From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject:
 Re: Wrong 'pathname to specified program' for 'killproc' in some init-files!?
Date: Mon, 24 Apr 2017 15:31:08 +0100
Message-ID: <1493044268.3373.29.camel@ipfire.org>
In-Reply-To: <88730330-6904-65a3-74c4-04796c883947@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4840992772091078835=="
List-Id: <development.lists.ipfire.org>

--===============4840992772091078835==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

well this looks okay. If you would want to clean this up a little bit more and
add some comments, I would accept it as a patch.

Here, it is not an option to call killproc without the PID file since it would
kill all running instances of snort at once. We usually always do this anyway
though.

-Michael

On Mon, 2017-04-24 at 13:57 +0200, Matthias Fischer wrote:
> Hi,
>=20
> On 24.04.2017 12:24, Michael Tremer wrote:
> > Hi,
> >=20
> > yes indeed.
> >=20
> > But is not 100% necessary to pass the -p parameter with the PID file. I j=
ust
> > removed that when ever it got difficult to use and did not even add that =
for
> > new
> > scripts.
>=20
> I noticed that. 'killproc' is used in two different ways.
>=20
> 'killproc -p' is only used in four init-scripts (dhcp, dhcrelay, rngd
> and snort). All other scripts use 'killproc [PROGRAMNAME]', sometimes
> 'killproc [PATH][PROGRAMNAME].
>=20
> As I'm not really sure about this: which solution should we prefer?
>=20
> > But using $DEVICE is definitely wrong in the snort script.
>=20
> Ok - but as far as I can see, this is working?
>=20
> Improving this would lead to changing the complete 'start'- and
> 'stop'-section:
>=20
> Example:
> ...
> =C2=A0stop)
> =C2=A0 DEVICES=3D""
> =C2=A0 if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D"$BLUE_DEV "
> =C2=A0 fi
> =C2=A0 if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D"$GREEN_DEV "
> =C2=A0 fi
>=20
> =C2=A0 if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D"$ORANGE_DEV "
> =C2=A0 fi
>=20
> =C2=A0 RED=3D`cat /var/ipfire/red/iface 2>/dev/null`
> =C2=A0 if [ -r /var/run/snort_$RED.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D`cat /var/ipfire/red/iface 2>/dev/null`
> =C2=A0 fi
>=20
> =C2=A0=C2=A0=C2=A0for DEVICE in $DEVICES; do
> =C2=A0=C2=A0=C2=A0=C2=A0boot_mesg "Stopping Intrusion Detection System on $=
DEVICE..."
> =C2=A0=C2=A0=C2=A0=C2=A0killproc -p /var/run/snort_$DEVICE.pid /var/run
> =C2=A0=C2=A0=C2=A0done
> ...
>=20
> The whole thing began because I wanted a 'reload' section for 'snort'
> for use after automatic rule updates, which seems to work:
>=20
> ...
> =C2=A0reload)
> =C2=A0 DEVICES=3D""
> =C2=A0 if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D"$BLUE_DEV "
> =C2=A0 fi
>=20
> =C2=A0 if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D"$GREEN_DEV "
> =C2=A0 fi
>=20
> =C2=A0 if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
> =C2=A0=C2=A0=C2=A0DEVICES+=3D"$ORANGE_DEV "
> =C2=A0 fi
>=20
> =C2=A0 RED=3D`cat /var/ipfire/red/iface 2>/dev/null`
> =C2=A0=C2=A0=C2=A0if [ -r /var/run/snort_$RED.pid ]; then
> =C2=A0=C2=A0=C2=A0=C2=A0DEVICES+=3D`cat /var/ipfire/red/iface 2>/dev/null`
> =C2=A0=C2=A0=C2=A0fi
>=20
> =C2=A0 for DEVICE in $DEVICES; do
> =C2=A0=C2=A0=C2=A0boot_mesg "Reloading Intrusion Detection System on $DEVIC=
E..."
> =C2=A0=C2=A0=C2=A0/bin/kill -SIGHUP `cat /var/run/snort_$DEVICE.pid`
> =C2=A0=C2=A0=C2=A0evaluate_retval
> =C2=A0 done
> =C2=A0 ;;
> ...
>=20
> Any better solution is welcome... ;-))
>=20
> Best,
>=20
> Matthias
>=20
> > -Michael
> >=20
> > On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
> > > Hi,
> > >=20
> > > while searching for something else I found this:
> > >=20
> > > Usage for the 'killproc'-function in '/etc/init.d/'-files should be
> > > (cited):
> > >=20
> > > "# Function - killproc=C2=A0=C2=A0[-p pidfile] pathname [signal]
> > > #
> > > # Purpose:
> > > #
> > > # Inputs: -p pidfile, uses the specified pidfile
> > > #=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0pathname, pathna=
me to the specified program
> > > ..."
> > >=20
> > > But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the
> > > PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to
> > > an error (FAIL) if both 'green0' and 'red0' are enabled and should be
> > > both stopped:
> > >=20
> > > ...
> > > killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0^^^^^^
> > > ...
> > > killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0^^^^^^^^^
> > > ...
> > > killproc -p /var/run/rngd.pid /usr/sbin/rngd
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0^^^^^
> > > ...
> > > killproc -p /var/run/snort_$DEVICE.pid /var/run
> > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0^^^^^^^^
> > >=20
> > > IMHO, all these should be changed to "pathname to the specified program"
> > > as cited above ('/usr/sbin').
> > >=20
> > > Can anyone please confirm?
> > >=20
> > > Best,
> > > Matthias
>=20
>=20

