Hosting and Security
So we have a script – myscript.sh – which is running on a linux box and we want to kill it quickly with the minimum of fuss:
root@linux# kill $(pgrep <script_name>)
Here is the explanation:
We use “pgrep” to grep the running process list and returns a process’s PID :
[root@linux]# pgrep myscript.sh 20104
And combine it with the kill command to make a one-liner:
[root@linux]# kill $(pgrep myscript.sh) [root@linux]#
More info on pgrep and kill on the man pages:
http://linux.die.net/man/1/pgrep
This is an attempt to try and find a good way of monitoring and logging what is going on in the HA module. It’s a work-in-progress, please feel free to contribute.
The first script and alert below uses a custom alert for a trigger and writes to a log file in the /var/tmp/clusterxl_alert directory on the smartcenter. Using the cron job, a daily email can be sent with the day’s alerts summary. This was posted to CPUG by yheffen – https://www.cpug.org/forums/clustering-security-gateway-ha-clusterxl/9992-ha-failover-log-files.html. Originally written using the korn shell, it works equally well in bash.
#!/bin/bash
DIR="/var/tmp/clusterxl_alert"
DAILY_LOG="$DIR/alert_daily.log"
LOG="$DIR/alert.log"
mklog () {
if [ ! -f "$1" ]; then
touch "$1"
chmod 644 "$1"
fi
}
mklog "$LOG"
while read ALERT; do
echo "$ALERT" >> "$DAILY_LOG"
echo "$ALERT" >> "$LOG"
done
The path to the script is one of the “UserDefined scripts” defined in the “Policy> Global Properties> Log and Alert> Alert Commands” window. Then in the cluster object’s properties in the “ClusterXL” window, specify this User Defined Alert down in the “Tracking” section.
Cron job code:
0 5 * * * [ -f /var/tmp/clusterxl_alert/alert_daily.log ] && mailx -s "ClusterXL Alerts" me@example.com < /var/tmp/clusterxl_alert/alert_daily.log && rm /var/tmp/clusterxl_alert/alert_daily.log
This next script, which is very quick and dirty, monitors the interfaces using the “cpaprobstat -a if”. It polls every 2 seconds and writes the result to a file (ha_poll.txt) and compares the result against a reference file (ha_ref.txt) which is created when the script is run initially. If a difference is found, it is logged to the ha_alert.log file. There are better ways to do this but as I said, it’s quick and dirty 🙂
#!/bin/bash
# variables
DIR="/var/tmp"
REFERENCE="$DIR/ha_ref.txt"
POLLED="$DIR/ha_polled.txt"
LOG="$DIR/ha_alert.log"
# functions
mkref () {
echo `cphaprob -a if` > $REFERENCE
}
mkpoll () {
echo `cphaprob -a if` > $POLLED
}
# main process
# make reference file
mkref
echo "Entering polling loop, use ctrl-c or"
echo "\"kill \$(pgrep ${0##*/})\" from a different terminal to exit"
echo
# Poll every 2 seconds and compare until ctrl-c.
# If status changes log and then make new reference data
while true; do
mkpoll
DIFF=$(diff $REFERENCE $POLLED)
if [ "$DIFF" != "" ]; then
echo "Change logged to $LOG"
echo "" >> $LOG
echo $DIFF >> $LOG
mkref
sleep 2
fi
done
Running this as admin in expert mode with an ampersand keeps the process running in the background even if the terminal is disconnected:
[expert@gw]# ./ha_monitor.sh &
One issue here is that if an interface is down, “cphaprob -a if” shows the number of seconds it has been down for:
[Expert@gw]# cphaprob -a if Required interfaces: 4 Required secured interfaces: 2 eth0 UP sync(secured), multicast eth1 Inbound: DOWN (4.7 secs) Outbound: DOWN (5 secs) sync(secured), multicast eth2 UP non sync(non secured), multicast eth3 UP non sync(non secured), multicast
It will therefore see a discrepancy on every poll as the seconds number increases and will create a log entry every 2 seconds until the interface comes back up. Like I said, quick, dirty and a work-in-progress 🙂
New script now:
#!/bin/bash
# variables
HOSTNAME=`hostname`
DIR="/var/tmp"
LOG=$DIR"/"$HOSTNAME"_hamon.log"
# functions
mkref () {
echo "Making new reference .." >> $LOG
REFERENCE="`cphaprob stat`"
echo "Done" >> $LOG
echo "" >> $LOG
}
mkpoll () {
POLLED="`cphaprob stat`"
}
getAndLogVals () {
CPHAPROBSTAT=`cphaprob stat`
CPHAPROBLIST=`cphaprob list | grep -v "Time since" | grep -v "Registration number" | grep -v "Timeout: none"`
CPHAPROBAIF=`cphaprob -a if`
echo "" >> $LOG
echo "cphaprob stat:" >> $LOG
echo "--------------" >> $LOG
echo "$CPHAPROBSTAT" >> $LOG
echo "" >> $LOG
echo "cphaprob list:" >> $LOG
echo "--------------" >> $LOG
echo "$CPHAPROBLIST" >> $LOG
echo "" >> $LOG
echo "cphaprob -a if:" >> $LOG
echo "---------------" >> $LOG
echo "$CPHAPROBAIF" >> $LOG
echo "" >> $LOG
}
# main []
if [ -f $LOG ]; then
echo "Removing old log file .."
