2010-11-19 Ramon Novoa <rnovoa@artica.es>
* pandora_agent, AIX/pandora_agent.conf, pandora_agent_daemon, Linux/pandora_agent.conf, HP-UX/pandora_agent.conf, NT4/pandora_agent.conf, SunOS/pandora_agent.conf, FreeBSD/pandora_agent.conf: Added a new configuration option that lets the agent run as a different user by changing the process' EUID. * pandora_agent_installer: Several fixes. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3609 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
321b6d27b1
commit
e039d58020
|
@ -82,6 +82,9 @@ transfer_mode tentacle
|
|||
# If set to 1 allows the agent to be configured via the web console (Only Enterprise version)
|
||||
# remote_config 1
|
||||
|
||||
# User the agent will run as
|
||||
#pandora_user root
|
||||
|
||||
# Secondary server configuration
|
||||
# ==============================
|
||||
|
||||
|
|
|
@ -1,3 +1,14 @@
|
|||
2010-11-19 Ramon Novoa <rnovoa@artica.es>
|
||||
|
||||
* pandora_agent, AIX/pandora_agent.conf,
|
||||
pandora_agent_daemon, Linux/pandora_agent.conf,
|
||||
HP-UX/pandora_agent.conf, NT4/pandora_agent.conf,
|
||||
SunOS/pandora_agent.conf, FreeBSD/pandora_agent.conf: Added a new
|
||||
configuration option that lets the agent run as a different user
|
||||
by changing the process' EUID.
|
||||
|
||||
* pandora_agent_installer: Several fixes.
|
||||
|
||||
2010-11-15 Raúl Mateos <raulofpandora@gmail.com>
|
||||
|
||||
* pandora_agent*, pandora_exec, plugins/pandora_update: Small changes:
|
||||
|
|
|
@ -88,6 +88,9 @@ transfer_mode tentacle
|
|||
# If set to 1 allows the agent to be configured via the web console (Only Enterprise version)
|
||||
# remote_config 1
|
||||
|
||||
# User the agent will run as
|
||||
#pandora_user root
|
||||
|
||||
# Secondary server configuration
|
||||
# ==============================
|
||||
|
||||
|
|
|
@ -82,6 +82,9 @@ transfer_mode tentacle
|
|||
# If set to 1 allows the agent to be configured via the web console (Only Enterprise version)
|
||||
# remote_config 1
|
||||
|
||||
# User the agent will run as
|
||||
#pandora_user root
|
||||
|
||||
# Secondary server configuration
|
||||
# ==============================
|
||||
|
||||
|
|
|
@ -100,6 +100,9 @@ transfer_mode tentacle
|
|||
# Number of threads to execute modules in parallel
|
||||
#agent_threads 1
|
||||
|
||||
# User the agent will run as
|
||||
pandora_user ramon
|
||||
|
||||
# Secondary server configuration
|
||||
# ==============================
|
||||
|
||||
|
|
|
@ -100,6 +100,9 @@ remote_config 1
|
|||
# Number of threads to execute modules in parallel
|
||||
#agent_threads 1
|
||||
|
||||
# User the agent will run as
|
||||
#pandora_user root
|
||||
|
||||
# Secondary server configuration
|
||||
# ==============================
|
||||
|
||||
|
|
|
@ -82,6 +82,9 @@ transfer_mode tentacle
|
|||
# If set to 1 allows the agent to be configured via the web console (Only Enterprise version)
|
||||
# remote_config 1
|
||||
|
||||
# User the agent will run as
|
||||
#pandora_user root
|
||||
|
||||
# Secondary server configuration
|
||||
# ==============================
|
||||
|
||||
|
|
|
@ -1293,6 +1293,20 @@ print_usage unless ($#ARGV == 0);
|
|||
$ConfDir = fix_directory ($ARGV[0]);
|
||||
error ("Directory '$ConfDir' does not exist.") unless (-d "$ConfDir");
|
||||
|
||||
# Get user to run as
|
||||
my $pandora_user = read_config ('pandora_user');
|
||||
if (defined ($pandora_user)) {
|
||||
# Change the EUID
|
||||
my $pandora_user_uid = getpwnam ($pandora_user);
|
||||
if (!defined ($pandora_user_uid)) {
|
||||
error ("Cannot get uid for user $pandora_user. Does the user exist and can we read /etc/passwd?");
|
||||
}
|
||||
$> = $pandora_user_uid;
|
||||
if ($> != $pandora_user_uid) {
|
||||
error ("Cannot run as $pandora_user: Insufficient permissions.");
|
||||
}
|
||||
}
|
||||
|
||||
# Guess the OS version
|
||||
$OS_VERSION = guess_os_version ($OS);
|
||||
|
||||
|
@ -1301,6 +1315,7 @@ md5_init ();
|
|||
|
||||
# Start logging
|
||||
start_log ();
|
||||
log_message ('log', 'Running as user ' . getpwuid ($>));
|
||||
|
||||
# Read configuration file
|
||||
read_config ();
|
||||
|
|
|
@ -22,7 +22,6 @@
|
|||
|
||||
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
|
||||
PANDORA_PATH=/etc/pandora
|
||||
PANDORA_USER=root
|
||||
DAEMON=/usr/bin/pandora_agent
|
||||
LOGFILE=/var/log/pandora/pandora_agent.log
|
||||
|
||||
|
@ -73,12 +72,7 @@ case "$1" in
|
|||
echo "Cannot launch again. Aborting."
|
||||
exit 1
|
||||
fi
|
||||
if [ "$PANDORA_USER" = "root" ]
|
||||
then
|
||||
nohup $DAEMON $PANDORA_PATH 2> $LOGFILE &
|
||||
else
|
||||
sudo -u $PANDORA_USER $DAEMON $PANDORA_PATH >/dev/null 2> $LOGFILE &
|
||||
fi
|
||||
rm nohup.out 2> /dev/null
|
||||
sleep 2
|
||||
PANDORA_PID=`pidof_pandora`
|
||||
|
|
|
@ -26,7 +26,7 @@ TENTACLE=/usr/bin/tentacle_client
|
|||
PANDORA_MAN=/usr/share/man
|
||||
|
||||
MODE=$1
|
||||
PANDORA_BASE=$2
|
||||
PANDORA_BASE=`echo $2 | sed -e 's/\/$//'`
|
||||
PANDORA_USER=$3
|
||||
|
||||
# Check for Perl 5.6.x or higher available
|
||||
|
@ -170,6 +170,62 @@ install () {
|
|||
echo "Checking Pandora FMS Agent on $PANDORA_BASE$PANDORA_BIN...."
|
||||
fi
|
||||
|
||||
# Alter dynamically the daemon launcher and setup the new path
|
||||
# if PANDORA_BASE is customized.
|
||||
|
||||
if [ ! -z "$PANDORA_BASE" ]
|
||||
then
|
||||
if [ "$OS_NAME" = "FreeBSD" ]
|
||||
then
|
||||
DAEMON_SCRIPT=FreeBSD/pandora_agent
|
||||
DAEMON_TEMP=pandora_agent_daemon_temp
|
||||
else
|
||||
DAEMON_SCRIPT=pandora_agent_daemon
|
||||
DAEMON_TEMP=pandora_agent_daemon_temp
|
||||
fi
|
||||
|
||||
AGENT_CFG=$OS_NAME/pandora_agent.conf
|
||||
AGENT_CFG_TEMP=$OS_NAME/pandora_agent.conf.temp
|
||||
|
||||
echo $PANDORA_BASE > PANDORA_BASE.temp
|
||||
sed 's/\//\\\//g' PANDORA_BASE.temp > PANDORA_BASE.temp2
|
||||
|
||||
PANDORA_BASE_DECODED=`cat PANDORA_BASE.temp2`
|
||||
rm PANDORA_BASE.temp PANDORA_BASE.temp2
|
||||
|
||||
if [ "$OS_NAME" = "FreeBSD" ]
|
||||
then
|
||||
sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/local\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^command\=[.]*/command\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e 's/^command_args\=\"[.]*/command_args\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e 's/^required_files\=\"[.]*/required_files\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
else
|
||||
sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^PANDORA_PATH\=[.]*/PANDORA_PATH\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^LOGFILE\=[.]*/LOGFILE\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^DAEMON\=[.]*/DAEMON\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
fi
|
||||
|
||||
sed -e "s/^temporal [.]*/temporal $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
|
||||
mv $AGENT_CFG_TEMP $AGENT_CFG
|
||||
|
||||
sed -e "s/^logfile [.]*/logfile $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
|
||||
mv $AGENT_CFG_TEMP $AGENT_CFG
|
||||
fi
|
||||
echo "Creating Pandora FMS Agent home directory at $PANDORA_BASE$PANDORA_HOME"
|
||||
if [ ! -z "$PANDORA_BASE" ]
|
||||
then
|
||||
|
@ -196,10 +252,10 @@ install () {
|
|||
# Set the user the agent will run as
|
||||
if [ "$PANDORA_USER" != "" ]
|
||||
then
|
||||
