Wrong 'pathname to specified program' for 'killproc' in some init-files!?

Wrong 'pathname to specified program' for 'killproc' in some init-files!?

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 1091 bytes --]

Hi,

while searching for something else I found this:

Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):

"# Function - killproc  [-p pidfile] pathname [signal]
#
# Purpose:
#
# Inputs: -p pidfile, uses the specified pidfile
#         pathname, pathname to the specified program
..."

But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the
PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to
an error (FAIL) if both 'green0' and 'red0' are enabled and should be
both stopped:

...
killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
                                        ^^^^^^
...
killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay
                                           ^^^^^^^^^
...
killproc -p /var/run/rngd.pid /usr/sbin/rngd
                                       ^^^^^
...
killproc -p /var/run/snort_$DEVICE.pid /var/run
                                       ^^^^^^^^

IMHO, all these should be changed to "pathname to the specified program"
as cited above ('/usr/sbin').

Can anyone please confirm?

Best,
Matthias

Re: Wrong 'pathname to specified program' for 'killproc' in some init-files!?

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1708 bytes --]

Hi,

yes indeed.

But is not 100% necessary to pass the -p parameter with the PID file. I just
removed that when ever it got difficult to use and did not even add that for new
scripts.

But using $DEVICE is definitely wrong in the snort script.

-Michael

On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
> Hi,
> 
> while searching for something else I found this:
> 
> Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):
> 
> "# Function - killproc  [-p pidfile] pathname [signal]
> #
> # Purpose:
> #
> # Inputs: -p pidfile, uses the specified pidfile
> #         pathname, pathname to the specified program
> ..."
> 
> But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the
> PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to
> an error (FAIL) if both 'green0' and 'red0' are enabled and should be
> both stopped:
> 
> ...
> killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
>                                         ^^^^^^
> ...
> killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay
>                                            ^^^^^^^^^
> ...
> killproc -p /var/run/rngd.pid /usr/sbin/rngd
>                                        ^^^^^
> ...
> killproc -p /var/run/snort_$DEVICE.pid /var/run
>                                        ^^^^^^^^
> 
> IMHO, all these should be changed to "pathname to the specified program"
> as cited above ('/usr/sbin').
> 
> Can anyone please confirm?
> 
> Best,
> Matthias

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: Wrong 'pathname to specified program' for 'killproc' in some init-files!?

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 3525 bytes --]

Hi,

On 24.04.2017 12:24, Michael Tremer wrote:
> Hi,
> 
> yes indeed.
> 
> But is not 100% necessary to pass the -p parameter with the PID file. I just
> removed that when ever it got difficult to use and did not even add that for new
> scripts.

I noticed that. 'killproc' is used in two different ways.

'killproc -p' is only used in four init-scripts (dhcp, dhcrelay, rngd
and snort). All other scripts use 'killproc [PROGRAMNAME]', sometimes
'killproc [PATH][PROGRAMNAME].

As I'm not really sure about this: which solution should we prefer?

> But using $DEVICE is definitely wrong in the snort script.

Ok - but as far as I can see, this is working?

Improving this would lead to changing the complete 'start'- and
'stop'-section:

Example:
...
 stop)
  DEVICES=""
  if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
   DEVICES+="$BLUE_DEV "
  fi
  if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
   DEVICES+="$GREEN_DEV "
  fi

  if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
   DEVICES+="$ORANGE_DEV "
  fi

  RED=`cat /var/ipfire/red/iface 2>/dev/null`
  if [ -r /var/run/snort_$RED.pid ]; then
   DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
  fi

   for DEVICE in $DEVICES; do
    boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
    killproc -p /var/run/snort_$DEVICE.pid /var/run
   done
...

The whole thing began because I wanted a 'reload' section for 'snort'
for use after automatic rule updates, which seems to work:

...
 reload)
  DEVICES=""
  if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
   DEVICES+="$BLUE_DEV "
  fi

  if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
   DEVICES+="$GREEN_DEV "
  fi

  if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
   DEVICES+="$ORANGE_DEV "
  fi

  RED=`cat /var/ipfire/red/iface 2>/dev/null`
   if [ -r /var/run/snort_$RED.pid ]; then
    DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
   fi

  for DEVICE in $DEVICES; do
   boot_mesg "Reloading Intrusion Detection System on $DEVICE..."
   /bin/kill -SIGHUP `cat /var/run/snort_$DEVICE.pid`
   evaluate_retval
  done
  ;;
...

