1.63 +$(. /etc/locale.conf ; echo ${LANG#*_}) 1.64 +$(cat /etc/TZ) 1.65 + 1.66 +*.$1 1.67 + 1.68 + 1.69 + 1.70 +EOT 1.71 +} 1.72 + 1.73 +check_pem() 1.74 +{ 1.75 +grep SSLCertificat /etc/apache/conf.d/* | awk '{ print $3 }' | uniq | \ 1.76 +while read file; do 1.77 + [ -s $file ] && continue 1.78 + make_pem $(basename $file .pem) $file 1.79 +done 1.80 +} 1.81 + 1.82 +check_certificates() 1.83 +{ 1.84 + if [ -n "$(check_pem)" ]; then 1.85 + /etc/init.d/apache stop 1.86 + /etc/init.d/apache start 1.87 + fi 1.88 +} 1.89 + 1.90 +daemon_crash() 1.91 +{ 1.92 + if [ -f /etc/aliases -a /etc/aliases -nt /etc/aliases.db ]; then 1.93 + log "/etc/aliases" 1.94 + postalias /etc/aliases 1.95 + fi 1.96 + eval $(grep ^RUN_DAEMONS= /etc/rcS.conf) 1.97 + checked="" 1.98 + while read command pidfile daemon; do 1.99 + case "$command" in 1.100 + \#*) continue 1.101 + esac 1.102 + checked="$checked $command" 1.103 + case " $RUN_DAEMONS " in 1.104 + *\ $command\ *) 1.105 + case "$command" in 1.106 + apache) 1.107 + check_certificates ;; 1.108 + esac 1.109 + active_pidfile $pidfile $daemon || { 1.110 + log "start daemon $command" 1.111 + /etc/init.d/$command start 1.112 + } 1.113 + if [ $command == mysql -a ! -e /var/run/mysqld/mysqld.sock ]; then 1.114 + log "mysql socket" 1.115 + killall mysqld 1.116 + killall -9 mysqld 1.117 + /etc/init.d/mysql start 1.118 + fi 1.119 + ;; 1.120 + esac 1.121 + done <<EOT 1.122 +rsyncd /var/run/rsyncd.pid rsync 1.123 +openssh /var/run/sshd.pid sshd 1.124 +lighttpd /var/run/lighttpd.pid lighttpd 1.125 +hald /var/run/hald/pid hald 1.126 +ajaxterm /var/run/ajaxterm.pid python 1.127 +apache /var/run/apache/httpd.pid httpd 1.128 +crond /var/run/crond.pid crond 1.129 +dbus /var/run/dbus/pid dbus-daemon 1.130 +dropbear /var/run/dropbear.pid dropbear 1.131 +hald /var/run/hald/pid hald 1.132 +mysql /var/run/mysqld/mysql.pid mysqld 1.133 +ntp /var/run/ntpd.pid ntpd 1.134 +postfix /var/spool/postfix/pid/master.pid master 1.135 +pure-ftpd /var/run/pure-ftpd.pid pure-ftpd 1.136 +slim /var/lock/slim.lock slim 1.137 +knock /var/run/knockd.pid knockd 1.138 +udhcpd /var/run/udhcpd.pid udhcpd 1.139 +dhcpd /var/run/dhcpd.pid dhcpd 1.140 +EOT 1.141 + rm -f /var/log/srvwatch.log 1.142 + for i in $RUN_DAEMONS ; do 1.143 + case " $checked " in 1.144 + *\ $i\ *) ;; 1.145 + *) echo "Not checked: $i" >> /var/log/srvwatch.log ;; 1.146 + esac 1.147 + done 1.148 +} 1.149 + 1.150 +swap_full() 1.151 +{ 1.152 + if [ -n "$(free | awk '/Swap/ { if ($2/$4 > 10) print }')" ]; then 1.153 + log "$(free | grep Swap)" 1.154 + top -b -n1 > /var/log/top.log 1.155 + sync 1.156 + reboot 1.157 + fi 1.158 +} 1.159 + 1.160 +case "$1" in 1.161 +install) 1.162 + [ $0 == $2/usr/sbin/srvwatch ] || mv $0 $2/usr/sbin/srvwatch 1.163 + if [ -x $2/usr/sbin/srvwatch ] && ! grep -q /usr/sbin/srvwatch $2/etc/inittab; then 1.164 + sed -i 's|^::sysinit.*|&\n::respawn:/usr/sbin/srvwatch loop|' \ 1.165 + $2/etc/inittab 1.166 + [ -n "$2" ] || kill -1 1 1.167 + fi 1.168 + ;; 1.169 +once) 1.170 + daemon_crash 1.171 + cron_leak 1.172 + swap_full ;; 1.173 +loop) 1.174 + while true; do 1.175 + daemon_crash 1.176 + cron_leak 1.177 + swap_full 1.178 + sleep 15m 1.179 + done > /dev/null 2>&1 ;; 1.180 +*) 1.181 + echo "Usage: $0 install" ;; 1.182 +esac