`rm $LOG`
fi
echo "Starting logging at "`date` >> $LOG
echo "" >> $LOG
# Record original vals to the log
getAndLogVals
# get reference vals
mkref
echo "Monitoring Failover status, use ctrl-c or \"kill \$(pgrep ${0##*/})\" from a different terminal to exit"
# Poll continuously and compare until ctrl-c. If status changes, log and get new reference data
while true; do
mkpoll
if [ "$POLLED" != "$REFERENCE" ]; then
DIFF="$REFERENCE / $POLLED"
echo "" >> $LOG
echo "=============================================================================" >> $LOG
echo "" >> $LOG
echo `date` >> $LOG
echo "" >> $LOG
echo "HA Status Change detected, logged to $LOG"
echo "$DIFF" >> $LOG
echo "" >> $LOG
getAndLogVals
mkref
fi
done
Following is a description of how I managed to get GoSMS Pro working with the Avast Anti-Theft module without the password being exposed in standard user-readable SMS messages.
The problem is that GoSMS (and also HandCent SMS) install themselves with a very high priority and can therefore hinder other apps (mainly security apps) from getting to the messages first – this can work one of two wbhays: either the app blocks the SMS in which case Avast never receives the message OR the app forwards the message on, Avast receives the message but by then the user (potentially a thief or receiver of a stolen phone) also then sees the message, including the Avast PIN code which they can then use to disable Avast.
Priority and the reasoning for the above is described below; this content has been taken from Avast and AndroidLost forums – all credit goes to them:
From Avast:
Priority is a number with a pretty big range (around 2^31 = more than 2 billion). Apps are ordered by their priority (what happens when the priority is the same is not determined IMHO, some say the first one installed gets the message, but I tested it and couldn't confirm this) and the one with highest priority gets the message first. The app then has around 5s to handle the message (the time is given by the system). What an app can do is to pass the message to the next one with highest priority or to block the message. And that is exactly how AAT (Avast Anti-Theft) works: it looks at the message, identifies whether it is meant for AAT and if so, blocks it. If not, it passes the message to the app with the next-highest priority unchanged. Now what some messaging apps do is they receive a message and block it. In that case AAT doesn't receive the command at all. Some receive it and pass it further, in that case AAT receives the command, but the message is visible in the messaging application that got the message first.
From AndroidLost:
From androids point of view all applications are equal. But the apps themselves can set a priority and say how important they are. And by default the incoming messages are sent to all apps, but any app can stop the message from moving on to lower priority apps. The way I see it we can split the importance into three groups: 1. security apps (androidlost, virusscanner, etc) 2. apps that modifies the messages and passes them on to others 3. normal display apps Let me explain: 1. Security apps should obviously have the highest priority since they should read the messages first and have the option to stop the messages from arriving to other apps. 2. I have never seen such an app but assume that you want a timestamp written inside each SMS you can have an app do this. This app should have a medium priority since they should get the message before the display app. 3. The display apps should have a low priority. In this group we have the normal message display and custom display apps like Go SMS Pro. It is quite OK that Go SMS Pro stops the SMS from moving on to the normal display app. But they really should use a reasonable SMS priority. I have not found any recommendations but I would say a number between 0 and 10.000 would be reasonable. I have chosen 300.000 as priority since I think my app is rather important but there may be other there has a higher priority. Go SMS Pro has chosen a priority of 2.147.483.647 since they think they have the ultimate app in the universe. That is the highest number you can set. So basically what I am trying to say is that Go SMS Pro does not code nicely. The only thing I can do is to recommend you to write them and ask them to use a _reasonable_ SMS priority.
A user’s solution to the issue:
Hey guys I found the answer on the Where's My Droid's website : Go SMS - Open Go SMS, hit 'Menu' and click 'Settings', click on 'Receive Settings', then uncheck the 'Disable other message notifications. Then open the built in SMS app, hit 'Menu' then click settings, there is a setting called 'Notifications' uncheck that. Handcent SMS - Open Hancent, Hit 'Menu' and select Settings, Click Application settings, then Default Messaging Application, Set this to 'Disable'. Then open the built in SMS app, hit 'Menu' then click settings, there is a setting called 'Notifications' uncheck that.
My solution, with screenshots for GoSMS:
Make sure you have the following settings set in GoSMS Pro:
Them, on testing, you should see the following. You should never ever ever see your pin code displayed in an SMS:
Hope this helps someone!