Any better solution is welcome... ;-))

Best,

Matthias

> -Michael
> 
> On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
>> Hi,
>> 
>> while searching for something else I found this:
>> 
>> Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):
>> 
>> "# Function - killproc  [-p pidfile] pathname [signal]
>> #
>> # Purpose:
>> #
>> # Inputs: -p pidfile, uses the specified pidfile
>> #         pathname, pathname to the specified program
>> ..."
>> 
>> But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the
>> PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to
>> an error (FAIL) if both 'green0' and 'red0' are enabled and should be
>> both stopped:
>> 
>> ...
>> killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
>>                                         ^^^^^^
>> ...
>> killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay
>>                                            ^^^^^^^^^
>> ...
>> killproc -p /var/run/rngd.pid /usr/sbin/rngd
>>                                        ^^^^^
>> ...
>> killproc -p /var/run/snort_$DEVICE.pid /var/run
>>                                        ^^^^^^^^
>> 
>> IMHO, all these should be changed to "pathname to the specified program"
>> as cited above ('/usr/sbin').
>> 
>> Can anyone please confirm?
>> 
>> Best,
>> Matthias
> 

Re: Wrong 'pathname to specified program' for 'killproc' in some init-files!?

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 4470 bytes --]

Hi,

well this looks okay. If you would want to clean this up a little bit more and
add some comments, I would accept it as a patch.

Here, it is not an option to call killproc without the PID file since it would
kill all running instances of snort at once. We usually always do this anyway
though.

-Michael

On Mon, 2017-04-24 at 13:57 +0200, Matthias Fischer wrote:
> Hi,
> 
> On 24.04.2017 12:24, Michael Tremer wrote:
> > Hi,
> > 
> > yes indeed.
> > 
> > But is not 100% necessary to pass the -p parameter with the PID file. I just
> > removed that when ever it got difficult to use and did not even add that for
> > new
> > scripts.
> 
> I noticed that. 'killproc' is used in two different ways.
> 
> 'killproc -p' is only used in four init-scripts (dhcp, dhcrelay, rngd
> and snort). All other scripts use 'killproc [PROGRAMNAME]', sometimes
> 'killproc [PATH][PROGRAMNAME].
> 
> As I'm not really sure about this: which solution should we prefer?
> 
> > But using $DEVICE is definitely wrong in the snort script.
> 
> Ok - but as far as I can see, this is working?
> 
> Improving this would lead to changing the complete 'start'- and
> 'stop'-section:
> 
> Example:
> ...
>  stop)
>   DEVICES=""
>   if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
>    DEVICES+="$BLUE_DEV "
>   fi
>   if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
>    DEVICES+="$GREEN_DEV "
>   fi
> 
>   if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
>    DEVICES+="$ORANGE_DEV "
>   fi
> 
>   RED=`cat /var/ipfire/red/iface 2>/dev/null`
>   if [ -r /var/run/snort_$RED.pid ]; then
>    DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
>   fi
> 
>    for DEVICE in $DEVICES; do
>     boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
>     killproc -p /var/run/snort_$DEVICE.pid /var/run
>    done
> ...
> 
> The whole thing began because I wanted a 'reload' section for 'snort'
> for use after automatic rule updates, which seems to work:
> 
> ...
>  reload)
>   DEVICES=""
>   if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
>    DEVICES+="$BLUE_DEV "
>   fi
> 
>   if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
>    DEVICES+="$GREEN_DEV "
>   fi
> 
>   if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
>    DEVICES+="$ORANGE_DEV "
>   fi
> 
>   RED=`cat /var/ipfire/red/iface 2>/dev/null`
>    if [ -r /var/run/snort_$RED.pid ]; then
>     DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
>    fi
> 
>   for DEVICE in $DEVICES; do
>    boot_mesg "Reloading Intrusion Detection System on $DEVICE..."
>    /bin/kill -SIGHUP `cat /var/run/snort_$DEVICE.pid`
>    evaluate_retval
>   done
>   ;;
> ...
> 
> Any better solution is welcome... ;-))
> 
> Best,
> 
> Matthias
> 
> > -Michael
> > 
> > On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
> > > Hi,
> > > 
> > > while searching for something else I found this:
> > > 
> > > Usage for the 'killproc'-function in '/etc/init.d/'-files should be
> > > (cited):
> > > 
> > > "# Function - killproc  [-p pidfile] pathname [signal]
> > > #
> > > # Purpose:
> > > #
> > > # Inputs: -p pidfile, uses the specified pidfile
> > > #         pathname, pathname to the specified program
> > > ..."
> > > 
> > > But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the
> > > PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to
> > > an error (FAIL) if both 'green0' and 'red0' are enabled and should be
> > > both stopped:
> > > 
> > > ...
> > > killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
> > >                                         ^^^^^^
> > > ...
> > > killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay
> > >                                            ^^^^^^^^^
> > > ...
> > > killproc -p /var/run/rngd.pid /usr/sbin/rngd
> > >                                        ^^^^^
> > > ...
> > > killproc -p /var/run/snort_$DEVICE.pid /var/run
> > >                                        ^^^^^^^^
> > > 
> > > IMHO, all these should be changed to "pathname to the specified program"
> > > as cited above ('/usr/sbin').
> > > 
> > > Can anyone please confirm?
> > > 
> > > Best,
> > > Matthias
> 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]