sed -e "s/^\s*PANDORA_USER=.*/PANDORA_USER=$PANDORA_USER/" pandora_agent_daemon > pandora_agent_daemon.tmp 2> /dev/null && \
|
||||
mv pandora_agent_daemon.tmp pandora_agent_daemon
|
||||
rm -f pandora_agent_daemon.tmp 2> /dev/null
|
||||
sed -e "s/.*pandora_user .*/pandora_user $PANDORA_USER/" $AGENT_CFG > $AGENT_CFG_TEMP 2> /dev/null && \
|
||||
mv $AGENT_CFG_TEMP $AGENT_CFG
|
||||
chmod 755 pandora_agent_daemon
|
||||
chown -R $PANDORA_USER $PANDORA_BASE
|
||||
else
|
||||
PANDORA_USER="root"
|
||||
fi
|
||||
|
@ -269,63 +325,6 @@ install () {
|
|||
chown root:root $PANDORA_BASE$PANDORA_LOG_DIR/$PANDORA_LOG
|
||||
fi
|
||||
|
||||
# Alter dynamically the daemon launcher and setup the new path
|
||||
# if PANDORA_BASE is customized.
|
||||
|
||||
if [ ! -z "$PANDORA_BASE" ]
|
||||
then
|
||||
if [ "$OS_NAME" = "FreeBSD" ]
|
||||
then
|
||||
DAEMON_SCRIPT=FreeBSD/pandora_agent
|
||||
DAEMON_TEMP=pandora_agent_daemon_temp
|
||||
else
|
||||
DAEMON_SCRIPT=pandora_agent_daemon
|
||||
DAEMON_TEMP=pandora_agent_daemon_temp
|
||||
fi
|
||||
|
||||
AGENT_CFG=$OS_NAME/pandora_agent.conf
|
||||
AGENT_CFG_TEMP=$OS_NAME/pandora_agent.conf.temp
|
||||
|
||||
echo $PANDORA_BASE > PANDORA_BASE.temp
|
||||
sed 's/\//\\\//g' PANDORA_BASE.temp > PANDORA_BASE.temp2
|
||||
|
||||
PANDORA_BASE_DECODED=`cat PANDORA_BASE.temp2`
|
||||
rm PANDORA_BASE.temp PANDORA_BASE.temp2
|
||||
|
||||
if [ "$OS_NAME" = "FreeBSD" ]
|
||||
then
|
||||
sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/local\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^command\=[.]*/command\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e 's/^command_args\=\"[.]*/command_args\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e 's/^required_files\=\"[.]*/required_files\=\"$PANDORA_BASE_DECODED/g' $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
else
|
||||
sed -e "s/^PATH\=[.]*/PATH\=$PANDORA_BASE_DECODED\/usr\/bin\:/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^PANDORA_PATH\=[.]*/PANDORA_PATH\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^LOGFILE\=[.]*/LOGFILE\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
|
||||
sed -e "s/^DAEMON\=[.]*/DAEMON\=$PANDORA_BASE_DECODED/g" $DAEMON_SCRIPT > $DAEMON_TEMP
|
||||
mv $DAEMON_TEMP $DAEMON_SCRIPT
|
||||
fi
|
||||
|
||||
sed -e "s/^temporal [.]*/temporal $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
|
||||
mv $AGENT_CFG_TEMP $AGENT_CFG
|
||||
|
||||
sed -e "s/^logfile [.]*/logfile $PANDORA_BASE_DECODED/g" $AGENT_CFG > $AGENT_CFG_TEMP
|
||||
mv $AGENT_CFG_TEMP $AGENT_CFG
|
||||
fi
|
||||
|
||||
echo "Copying default agent configuration to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf"
|
||||
|
||||
cp $OS_NAME/pandora_agent.conf $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf
|
||||
|
|
Loading…
Reference in New Issue