Re: Wrong 'pathname to specified program' for 'killproc' in some init-files!?

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Wrong 'pathname to specified program' for 'killproc' in some init-files!?
Date: Mon, 24 Apr 2017 15:31:08 +0100	[thread overview]
Message-ID: <1493044268.3373.29.camel@ipfire.org> (raw)
In-Reply-To: <88730330-6904-65a3-74c4-04796c883947@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 4470 bytes --]

Hi,

well this looks okay. If you would want to clean this up a little bit more and
add some comments, I would accept it as a patch.

Here, it is not an option to call killproc without the PID file since it would
kill all running instances of snort at once. We usually always do this anyway
though.

-Michael

On Mon, 2017-04-24 at 13:57 +0200, Matthias Fischer wrote:
> Hi,
> 
> On 24.04.2017 12:24, Michael Tremer wrote:
> > Hi,
> > 
> > yes indeed.
> > 
> > But is not 100% necessary to pass the -p parameter with the PID file. I just
> > removed that when ever it got difficult to use and did not even add that for
> > new
> > scripts.
> 
> I noticed that. 'killproc' is used in two different ways.
> 
> 'killproc -p' is only used in four init-scripts (dhcp, dhcrelay, rngd
> and snort). All other scripts use 'killproc [PROGRAMNAME]', sometimes
> 'killproc [PATH][PROGRAMNAME].
> 
> As I'm not really sure about this: which solution should we prefer?
> 
> > But using $DEVICE is definitely wrong in the snort script.
> 
> Ok - but as far as I can see, this is working?
> 
> Improving this would lead to changing the complete 'start'- and
> 'stop'-section:
> 
> Example:
> ...
>  stop)
>   DEVICES=""
>   if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
>    DEVICES+="$BLUE_DEV "
>   fi
>   if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
>    DEVICES+="$GREEN_DEV "
>   fi
> 
>   if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
>    DEVICES+="$ORANGE_DEV "
>   fi
> 
>   RED=`cat /var/ipfire/red/iface 2>/dev/null`
>   if [ -r /var/run/snort_$RED.pid ]; then
>    DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
>   fi
> 
>    for DEVICE in $DEVICES; do
>     boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
>     killproc -p /var/run/snort_$DEVICE.pid /var/run
>    done
> ...
> 
> The whole thing began because I wanted a 'reload' section for 'snort'
> for use after automatic rule updates, which seems to work:
> 
> ...
>  reload)
>   DEVICES=""
>   if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
>    DEVICES+="$BLUE_DEV "
>   fi
> 
>   if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
>    DEVICES+="$GREEN_DEV "
>   fi
> 
>   if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
>    DEVICES+="$ORANGE_DEV "
>   fi
> 
>   RED=`cat /var/ipfire/red/iface 2>/dev/null`
>    if [ -r /var/run/snort_$RED.pid ]; then
>     DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
>    fi
> 
>   for DEVICE in $DEVICES; do
>    boot_mesg "Reloading Intrusion Detection System on $DEVICE..."
>    /bin/kill -SIGHUP `cat /var/run/snort_$DEVICE.pid`
>    evaluate_retval
>   done
>   ;;
> ...
> 
> Any better solution is welcome... ;-))
> 
> Best,
> 
> Matthias
> 
> > -Michael
> > 
> > On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
> > > Hi,
> > > 
> > > while searching for something else I found this:
> > > 
> > > Usage for the 'killproc'-function in '/etc/init.d/'-files should be
> > > (cited):
> > > 
> > > "# Function - killproc  [-p pidfile] pathname [signal]
> > > #
> > > # Purpose:
> > > #
> > > # Inputs: -p pidfile, uses the specified pidfile
> > > #         pathname, pathname to the specified program
> > > ..."
> > > 
> > > But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the
> > > PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to
> > > an error (FAIL) if both 'green0' and 'red0' are enabled and should be
> > > both stopped:
> > > 
> > > ...
> > > killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
> > >                                         ^^^^^^
> > > ...
> > > killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay
> > >                                            ^^^^^^^^^
> > > ...
> > > killproc -p /var/run/rngd.pid /usr/sbin/rngd
> > >                                        ^^^^^
> > > ...
> > > killproc -p /var/run/snort_$DEVICE.pid /var/run
> > >                                        ^^^^^^^^
> > > 
> > > IMHO, all these should be changed to "pathname to the specified program"
> > > as cited above ('/usr/sbin').
> > > 
> > > Can anyone please confirm?
> > > 
> > > Best,
> > > Matthias
> 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

     prev parent reply	other threads:[~2017-04-24 14:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-23 17:20 Matthias Fischer
2017-04-24 10:24 ` Michael Tremer
2017-04-24 11:57   ` Matthias Fischer
2017-04-24 14:31     ` Michael Tremer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1493044268.3373.29.camel@ipfire.org \
    --to=michael.tremer@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox