store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Oct 21, 2014 4:41 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: Third party scripts that could be cool to integrate into asl
Unread postPosted: Wed Jan 21, 2009 12:47 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
There is a script out there called "nobody check" that goes through and finds what is deemed to be "malicious" processes that are using too much resources, running too long, etc - I think this could be a nice addition or complement to psmon where it monitors and checks processes

http://www.webhostgear.com/projects/nob ... eck.tar.gz

It would also be cool to integrate some sort of priority for running processes somewhat like SPRI does from r-fx.org ( http://r-fx.org/spri.php)

Another one I like is PRM -Process resource monitor
http://r-fx.org/prm.php
Quote:
PRM monitors the process table on a given system and matches process id's with set resource limits in the config file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more...


I know these are already freely and readily available but these projects no longer seem to be getting any work done on them, and it would be great to see these tailored to work with ASL and plesk specifically since that (at least for now) is ASLs main customer base.

Feel free to shoot it down, just throwing ideas out there.


Last edited by hostingguy on Wed Jan 21, 2009 4:43 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
Unread postPosted: Wed Jan 21, 2009 1:25 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jan 15, 2008 3:57 am
Posts: 478
Location: Netherlands
Keep throwing ideas, this one I like also very much! :)


Top
 Profile  
 
 Post subject:
Unread postPosted: Wed Jan 21, 2009 4:30 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
Actually I have that on the list to do with psmon, its even got a more powerful way of doing that kind of thing.

You can do policies in it to slay processes by memory use, semaphores, userid, etc. We've barely scratched the surface on what it can do.


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 3:26 am 
Online
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 778
Location: Sweden
Mmmmm, music to my ears! :wink:


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 3:33 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
More on this, if you want to start playing around with this now you can run:

psmon-config

You can specify the max number of instances for a process
the max allowable percent of CPU (PctCpu)
max percent of total memory it can use (PctMem)
max Time To Live (TTL) for a process, this is kind of neat because its the max time a child process is allowed to run before it gets killed. Useful for a lot of things I think.

So an example I just tested around named:

<Process named>
Instances 10
PIDFile /var/run/named.pid
PctCpu 20
PctMem 10
SpawnCmd /etc/init.d/named restart
TTL 600
</Process>

Says named can only have 10 instances, cant use more than 20% cpu, 10% total memory, and its child processes can only run 10 minutes before being killed.

Heres another example to kill a memory leak in apache:

<Process httpd>
SpawnCmd /etc/init.d/httpd restart
PctMem 50
</Process>

Thats going to restart apache if it goes over 50% of the total system memory, or otherwise isnt running.

If you want to manipulate that in ASL you can do it in:

/var/asl/asl/data/templates/monitor-httpd


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 4:14 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
In your httpd example is that a collective 50% (all httpd processes combined ) or is that a single instance?

Do you have any recomended cpu/mem/ttl settings for things like perl, python, php, qmail-inject, clam scan, etc ?


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 5:57 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
Not sure really, I would *think* its going to look at the cumulative utilization across processes. I dont have any recommendations yet, I literally just set it up today for the first time. I think its pretty realistic to say that anything using up 75-85% of system memory is probably bad though.

Then again there could be crazy complications with the vps folks, Im kind of hoping someone will start pushing this out to see what they can do with it.


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 6:38 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
Does Psmon require a pid file?

For example, if I wanted to say php or perl couldnt run for more then 10 minutes and couldnt use more then X amount of memory/cpu (so that it would kill an infinite loop) it wouldnt be able to - so I would have to guess that the parent process would have to kill it all and manage it that way, but that only works unless the process is ran from the command line by some stupid person

The thing I like about the nobody scanner is that it looks for running processes and just kills them if they break the rules, no restarts, no pids, it just assumes the process shouldnt be running anymore, such as qmail-inject, clam scan, perl, etc.

From what I understand psmon doesnt quite work the same way so Im not sure if it can do the same range of tasks.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Jan 23, 2009 2:26 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
It can look by name, or by process ID it gets via a file. So yeah you could totally do that if php is running as a cgi (fcgi, suphp, etc).

I know you can set psmon to kill something if it sees it too, I just haven gotten that far into it for specifics yet.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group