From 598be13059d55629e512b834a040c750c17d906d Mon Sep 17 00:00:00 2001 From: Ramon Novoa Date: Fri, 18 Jun 2010 12:36:19 +0000 Subject: [PATCH] 2010-06-18 Ramon Novoa * unix/pandora_exec: Added to repository. pandora_exec script. * unix/pandora_agent_installer, unix/DEBIAN/postinst, unix/DEBIAN/make_deb_package.sh, unix/pandora_agent.spec: Added the pandora_exec script to the installation. * unix/pandora_agent_daemon: Added support for running the agent as an unprivileged user. * unix/pandora_agent: Added timeout support for module_exec modules. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2915 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_agents/ChangeLog | 13 ++++ .../unix/DEBIAN/make_deb_package.sh | 1 + pandora_agents/unix/DEBIAN/postinst | 3 + pandora_agents/unix/pandora_agent | 13 +++- pandora_agents/unix/pandora_agent.spec | 2 + pandora_agents/unix/pandora_agent_daemon | 8 ++- pandora_agents/unix/pandora_agent_installer | 69 ++++++++++--------- pandora_agents/unix/pandora_exec | 65 +++++++++++++++++ 8 files changed, 140 insertions(+), 34 deletions(-) create mode 100755 pandora_agents/unix/pandora_exec diff --git a/pandora_agents/ChangeLog b/pandora_agents/ChangeLog index e9dcacae60..7d92e43dc4 100644 --- a/pandora_agents/ChangeLog +++ b/pandora_agents/ChangeLog @@ -1,3 +1,16 @@ +2010-06-18 Ramon Novoa + + * unix/pandora_exec: Added to repository. pandora_exec script. + + * unix/pandora_agent_installer, unix/DEBIAN/postinst, + unix/DEBIAN/make_deb_package.sh, unix/pandora_agent.spec: Added the + pandora_exec script to the installation. + + * unix/pandora_agent_daemon: Added support for running the agent as + an unprivileged user. + + * unix/pandora_agent: Added timeout support for module_exec modules. + 2010-06-14 Junichi Satoh * unix/pandora_agent_installer: Set execute bit to startup script diff --git a/pandora_agents/unix/DEBIAN/make_deb_package.sh b/pandora_agents/unix/DEBIAN/make_deb_package.sh index b9a6ad6c7d..3d194a97a4 100644 --- a/pandora_agents/unix/DEBIAN/make_deb_package.sh +++ b/pandora_agents/unix/DEBIAN/make_deb_package.sh @@ -46,6 +46,7 @@ chmod 755 -R temp_package/DEBIAN cp -aRf * temp_package/usr/share/pandora_agent/ cp -aRf tentacle_client temp_package/usr/bin/ cp -aRf pandora_agent temp_package/usr/bin/ +cp -aRf pandora_exec temp_package/usr/bin/ cp -aRf pandora_agent_daemon temp_package/etc/init.d/pandora_agent_daemon cp Linux/pandora_agent.conf temp_package/etc/pandora/ diff --git a/pandora_agents/unix/DEBIAN/postinst b/pandora_agents/unix/DEBIAN/postinst index 4ee8c3d45c..664888e41c 100755 --- a/pandora_agents/unix/DEBIAN/postinst +++ b/pandora_agents/unix/DEBIAN/postinst @@ -2,6 +2,7 @@ PANDORA_LOG=/var/log/pandora/pandora_agent.log PANDORA_BIN=/usr/bin/pandora_agent +PANDORA_EXEC_BIN=/usr/bin/pandora_agent PANDORA_HOME=/usr/share/pandora_agent PANDORA_TEMP=/var/spool/pandora/data_out PANDORA_CFG=/etc/pandora @@ -21,6 +22,7 @@ echo "$LOG_TIMESTAMP Pandora FMS installer has created this file at startup" > $ echo "Setting secure permissions and ownership for all Pandora FMS Agent files..." chmod 700 $PANDORA_BIN +chmod 700 $PANDORA_EXEC_BIN chmod 600 $PANDORA_HOME/pandora_agent.conf chmod -R 700 $PANDORA_HOME/plugins chown -R root $PANDORA_HOME @@ -28,6 +30,7 @@ chmod -R 600 $PANDORA_TEMP chmod 640 $PANDORA_LOG chgrp root $PANDORA_LOG chown -R root:root $PANDORA_BIN +chown -R root:root $PANDORA_EXEC_BIN echo "Linking start-up daemon script to /etc/rc$INITLV.d"; update-rc.d pandora_agent_daemon defaults diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent index ce7d38e903..8dcaba2252 100755 --- a/pandora_agents/unix/pandora_agent +++ b/pandora_agents/unix/pandora_agent @@ -114,7 +114,8 @@ my %Conf = ( 'secondary_server_ssl' => 'no', 'secondary_server_opts' => '', 'autotime' => 0, - 'timezone_offset' => 0 + 'timezone_offset' => 0, + 'pandora_exec' => 'pandora_exec' ); # Modules @@ -228,6 +229,7 @@ sub read_config (;$) { 'params' => '', 'description' => '', 'interval' => 1, + 'timeout' => 0, 'counter' => 0, 'max' => 0, 'min' => 0, @@ -275,6 +277,8 @@ sub read_config (;$) { # Make the module run the first time $module->{'counter'} = $1; + } elsif ($line =~ /^\s*module_timeout\s+(\d+)\s*$/) { + $module->{'timeout'} = $1; } elsif ($line =~ /^\s*module_end\s*$/) { next unless ($module->{'name'} ne '') and ($module->{'func'} != 0); push (@Modules, $module); @@ -711,12 +715,17 @@ sub load_parts () { ################################################################################ sub module_exec ($) { my $module = shift; + my @data; # Check module parameters return () unless ($module->{'params'} ne ''); # Execute the command - my @data = `$module->{'params'} 2> /dev/null`; + if ($module->{'timeout'} == 0) { + @data = `$module->{'params'} 2> /dev/null`; + } else { + @data = `$Conf{'pandora_exec'} $module->{'timeout'} $module->{'params'} 2> /dev/null`; + } # Something went wrong or no data return () unless ($? eq 0 && defined ($data[0])); diff --git a/pandora_agents/unix/pandora_agent.spec b/pandora_agents/unix/pandora_agent.spec index 0222ff59a9..d0365a4be3 100755 --- a/pandora_agents/unix/pandora_agent.spec +++ b/pandora_agents/unix/pandora_agent.spec @@ -44,6 +44,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1/ cp -aRf * $RPM_BUILD_ROOT%{prefix}/pandora_agent/ cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/tentacle_client $RPM_BUILD_ROOT/usr/bin/ cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent $RPM_BUILD_ROOT/usr/bin/ +cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_exec $RPM_BUILD_ROOT/usr/bin/ cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/init.d/pandora_agent_daemon cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/pandora_agent_daemon $RPM_BUILD_ROOT/etc/init.d/pandora_agent_daemon cp -aRf $RPM_BUILD_ROOT%{prefix}/pandora_agent/man/man1/pandora_agent.1.gz $RPM_BUILD_ROOT/usr/share/man/man1/ @@ -111,6 +112,7 @@ exit 0 %files %defattr(750,pandora,root) /usr/bin/pandora_agent +/usr/bin/pandora_exec %defattr(770,pandora,root) /var/log/pandora/ diff --git a/pandora_agents/unix/pandora_agent_daemon b/pandora_agents/unix/pandora_agent_daemon index 00a91c3637..11d7597478 100755 --- a/pandora_agents/unix/pandora_agent_daemon +++ b/pandora_agents/unix/pandora_agent_daemon @@ -22,6 +22,7 @@ PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin PANDORA_PATH=/etc/pandora +PANDORA_USER=root DAEMON=/usr/bin/pandora_agent LOGFILE=/var/log/pandora/pandora_agent.log @@ -55,7 +56,12 @@ case "$1" in echo "Cannot launch again. Aborting." exit 1 fi - nohup $DAEMON $PANDORA_PATH 2> $LOGFILE & + if [ "$PANDORA_USER" = "root" ] + then + nohup $DAEMON $PANDORA_PATH 2> $LOGFILE & + else + sudo -u $PANDORA_USER $DAEMON $PANDORA_PATH >/dev/null 