diff --git a/bin/so-squert-ip2c-5min b/bin/so-squert-ip2c-5min new file mode 100644 index 0000000..f026dc3 --- /dev/null +++ b/bin/so-squert-ip2c-5min @@ -0,0 +1,65 @@ +#!/bin/bash +# +# Copyright (C) 2016 Doug Burks and Security Onion +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +######################################### +# Variables +######################################### +# What file should we log output to? +IP2C_LOG="/var/log/nsm/squert-ip2c-5min.log" + +# Lock file +IP2C_LOCK="/var/log/nsm/squert-ip2c-5min.lock" + +# Run squert-ip2c as IP2C_USER +# Set directory and files to be owned by IP2C_USER:IP2C_GROUP +IP2C_USER="sguil" +IP2C_GROUP="sguil" + +# The values above can be overridden in securityonion.conf +source /etc/nsm/securityonion.conf + +######################################### +# Got r00t? +######################################### +if [[ $(/usr/bin/id -u) -ne 0 ]]; then + echo "This program needs root privileges. Please try again using sudo." + exit +fi + +######################################### +# Check to see if database exists and then run squert-ip2c +######################################### +if [ ! -d /var/lib/mysql/securityonion_db/ ]; then + echo "No Sguil database. Exiting." + exit +else + # Wipe existing $IP2C_LOG and insert date and a blank line + date > $IP2C_LOG + echo >> $IP2C_LOG + + if [ -f $IP2C_LOCK ] ; then + echo "Found lock file. Exiting." >> $IP2C_LOG + exit + else + # no lock found, so we can proceed + # if this takes more than 5 minutes, prevent other instances from running + touch $IP2C_LOCK + /usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 >> $IP2C_LOG + # clear lock file + rm -f $IP2C_LOCK + fi +fi diff --git a/cron.d/squert-ip2c b/cron.d/squert-ip2c index 3c8ef0f..eeb635a 100644 --- a/cron.d/squert-ip2c +++ b/cron.d/squert-ip2c @@ -5,5 +5,5 @@ SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -*/5 * * * * root [ -d /var/lib/mysql/securityonion_db/ ] && /usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 > /dev/null 2>&1 +*/5 * * * * root /usr/bin/so-squert-ip2c-5min > /dev/null 2>&1 00 6 * * 0 root /usr/bin/so-squert-ip2c cron > /dev/null 2>&1 diff --git a/debian/changelog b/debian/changelog index 98f7294..a97790b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-squert-cron (20120722-0ubuntu0securityonion10) trusty; urgency=medium + + * Issue 987: Squert ip2c cron job should lock to prevent multiple instances + + -- Doug Burks Thu, 22 Sep 2016 14:09:21 -0400 + securityonion-squert-cron (20120722-0ubuntu0securityonion9) trusty; urgency=medium * random cron delay should be at least 10 minutes diff --git a/debian/patches/Issue-987:-Squert-ip2c-cron-job-should-lock-to-prevent-multiple-instances b/debian/patches/Issue-987:-Squert-ip2c-cron-job-should-lock-to-prevent-multiple-instances new file mode 100644 index 0000000..a7694c6 --- /dev/null +++ b/debian/patches/Issue-987:-Squert-ip2c-cron-job-should-lock-to-prevent-multiple-instances @@ -0,0 +1,102 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-squert-cron (20120722-0ubuntu0securityonion10) trusty; urgency=medium + . + * Issue 987: Squert ip2c cron job should lock to prevent multiple instances +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- /dev/null ++++ securityonion-squert-cron-20120722/bin/so-squert-ip2c-5min +@@ -0,0 +1,65 @@ ++#!/bin/bash ++# ++# Copyright (C) 2016 Doug Burks and Security Onion ++# ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++######################################### ++# Variables ++######################################### ++# What file should we log output to? ++IP2C_LOG="/var/log/nsm/squert-ip2c-5min.log" ++ ++# Lock file ++IP2C_LOCK="/var/log/nsm/squert-ip2c-5min.lock" ++ ++# Run squert-ip2c as IP2C_USER ++# Set directory and files to be owned by IP2C_USER:IP2C_GROUP ++IP2C_USER="sguil" ++IP2C_GROUP="sguil" ++ ++# The values above can be overridden in securityonion.conf ++source /etc/nsm/securityonion.conf ++ ++######################################### ++# Got r00t? ++######################################### ++if [[ $(/usr/bin/id -u) -ne 0 ]]; then ++ echo "This program needs root privileges. Please try again using sudo." ++ exit ++fi ++ ++######################################### ++# Check to see if database exists and then run squert-ip2c ++######################################### ++if [ ! -d /var/lib/mysql/securityonion_db/ ]; then ++ echo "No Sguil database. Exiting." ++ exit ++else ++ # Wipe existing $IP2C_LOG and insert date and a blank line ++ date > $IP2C_LOG ++ echo >> $IP2C_LOG ++ ++ if [ -f $IP2C_LOCK ] ; then ++ echo "Found lock file. Exiting." >> $IP2C_LOG ++ exit ++ else ++ # no lock found, so we can proceed ++ # if this takes more than 5 minutes, prevent other instances from running ++ touch $IP2C_LOCK ++ /usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 >> $IP2C_LOG ++ # clear lock file ++ rm -f $IP2C_LOCK ++ fi ++fi +--- securityonion-squert-cron-20120722.orig/cron.d/squert-ip2c ++++ securityonion-squert-cron-20120722/cron.d/squert-ip2c +@@ -5,5 +5,5 @@ + SHELL=/bin/sh + PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +-*/5 * * * * root [ -d /var/lib/mysql/securityonion_db/ ] && /usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 > /dev/null 2>&1 ++*/5 * * * * root /usr/bin/so-squert-ip2c-5min > /dev/null 2>&1 + 00 6 * * 0 root /usr/bin/so-squert-ip2c cron > /dev/null 2>&1 diff --git a/debian/patches/series b/debian/patches/series index 0867a30..59be49b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -7,3 +7,4 @@ add-cron-option-to-force-random-delay upload-to-git change-$LOG-to-$IP2C_LOG random-cron-delay-should-be-at-least-10-minutes +Issue-987:-Squert-ip2c-cron-job-should-lock-to-prevent-multiple-instances diff --git a/debian/postinst b/debian/postinst index 437d41b..c3e5c02 100644 --- a/debian/postinst +++ b/debian/postinst @@ -7,6 +7,7 @@ case "$1" in # Make sure scripts are executable chmod +x /usr/bin/so-squert-ip2c || echo "Error making squert-ip2c executable." + chmod +x /usr/bin/so-squert-ip2c-5min || echo "Error making squert-ip2c-5min executable." ;;