2010-06-18 Ramon Novoa <rnovoa@artica.es>

* unix/pandora_exec: Added to repository. pandora_exec script. * unix/pandora_agent_installer, unix/DEBIAN/postinst, unix/DEBIAN/make_deb_package.sh, unix/pandora_agent.spec: Added the pandora_exec script to the installation. * unix/pandora_agent_daemon: Added support for running the agent as an unprivileged user. * unix/pandora_agent: Added timeout support for module_exec modules. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2915 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-06-18 12:36:19 +00:00 · 2010-06-18 12:36:19 +00:00 · 598be13059
parent 11a17092c5
commit 598be13059
8 changed files with 140 additions and 34 deletions
--- a/pandora_agents/ChangeLog
+++ b/pandora_agents/ChangeLog
@ -1,3 +1,16 @@
+2010-06-18  Ramon Novoa  <rnovoa@artica.es>
+	
+	* unix/pandora_exec: Added to repository. pandora_exec script.
+
+	* unix/pandora_agent_installer, unix/DEBIAN/postinst,
+	  unix/DEBIAN/make_deb_package.sh, unix/pandora_agent.spec: Added the
+	  pandora_exec script to the installation.
+
+	* unix/pandora_agent_daemon: Added support for running the agent as
+	  an unprivileged user.
+	
+	* unix/pandora_agent: Added timeout support for module_exec modules.
+
 2010-06-14  Junichi Satoh  <junichi@rworks.jp>

 	* unix/pandora_agent_installer: Set execute bit to startup script
--- a/pandora_agents/unix/DEBIAN/make_deb_package.sh
+++ b/pandora_agents/unix/DEBIAN/make_deb_package.sh
@ -46,6 +46,7 @@ chmod 755 -R temp_package/DEBIAN
 cp -aRf * temp_package/usr/share/pandora_agent/
 cp -aRf tentacle_client temp_package/usr/bin/
 cp -aRf pandora_agent temp_package/usr/bin/
+cp -aRf pandora_exec temp_package/usr/bin/
 cp -aRf pandora_agent_daemon temp_package/etc/init.d/pandora_agent_daemon
 cp Linux/pandora_agent.conf temp_package/etc/pandora/

--- a/pandora_agents/unix/DEBIAN/postinst
+++ b/pandora_agents/unix/DEBIAN/postinst
@ -2,6 +2,7 @@

 PANDORA_LOG=/var/log/pandora/pandora_agent.log
 PANDORA_BIN=/usr/bin/pandora_agent
+PANDORA_EXEC_BIN=/usr/bin/pandora_agent
 PANDORA_HOME=/usr/share/pandora_agent
 PANDORA_TEMP=/var/spool/pandora/data_out
 PANDORA_CFG=/etc/pandora
@ -21,6 +22,7 @@ echo "$LOG_TIMESTAMP Pandora FMS installer has created this file at startup" > $

 echo "Setting secure permissions and ownership for all Pandora FMS Agent files..."
 chmod 700 $PANDORA_BIN
+chmod 700 $PANDORA_EXEC_BIN
 chmod 600 $PANDORA_HOME/pandora_agent.conf
 chmod -R 700 $PANDORA_HOME/plugins
 chown -R root $PANDORA_HOME
@ -28,6 +30,7 @@ chmod -R 600 $PANDORA_TEMP
 chmod 640 $PANDORA_LOG
 chgrp root $PANDORA_LOG
 chown -R root:root $PANDORA_BIN
+chown -R root:root $PANDORA_EXEC_BIN

 echo "Linking start-up daemon script to /etc/rc$INITLV.d";
 update-rc.d pandora_agent_daemon defaults
--- a/pandora_agents/unix/pandora_agent
+++ b/pandora_agents/unix/pandora_agent
@ -114,7 +114,8 @@ my %Conf = (
 	'secondary_server_ssl' => 'no',
 	'secondary_server_opts' => '',
 	'autotime' => 0,
-	'timezone_offset' => 0
+	'timezone_offset' => 0,
+	'pandora_exec' => 'pandora_exec'
 );