2> $LOGFILE & + fi rm nohup.out 2> /dev/null sleep 2 PANDORA_PID=`pidof_pandora` diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer index 98a86bf5b1..6b50172cc7 100755 --- a/pandora_agents/unix/pandora_agent_installer +++ b/pandora_agents/unix/pandora_agent_installer @@ -17,6 +17,7 @@ FORCE=0 LOG_TIMESTAMP=`date +"%Y/%m/%d %H:%M:%S"` PANDORA_HOME=/usr/share/pandora_agent PANDORA_BIN=/usr/bin/pandora_agent +PANDORA_EXEC_BIN=/usr/bin/pandora_exec PANDORA_TEMP=/var/spool/pandora PANDORA_CFG=/etc/pandora PANDORA_LOG_DIR=/var/log/pandora @@ -26,6 +27,7 @@ PANDORA_MAN=/usr/share/man MODE=$1 PANDORA_BASE=$2 +PANDORA_USER=$3 # Check for Perl 5.6.x or higher available PERL_VERSION=`perl -v | egrep 'v5.6|v5.7|v5.8|v5.9|v5.1[0-9]' | grep perl` @@ -57,24 +59,25 @@ then exit 2 fi -if [ ! -f "pandora_agent" ] -then +help () { + echo "Syntax": echo " " - echo "Execute installer from the directory where you have your files. " - echo "Syntax": + echo " ./pandora_agent_installer < --mode > [ destination_path ] [ user_to_run_as ]" echo " " - echo " ./pandora_agent_install < --mode > [ destination_path ]" + echo "Modes:" echo " " + echo " --force-install To force installation if already installed on system" + echo " --install To install Pandora FMS Agent on this system" + echo " --uninstall To uninstall/remove Pandora FMS Agent on this System" + echo " " echo "Some exaples of how to use the installer:" echo " " - echo " cd /tmp/pandora_install " echo " ./pandora_agent_installer --install" - echo " ./pandora_agent_installer --install-with-links /var/opt/PandoraFMS" echo " ./pandora_agent_installer --install /opt/pandora" - echo " ./pandora_agent_installer --uninstall /opt/pandora" + echo " ./pandora_agent_installer --install \"\" pandora" + echo " ./pandora_agent_installer --uninstall /opt/pandora" echo " " - exit 1 -fi +} uninstall () { OS_NAME=`uname -s` @@ -82,6 +85,7 @@ uninstall () { then PANDORA_HOME=/usr/local/share/pandora_agent PANDORA_BIN=/usr/local/bin/pandora_agent + PANDORA_EXEC_BIN=/usr/local/bin/pandora_exec PANDORA_CFG=/usr/local/etc/pandora TENTACLE=/usr/local/bin/tentacle_client PANDORA_MAN=/usr/local/man @@ -89,6 +93,7 @@ uninstall () { echo "Removing Pandora FMS Agent..." rm -Rf $PANDORA_BASE$PANDORA_BIN 2> /dev/null + rm -Rf $PANDORA_BASE$PANDORA_EXEC_BIN 2> /dev/null #Test if exist Pandora Server in this machine if [ -d $PANDORA_BASE$PANDORA_TEMP/data_in ] @@ -138,6 +143,7 @@ install () { then PANDORA_HOME=/usr/local/share/pandora_agent PANDORA_BIN=/usr/local/bin/pandora_agent + PANDORA_EXEC_BIN=/usr/local/bin/pandora_exec PANDORA_CFG=/usr/local/etc/pandora TENTACLE=/usr/local/bin/tentacle_client PANDORA_MAN=/usr/local/man @@ -186,6 +192,15 @@ install () { mkdir -p $PANDORA_BASE$PANDORA_CFG 2> /dev/null mkdir -p $PANDORA_BASE$PANDORA_LOG_DIR 2> /dev/null + # Set the user the agent will run as + if [ "$PANDORA_USER" != "" ] + then + sed -e "s/^\s*PANDORA_USER=.