--===============4840992772091078835==
Content-Type: application/pgp-signature
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="signature.asc"
MIME-Version: 1.0

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjIKCmlRSWNCQUFC
Q2dBR0JRSlkvZ3dzQUFvSkVJQjU4UDl2a0FrSFBSWVAvMWlocmZsRG5lZnc0aERwcDRxUlU4NDQK
OXNUb1oxeWFCQkJhN2JSSXRHcVZUMitydGxhbGtrR00zK0pORlY2djdjWndNc3ByVHZ5cTZLeWY2
QjJ3b0JNVAo1Um9QZUNDcytjaFdORXMvN2pzdG4yMzE3dzgzYmZpdUprZk9vb0FOSTZkMkQxMkJn
Zm83blU1c2RRZFdrc0s3CktBaGhNcDJhQjZqL1dpdi9hVXd4Zm1wcVhqWWN3cEpPZ0wwWG91bkNL
b3RJTDBNOGRRUGRLRTlIL3FMeDNtRkcKMTlXTXpmK1V4OUp3UzBaa0dDTDk1ZHhVOWZUdzFSc2Ra
d1ZXL1VTeVZWTitDa0ZibWt4NG1QaDFFVEJpS3QvUgpOU25DdkRIRVc2a1RLUklzVnhUOUNIM3Zu
YzBJdzg5dGhyL082NzRkT3FoYmkxYXg3d1RNelVPOHd3Rnp0cFJzCkZrVFNNVGFXbVBma1NRdjg5
cWhKODkwamF2OGxtdThXczlKdElVcXpqYk5Sa21wVHIvMkgrTHlPbzdLYTRqS3UKTllqVVptUWhh
WHpuV3dKd1V0K1Azd0lGczAyMjBqelE4M2VaZ09MR2dKQzNNWG9XOWVvd1BsRm8yMlhNTUE1TQpX
WHY0ajJaY2VFN0NYNFNBcWJJVVplUUgxT2I3N2QvdzBqbmswbWcybFVwQ2hxa2syeDU4M3pvdjFE
NWxTNGdhCkgrSWdrbTN3azdZYkZZbUo2a0UrQVlDTlJLVUdBVWtpdTNvU3pIY3ptNWprMEdERTBH
TUZncmJTeTR6VU5uZUoKS2xrQ1ducVdmNk5RaXRQTVJPT2VmcHRCTUl6N2NMVHdhZldKNCtTK001
UmRPN2pqRkdWMGlyOGRtMVQ0VFJvZwpOSElEdnpiTnkxeEgrYzZnSE9WdQo9Lzh2KwotLS0tLUVO
RCBQR1AgU0lHTkFUVVJFLS0tLS0K

--===============4840992772091078835==--