 # Modules
@ -228,6 +229,7 @@ sub read_config (;$) {
 				'params' => '',
 				'description' => '',
 				'interval' => 1,
+				'timeout' => 0,
 				'counter' => 0,
 				'max' => 0,
 				'min' => 0,
@ -275,6 +277,8 @@ sub read_config (;$) {

 			# Make the module run the first time
 			$module->{'counter'} = $1;
+		} elsif ($line =~ /^\s*module_timeout\s+(\d+)\s*$/) {
+			$module->{'timeout'} = $1;
 		} elsif ($line =~ /^\s*module_end\s*$/) {
 			next unless ($module->{'name'} ne '') and ($module->{'func'} != 0);
 			push (@Modules, $module);
@ -711,12 +715,17 @@ sub load_parts () {
 ################################################################################
 sub module_exec ($) {
 	my $module = shift;
+	my @data;

 	# Check module parameters
 	return () unless ($module->{'params'} ne '');

 	# Execute the command
-	my @data = `$module->{'params'} 2> /dev/null`;
+	if ($module->{'timeout'} == 0) {
+		@data = `$module->{'params'} 2> /dev/null`;
+	} else {
+		@data = `$Conf{'pandora_exec'} $module->{'timeout'} $module->{'params'} 2> /dev/null`;
+	}

 	# Something went wrong or no data
 	return () unless ($? eq 0 && defined ($data[0]));
--- a/pandora_agents/unix/pandora_agent.spec
+++ b/pandora_agents/unix/pandora_agent.spec
@ -44,6 +44,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/
 cp -aRf * $RPM_BUILD_ROOT%{prefix}/pandora_agent/
 cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/tentacle_client $RPM_BUILD_ROOT/usr/bin/
 cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent $RPM_BUILD_ROOT/usr/bin/
+cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_exec $RPM_BUILD_ROOT/usr/bin/
 cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/init.d/pandora_agent_daemon
 cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/init.d/pandora_agent_daemon
 cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/pandora_agent.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/
@ -111,6 +112,7 @@ exit 0
 %files
 %defattr(750,pandora,root)
 /usr/bin/pandora_agent
+/usr/bin/pandora_exec

 %defattr(770,pandora,root)
 /var/log/pandora/
--- a/pandora_agents/unix/pandora_agent_daemon
+++ b/pandora_agents/unix/pandora_agent_daemon
@ -22,6 +22,7 @@

 PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
 PANDORA_PATH=/etc/pandora
+PANDORA_USER=root
 DAEMON=/usr/bin/pandora_agent
 LOGFILE=/var/log/pandora/pandora_agent.log

@ -55,7 +56,12 @@ case "$1" in
 			echo "Cannot launch again. Aborting."
 			exit 1
 		fi
-		nohup $DAEMON $PANDORA_PATH 2> $LOGFILE & 
+		if [ "$PANDORA_USER" = "root" ]
+		then
+			nohup $DAEMON $PANDORA_PATH 2> $LOGFILE & 
+		else
+			sudo -u $PANDORA_USER $DAEMON $PANDORA_PATH >/dev/null 2> $LOGFILE & 
+		fi
 		rm nohup.out 2> /dev/null
 		sleep 2
 		PANDORA_PID=`pidof_pandora`
--- a/pandora_agents/unix/pandora_agent_installer
+++ b/pandora_agents/unix/pandora_agent_installer
@ -17,6 +17,7 @@ FORCE=0
 LOG_TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"`
 PANDORA_HOME=/usr/share/pandora_agent
 PANDORA_BIN=/usr/bin/pandora_agent
+PANDORA_EXEC_BIN=/usr/bin/pandora_exec
 PANDORA_TEMP=/var/spool/pandora
 PANDORA_CFG=/etc/pandora
 PANDORA_LOG_DIR=/var/log/pandora
@ -26,6 +27,7 @@ PANDORA_MAN=/usr/share/man

