mynetstat
#!/bin/bash
# Copyright: 2007 Philippe Teuwen <phil at teuwen dot org>
# License: GPL
#
# Description:
# Watch for modifications in the list of listening TCP/UDP processes across all vservers
# Examples: mysql, imapproxy,.. crashes
# IP binding broken after package upgrade
# new suspicious listening process, etc
#
# Usage:
# mynetstat [update|diff|diff+update] options
#
# mynetstat
# Gives a clean list of listening processes in which vserver and with which binding
# mynetstat update
# Creates a snapshot in a logfile
# mynetstat diff
# Shows diffs compared to the snapshot
# This is the one expected to be called by cron on the host
# mynetstat diff+update
# Same as diff but takes a new snapshot in case of changes
# so cron doesn't send repetitively alerts
# Options:
# You can use numeric options of netstat: [--numeric|-n] [--numeric-hosts] [--numeric-ports]
# Changelog:
# v1.0
###### Adapt this one to your needs:
LOGFILE="$(/usr/bin/dirname $0)/mynetstat.log"
####################################
POSTUPDATE=false
case "$1" in
"update")
shift
CMD="/bin/cat > $LOGFILE"
;;
"diff")
shift
CMD="/usr/bin/diff -U0 $LOGFILE -"
;;
"diff+update")
shift
CMD="/usr/bin/diff -U0 $LOGFILE -"
POSTUPDATE=true
;;
*)
CMD="/bin/cat"
esac
/usr/sbin/chcontext --ctx 1 /bin/netstat --ip -lp $* |\
/usr/bin/awk '\
FNR>2 {
printf $1 "\t%-23s\t", $4;
if ($7 == "")
{$7=$6};
sub(/\/.*/,"",$7);
system("/usr/sbin/vps -p " $7 " -o pid,comm|/bin/sed \"1d;s/^[ 0-9]\\+//\"")
}'|/usr/bin/sort -bk 3 | eval $CMD
# To get also args of the command, change "pid,command" by "pid,comm"
[ $? -eq 1 ] && $POSTUPDATE && exec $0 update $*