*/PANDORA_USER=$PANDORA_USER/" pandora_agent_daemon > pandora_agent_daemon.tmp 2> /dev/null && \ + mv pandora_agent_daemon.tmp pandora_agent_daemon + rm -f pandora_agent_daemon.tmp 2> /dev/null + chmod 755 pandora_agent_daemon + fi + # Create logfile if [ ! -z "`touch $PANDORA_BASE$PANDORA_LOG_DIR/$PANDORA_LOG`" ] then @@ -199,11 +214,15 @@ install () { echo "Copying Pandora FMS Agent to $PANDORA_BASE$PANDORA_BIN..." cp pandora_agent $PANDORA_BASE$PANDORA_BIN chmod 755 $PANDORA_BASE$PANDORA_BIN + cp pandora_exec $PANDORA_BASE$PANDORA_EXEC_BIN + chmod 755 $PANDORA_BASE$PANDORA_EXEC_BIN if [ "$OS_NAME" = "FreeBSD" ] then chown root:wheel $PANDORA_BASE$PANDORA_BIN + chown root:wheel $PANDORA_BASE$PANDORA_EXEC_BIN else chown root:root $PANDORA_BASE$PANDORA_BIN + chown root:root $PANDORA_BASE$PANDORA_EXEC_BIN fi echo "Copying Pandora FMS Agent configuration file to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf..." @@ -303,7 +322,9 @@ install () { cp $OS_NAME/pandora_agent.conf $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf chmod 600 $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf - chown root $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf + chown $PANDORA_USER $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf + chmod 711 $PANDORA_BASE$PANDORA_LOG_DIR + chown $PANDORA_USER $PANDORA_BASE$PANDORA_LOG_DIR/$PANDORA_LOG if [ "$OS_NAME" = "FreeBSD" ] then @@ -386,27 +407,13 @@ install () { } -help () { - echo "Syntax": +if [ ! -f "pandora_agent" ] +then echo " " - echo " ./pandora_agent_install < --mode > [ destination_path ]" - echo " " - echo "Modes:" - echo " " - echo " --force-install To force installation if already installed on system" - echo " (Not compatible with --install-with-links " - echo " --install To install Pandora FMS Agent on this system" - echo " --uninstall To uninstall/remove Pandora FMS Agent on this System" - echo " " - echo "Some exaples of how to use the installer:" - echo " " - echo " cd /tmp/pandora_install " - echo " ./pandora_agent_installer --install" - echo " ./pandora_agent_installer --install /opt/pandora" - echo " ./pandora_agent_installer --uninstall /opt/pandora" - - echo " " -} + echo "Execute installer from the directory where you have your files. " + help + exit 1 +fi # Script banner at start echo " " diff --git a/pandora_agents/unix/pandora_exec b/pandora_agents/unix/pandora_exec new file mode 100755 index 0000000000..3e31d9f3cf --- /dev/null +++ b/pandora_agents/unix/pandora_exec @@ -0,0 +1,65 @@ +#!/usr/bin/perl +########################################################################## +# pandora_exec +# +# Executes the given command and prints its output to stdout. If the +# execution times out or the command does not exist nothing is printed +# to stdout. This is part of Pandora FMS Plugin server, do not delete!. +# +# Usage: pandora_exec [arguments] +########################################################################## +# Copyright (c) 2008 Ramon Novoa, rnovoa@gmail.com +# (c) 2008 Artica Soluciones Tecnologicas S.L +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +########################################################################## + +use strict; +use warnings; + +# Check command line parameters +if ($#ARGV < 1) { + exit 1; +} + +my @opts = @ARGV; +my $timeout = shift(@opts); +my $command = quotemeta(shift(@opts)); +my $arguments = join(' ', @opts); +my $output = ''; +my $ReturnCode = 0; + + +# Check that the command exists +if (system("$command >/dev/null 2>&1") == 32512) { + exit 2; +} + +# Execute the command +eval { + local $SIG{ALRM} = sub { die "alarm\n" }; + alarm $timeout; + + $output = `$command $arguments`; + $ReturnCode = ($? >> 8) & 0xff; + alarm 0; +}; + +# Timeout +if ($@ eq "alarm\n") { + exit 3; +} + +print $output; + +exit $ReturnCode;