 MODE=$1
 PANDORA_BASE=$2
+PANDORA_USER=$3

 # Check for Perl 5.6.x or higher available
 PERL_VERSION=`perl -v | egrep 'v5.6|v5.7|v5.8|v5.9|v5.1[0-9]' | grep perl`
@ -57,24 +59,25 @@ then
 	exit 2
 fi

-if [ ! -f "pandora_agent" ]
-then
+help () {
+	echo "Syntax":
 	echo " "
-	echo "Execute installer from the directory where you have your files. "
-    echo "Syntax":
+	echo "    ./pandora_agent_installer < --mode > [ destination_path ] [ user_to_run_as ]"
 	echo " "
-	echo "    ./pandora_agent_install < --mode > [ destination_path ]"
+	echo "Modes:"
 	echo " "
+	echo "  --force-install      To force installation if already installed on system"
+	echo "  --install            To install Pandora FMS Agent on this system"
+	echo "  --uninstall          To uninstall/remove Pandora FMS Agent on this System"
+	echo " "	
 	echo "Some exaples of how to use the installer:"
 	echo " "
-	echo "    cd /tmp/pandora_install "
 	echo "   ./pandora_agent_installer --install"
-	echo "   ./pandora_agent_installer --install-with-links /var/opt/PandoraFMS"
 	echo "   ./pandora_agent_installer --install /opt/pandora"
-    echo "   ./pandora_agent_installer --uninstall /opt/pandora"
+	echo "   ./pandora_agent_installer --install \"\" pandora"
+	echo "   ./pandora_agent_installer --uninstall /opt/pandora"
 	echo " "
-	exit 1
-fi
+}

 uninstall () {
 	OS_NAME=`uname -s`
@ -82,6 +85,7 @@ uninstall () {
        then
 		PANDORA_HOME=/usr/local/share/pandora_agent
 		PANDORA_BIN=/usr/local/bin/pandora_agent
+		PANDORA_EXEC_BIN=/usr/local/bin/pandora_exec
 		PANDORA_CFG=/usr/local/etc/pandora
 		TENTACLE=/usr/local/bin/tentacle_client
 		PANDORA_MAN=/usr/local/man
@ -89,6 +93,7 @@ uninstall () {

 	echo "Removing Pandora FMS Agent..."
 	rm -Rf $PANDORA_BASE$PANDORA_BIN 2> /dev/null
+	rm -Rf $PANDORA_BASE$PANDORA_EXEC_BIN 2> /dev/null
 	
 	#Test if exist Pandora Server in this machine
 	if [ -d $PANDORA_BASE$PANDORA_TEMP/data_in ]
@ -138,6 +143,7 @@ install () {
 	then
 		PANDORA_HOME=/usr/local/share/pandora_agent
 		PANDORA_BIN=/usr/local/bin/pandora_agent
+		PANDORA_EXEC_BIN=/usr/local/bin/pandora_exec
 		PANDORA_CFG=/usr/local/etc/pandora
 		TENTACLE=/usr/local/bin/tentacle_client
 		PANDORA_MAN=/usr/local/man
@ -186,6 +192,15 @@ install () {
 	mkdir -p $PANDORA_BASE$PANDORA_CFG 2> /dev/null
 	mkdir -p $PANDORA_BASE$PANDORA_LOG_DIR 2> /dev/null

+	# Set the user the agent will run as
+	if [ "$PANDORA_USER" != "" ]
+	then
+		sed -e "s/^\s*PANDORA_USER=.*/PANDORA_USER=$PANDORA_USER/" pandora_agent_daemon > pandora_agent_daemon.tmp 	2> /dev/null && \
+		mv pandora_agent_daemon.tmp pandora_agent_daemon
+		rm -f pandora_agent_daemon.tmp 2> /dev/null
+		chmod 755 pandora_agent_daemon
+	fi
+
 	# Create logfile
 	if [ ! -z "`touch $PANDORA_BASE$PANDORA_LOG_DIR/$PANDORA_LOG`" ]
 	then
@ -199,11 +214,15 @@ install () {
 	echo "Copying Pandora FMS Agent to $PANDORA_BASE$PANDORA_BIN..."
 	cp pandora_agent $PANDORA_BASE$PANDORA_BIN
 	chmod 755 $PANDORA_BASE$PANDORA_BIN
+	cp pandora_exec $PANDORA_BASE$PANDORA_EXEC_BIN
+	chmod 755 $PANDORA_BASE$PANDORA_EXEC_BIN
 	if [ "$OS_NAME" = "FreeBSD" ]
 	then
 		chown root:wheel $PANDORA_BASE$PANDORA_BIN
+		chown root:wheel $PANDORA_BASE$PANDORA_EXEC_BIN
 	else
 		chown root:root $PANDORA_BASE$PANDORA_BIN
+		chown root:root $PANDORA_BASE$PANDORA_EXEC_BIN
 	fi

