| View previous topic :: View next topic |
| Author |
Message |
Casshan
n00b
Joined: 07 May 2004
Posts: 53
|
 Posted: Wed Aug 05, 2009 10:35 am Post subject: [Script]Find Processes that have updated but not restarted |
 |
|
I wrote a quick perl script that I'm using with zabbix to check my servers to see if I have a services that has been updated (usually for security reasons), but never got restarted. This must be run as root (or sudo). Just I thought I would post if here for some thoughts or if someones sees something wrong with it, or the way I'm doing it.
| Code: |
#!/usr/bin/perl
$pids = 0;
open(DELETED_PS, "ls -l /proc/[0-9]*/exe 2>/dev/null|grep deleted|");
while ($line = <DELETED_PS>)
{
$line =~ /proc\/([0-9]+?)\/exe/;
$pid = $1;
chomp($pid);
print "$pid ";
if ($ARGV[0])
{
$command = `ps -o args p $pid| grep -v COMMAND`;
chomp($command);
print "\nCommand: $command \n";
$command =~ /^(\S*)\s*/;
$filename = $1;
print "Program: $filename\n";
$program = `equery b $filename|grep -v 'Searching for file'`;
chomp($program);
print "Ebuild: $program \n";
}
$pids++;
}
if ($pids == 0)
{
print "NONE";
}
|
|
|
| Back to top |
|
 |
Bircoph
Developer
Joined: 27 Jun 2008
Posts: 261
Location: Moscow
|
| Posted: Thu Aug 13, 2009 7:39 am Post subject: |
|
|
Seems ok, but I'm just happy with the following:
| Code: |
find -O3 /proc -type d -regextype posix-egrep -regex "/proc/[[:digit:]]+" \
-exec readlink '{}'/exe \; | gawk '{ if ($NF=="(deleted)") print $0}'
|
_________________
Per aspera ad astra! |
|
| Back to top |
|
|
Bircoph
Developer
Joined: 27 Jun 2008
Posts: 261
Location: Moscow
|
| Posted: Thu Aug 13, 2009 4:28 pm Post subject: |
|
|
However, there is one problem with this approach: if application use some *.so (or other external data) and that library was updated, application still will old copy in memory.
This behavior may lead to very bad consequences if security update to this kind of library was made. So you should carefully investigate what you're updating, at least on servers.
_________________
Per aspera ad astra! |
|
| Back to top |
|
|
Casshan
n00b
Joined: 07 May 2004
Posts: 53
|
| Posted: Fri Aug 14, 2009 9:59 am Post subject: |
|
|
| Is there a way to check for that in memory library version? |
|
| Back to top |
|
|
boerKrelis
Apprentice
Joined: 01 Jul 2003
Posts: 241
Location: The Netherlands
|
| Posted: Sat Sep 05, 2009 11:16 am Post subject: |
|
|
| Try app-admin/checkrestart . |
|
| Back to top |
|
|
Bircoph
Developer
Joined: 27 Jun 2008
Posts: 261
Location: Moscow
|
| Posted: Tue Sep 22, 2009 2:06 pm Post subject: |
|
|
| boerKrelis wrote: | | Try app-admin/checkrestart . |
Thanks, it works ok for me.
_________________
Per aspera ad astra! |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
