File Status Check Example

Case Study 2: FileStatChk

One thing you would certainly want to monitor is the state of essential system files: Have they disappeared? Do they have the right ownerships and permissions?

We start by listing those files, together with their desired attributes, in objects.cfg (see Listing 3).
 


Listing 3: SysFiles

SysFiles

#if linux

    /etc/group              -rw-r--r--      644     root    root
    /etc/passwd             -rw-r--r--      644     root    root
    ...

#endif  // linux

...

// local stuff

#if moscow
    /etc/mail/classalias    -rw-r--r--      644     root    other
    ...
#endif

...

If we had adjusted the files list for the moscow system only, we would refresh the SysFiles objects set on that system with the command:

# piktc -iv +O SysFiles +H moscow

processing moscow...
installing file(s)...
SysFiles.obj installed

We could refresh all objects files on all active systems with the command

# piktc -iv +O all -H downsys

It should be clear by now that the file /etc/mail/classalias would appear in moscow's SysFiles.obj file and in no other system's.

Listing 4 is a script to enforce those file attributes.
 


Listing 4: FileStatChk

FileStatChk

    init
        status active
        level critical
        task "Detect critical file access deviations on system files."
        input file "=sysfiles_obj"
        dat $fil 1
        dat $prm 2
        dat $mod 3
        dat $own 4
        dat $grp 5
        keys $fil

    rule
        if ! -e $fil
            output mail "$fil not found!"
            next
        endif

    rule
        do #split($list, $command("=lld $fil"), " ")

    rule
        if $list[1] ne $prm
            =execwait "=chmod $mod $fil"
            =outputmail "$fil permissions $list[1] are wrong" . \
                $if(#defined(%list[1])," (were %list[1]),",",") . \
                " changed to $prm"
        endif

    [similar rules follow]

For the first input line, "/etc/group" would be assigned to $fil, "-rw-r--r--" to $prm, "644" to $mod, and so on.

In the first rule, if the file fails the existence test, that gets reported, and we move on to the next input line.

In the next rule, we take the output of the 'ls -l' command and #split() and assign the component parts to the $list[] array.

In the third rule, if the actual file permissions, $list[1], do not equal the desired permissions, $prm, we fix and possibly report this.

The doexec define lets us control whether actions are exec'ed else a report of intent is e-mailed only.  If this is a new PIKT installation, we might want to see what PIKT would do before committing PIKT to actually doing it.  We could handle the conditionality this way:

#ifdef doexec
    exec wait "=chmod $mod $fil"
#elsedef
    output mail "=chmod $mod $fil"
#endifdef

But defining the following macro

execwait
#ifdef doexec
    exec wait
#elsedef
    output mail
#endifdef

in macros.cfg is more elegant, because now we can more succinctly write

    =execwait "=chmod $mod $fil"

and either "exec wait" or "output mail" will be preprocessed in depending on how we defined doexec earlier.

In most circumstances, we simply want the file permissions fixed and don't need to be told about it.  Sometimes, however, we want a full report of all that PIKT is doing.  We control this by setting, in defines.cfg, the define verbose to be TRUE or FALSE.  By defining the outputmail macro in macros.cfg as

outputmail
#ifdef verbose
    output mail
#elsedef
    output log "/dev/null"
#endifdef

we can concisely write

    =outputmail "$fil permissions
                 [...]"

If verbose is set to FALSE, the message is logged to /dev/null, that is, just thrown away.

Note the '$if(#defined(%list[1])," (were %list[1]),",",")'.  If we have run this script before, we have a record of the actual file permissions the last go-around in %list[1].  PIKT remembers this for us automatically.  So if #defined(%list[1]) is true, we report what they were, and in any case report what they have been changed to--but only if we have set verbose to TRUE.

prev page 1st page next page
 
Home | FAQ | News | Intro | Samples | Tutorial | Reference | Software
Developer's Notes | Licensing | Authors | Pikt-Users | Pikt-Workers | Related Projects | Site Index | Privacy Policy | Contact Us
Page best viewed at 1024x768 or greater.   Page last updated 2019-01-12.   This site is PIKT® powered.
Copyright © 1998-2019 Robert Osterlund. All rights reserved.
Home FAQ News Intro Samples Tutorial Reference Software
PIKT Logo
PIKT Page Title
View sample
unwanted files
Pikt script