 	echo "Copying Pandora FMS Agent configuration file to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf..."
@ -303,7 +322,9 @@ install () {

 	cp $OS_NAME/pandora_agent.conf $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf
 	chmod 600 $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf
-	chown root $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf
+	chown $PANDORA_USER $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf
+	chmod 711 $PANDORA_BASE$PANDORA_LOG_DIR
+	chown $PANDORA_USER $PANDORA_BASE$PANDORA_LOG_DIR/$PANDORA_LOG

 	if [ "$OS_NAME" = "FreeBSD" ]
 	then
@ -386,27 +407,13 @@ install () {

 }

-help () {
-    echo "Syntax":
+if [ ! -f "pandora_agent" ]
+then
 	echo " "
-	echo "    ./pandora_agent_install < --mode > [ destination_path ]"
-	echo " "
-	echo "Modes:"
-	echo " "
-    echo "  --force-install      To force installation if already installed on system"
-    echo "                       (Not compatible with --install-with-links "
-    echo "  --install            To install Pandora FMS Agent on this system"
-    echo "  --uninstall          To uninstall/remove Pandora FMS Agent on this System"
-	echo " "	
-    echo "Some exaples of how to use the installer:"
-	echo " "
-	echo "    cd /tmp/pandora_install "
-	echo "   ./pandora_agent_installer --install"
-	echo "   ./pandora_agent_installer --install /opt/pandora"
-    echo "   ./pandora_agent_installer --uninstall /opt/pandora"
-
-    echo " "
-}
+	echo "Execute installer from the directory where you have your files. "
+	help
+	exit 1
+fi

 # Script banner at start
 echo " "
--- a/pandora_agents/unix/pandora_exec
+++ b/pandora_agents/unix/pandora_exec
@ -0,0 +1,65 @@
+#!/usr/bin/perl
+##########################################################################
+# pandora_exec
+#
+# Executes the given command and prints its output to stdout. If the
+# execution times out or the command does not exist nothing is printed
+# to stdout. This is part of Pandora FMS Plugin server, do not delete!.
+#
+# Usage: pandora_exec <timeout in seconds> <command> [arguments]
+##########################################################################
+# Copyright (c) 2008 Ramon Novoa, rnovoa@gmail.com
+#           (c) 2008 Artica Soluciones Tecnologicas S.L
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; version 2.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+##########################################################################
+
+use strict;
+use warnings;
+
+# Check command line parameters 
+if ($#ARGV < 1) {
+	exit 1;	
+}
+
+my @opts = @ARGV;
+my $timeout = shift(@opts);
+my $command = quotemeta(shift(@opts));
+my $arguments = join(' ', @opts);
+my $output = '';
+my $ReturnCode = 0;
+
+
+# Check that the command exists
+if (system("$command >/dev/null 2>&1") == 32512) {
+	exit 2;
+}
+
+# Execute the command
+eval {
+	local $SIG{ALRM} = sub { die "alarm\n" };
+	alarm $timeout;
+
+	$output = `$command $arguments`;
+	$ReturnCode = ($? >> 8) & 0xff;
+	alarm 0;
+};
+
+# Timeout
+if ($@ eq "alarm\n") {
+	exit 3;
+}
+
+print $output;
+
+exit $ReturnCode;