There is a script out there called "nobody check" that goes through and finds what is deemed to be "malicious" processes that are using too much resources, running too long, etc - I think this could be a nice addition or complement to psmon where it monitors and checks processes

http://www.webhostgear.com/projects/nob ... eck.tar.gz

It would also be cool to integrate some sort of priority for running processes somewhat like SPRI does from r-fx.org ( http://r-fx.org/spri.php)

Another one I like is PRM -Process resource monitor
http://r-fx.org/prm.php


I know these are already freely and readily available but these projects no longer seem to be getting any work done on them, and it would be great to see these tailored to work with ASL and plesk specifically since that (at least for now) is ASLs main customer base.

Feel free to shoot it down, just throwing ideas out there.

Keep throwing ideas, this one I like also very much!

Actually I have that on the list to do with psmon, its even got a more powerful way of doing that kind of thing.

You can do policies in it to slay processes by memory use, semaphores, userid, etc. We've barely scratched the surface on what it can do.

Mmmmm, music to my ears!

More on this, if you want to start playing around with this now you can run:

psmon-config

You can specify the max number of instances for a process
the max allowable percent of CPU (PctCpu)
max percent of total memory it can use (PctMem)
max Time To Live (TTL) for a process, this is kind of neat because its the max time a child process is allowed to run before it gets killed. Useful for a lot of things I think.

So an example I just tested around named:

<Process named>
Instances 10
PIDFile /var/run/named.pid
PctCpu 20
PctMem 10
SpawnCmd /etc/init.d/named restart
TTL 600
</Process>

Says named can only have 10 instances, cant use more than 20% cpu, 10% total memory, and its child processes can only run 10 minutes before being killed.

Heres another example to kill a memory leak in apache:

<Process httpd>
SpawnCmd /etc/init.d/httpd restart
PctMem 50
</Process>

Thats going to restart apache if it goes over 50% of the total system memory, or otherwise isnt running.

If you want to manipulate that in ASL you can do it in:

/var/asl/asl/data/templates/monitor-httpd

In your httpd example is that a collective 50% (all httpd processes combined ) or is that a single instance?

Do you have any recomended cpu/mem/ttl settings for things like perl, python, php, qmail-inject, clam scan, etc ?

Not sure really, I would *think* its going to look at the cumulative utilization across processes. I dont have any recommendations yet, I literally just set it up today for the first time. I think its pretty realistic to say that anything using up 75-85% of system memory is probably bad though.

Then again there could be crazy complications with the vps folks, Im kind of hoping someone will start pushing this out to see what they can do with it.

Does Psmon require a pid file?

For example, if I wanted to say php or perl couldnt run for more then 10 minutes and couldnt use more then X amount of memory/cpu (so that it would kill an infinite loop) it wouldnt be able to - so I would have to guess that the parent process would have to kill it all and manage it that way, but that only works unless the process is ran from the command line by some stupid person

The thing I like about the nobody scanner is that it looks for running processes and just kills them if they break the rules, no restarts, no pids, it just assumes the process shouldnt be running anymore, such as qmail-inject, clam scan, perl, etc.

From what I understand psmon doesnt quite work the same way so Im not sure if it can do the same range of tasks.

It can look by name, or by process ID it gets via a file. So yeah you could totally do that if php is running as a cgi (fcgi, suphp, etc).

I know you can set psmon to kill something if it sees it too, I just haven gotten that far into it for specifics yet.