File Status Check Example
Case Study 2: FileStatChk
One thing you would certainly want to monitor is the state of essential system files: Have they disappeared? Do they have the right ownerships and permissions?
We start by listing those files, together with their desired attributes,
in objects.cfg (see Listing 3).
Listing 3: SysFiles
SysFiles
#if linux
/etc/group -rw-r--r-- 644 root root
/etc/passwd -rw-r--r-- 644 root root
...
#endif // linux
...
// local stuff
#if moscow
/etc/mail/classalias -rw-r--r-- 644 root other
...
#endif
...
If we had adjusted the files list for the moscow system only, we would refresh the SysFiles objects set on that system with the command:
# piktc -iv +O SysFiles +H moscow processing moscow... installing file(s)... SysFiles.obj installed
We could refresh all objects files on all active systems with the command
# piktc -iv +O all -H downsys
It should be clear by now that the file /etc/mail/classalias would appear in moscow's SysFiles.obj file and in no other system's.
Listing 4 is a script to enforce those file attributes.
Listing 4: FileStatChk
FileStatChk
init
status active
level critical
task "Detect critical file access deviations on system files."
input file "=sysfiles_obj"
dat $fil 1
dat $prm 2
dat $mod 3
dat $own 4
dat $grp 5
keys $fil
rule
if ! -e $fil
output mail "$fil not found!"
next
endif
rule
do #split($list, $command("=lld $fil"), " ")
rule
if $list[1] ne $prm
=execwait "=chmod $mod $fil"
=outputmail "$fil permissions $list[1] are wrong" . \
$if(#defined(%list[1])," (were %list[1]),",",") . \
" changed to $prm"
endif
[similar rules follow]
For the first input line, "/etc/group" would be assigned to $fil, "-rw-r--r--" to $prm, "644" to $mod, and so on.
In the first rule, if the file fails the existence test, that gets reported, and we move on to the next input line.
In the next rule, we take the output of the 'ls -l' command and #split() and assign the component parts to the $list[] array.
In the third rule, if the actual file permissions, $list[1], do not equal the desired permissions, $prm, we fix and possibly report this.
The doexec define lets us control whether actions are exec'ed else a report of intent is e-mailed only. If this is a new PIKT installation, we might want to see what PIKT would do before committing PIKT to actually doing it. We could handle the conditionality this way:
#ifdef doexec
exec wait "=chmod $mod $fil"
#elsedef
output mail "=chmod $mod $fil"
#endifdef
But defining the following macro
execwait
#ifdef doexec
exec wait
#elsedef
output mail
#endifdef
in macros.cfg is more elegant, because now we can more succinctly write
=execwait "=chmod $mod $fil"
and either "exec wait" or "output mail" will be preprocessed in depending on how we defined doexec earlier.
In most circumstances, we simply want the file permissions fixed and don't need to be told about it. Sometimes, however, we want a full report of all that PIKT is doing. We control this by setting, in defines.cfg, the define verbose to be TRUE or FALSE. By defining the outputmail macro in macros.cfg as
outputmail
#ifdef verbose
output mail
#elsedef
output log "/dev/null"
#endifdef
we can concisely write
=outputmail "$fil permissions
[...]"
If verbose is set to FALSE, the message is logged to /dev/null, that is, just thrown away.
Note the '$if(#defined(%list[1])," (were %list[1]),",",")'. If we have run
this script before, we have a record of the actual file permissions the
last go-around in %list[1]. PIKT remembers this for us automatically. So if
#defined(%list[1]) is true, we report what they were, and in any case report
what they have been changed to--but only if we have set verbose to TRUE.
 prev page | 1st page | next page  |
