Vserver watchdogs

From YobiWiki
Jump to navigation Jump to search

mynetstat

#!/bin/bash 

# Copyright: 2007 Philippe Teuwen <phil at teuwen dot org>
# License:   GPL
#
# Description:
#   Watch for modifications in the list of listening TCP/UDP processes across all vservers
#   Examples: mysql, imapproxy,.. crashes
#             IP binding broken after package upgrade
#             new suspicious listening process, etc
#
# Usage:
#   mynetstat [update|diff|diff+update] options
#
#   mynetstat
#       Gives a clean list of listening processes in which vserver and with which binding
#   mynetstat update
#       Creates a snapshot in a logfile
#   mynetstat diff
#       Shows diffs compared to the snapshot
#       This is the one expected to be called by cron on the host
#   mynetstat diff+update
#       Same as diff but takes a new snapshot in case of changes
#       so cron doesn't send repetitively alerts
#   Options:
#   You can use numeric options of netstat: [--numeric|-n] [--numeric-hosts] [--numeric-ports]
# Changelog:
#   v1.0

###### Adapt this one to your needs:        
LOGFILE="$(/usr/bin/dirname $0)/mynetstat.log"
####################################

POSTUPDATE=false
case "$1" in
    "update")
        shift
        CMD="/bin/cat > $LOGFILE"
    ;;
    "diff")
        shift
        CMD="/usr/bin/diff -U0 $LOGFILE -"
    ;;
    "diff+update")
        shift
        CMD="/usr/bin/diff -U0 $LOGFILE -"
        POSTUPDATE=true
    ;;
    *)
        CMD="/bin/cat"
esac

/usr/sbin/chcontext --ctx 1 /bin/netstat --ip -lp $* |\
    /usr/bin/awk '\
        FNR>2 {
            printf $1 "\t%-23s\t", $4;
            if ($7 == "")
                {$7=$6};
            sub(/\/.*/,"",$7);
            system("/usr/sbin/vps -p " $7 " -o pid,comm|/bin/sed \"1d;s/^[ 0-9]\\+//\"")
        }'|/usr/bin/sort -bk 3 | eval $CMD
# To get also args of the command, change "pid,command" by "pid,comm"

[ $? -eq 1 ] && $POSTUPDATE && exec $0 update $*

/etc/cron.d/watch-vservers

MAILTO=root
*/15 * * * *    root /home/vservers/tools/watch/mynetstat diff