X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fguardian.git;a=blobdiff_plain;f=guardian;h=f3c287b593305caf7769618a3439d33c5131cbf8;hp=af5caebf152c89b473a0b42fc476fc53b951a63e;hb=4d19939e53a4dfca420b683dd2bb8157d7d24fdd;hpb=01147a7edbba0b8705ac5b2873ca127bff30da15 diff --git a/guardian b/guardian index af5caeb..f3c287b 100644 --- a/guardian +++ b/guardian @@ -27,18 +27,16 @@ use Thread::Queue; use Linux::Inotify2; use Time::HiRes qw[ time sleep ]; +require Guardian::Base; require Guardian::Config; require Guardian::Parser; require Guardian::Socket; +use warnings; + # Define version. my $version ="2.0"; -# Array to store the monitored logfiles. -my @monitored_files = ( - "/var/log/snort/alert", -); - # Get and store the given command line arguments in a hash. my %cmdargs = (); @@ -67,10 +65,18 @@ if (defined($cmdargs{"help"})) { # Push the may be given config file argument. my %mainsettings = &Guardian::Config::UseConfig($cmdargs{"config"}); +# Shared hash between the main process and all threads. It will store all +# monitored files and their current file position. +my %monitored_files :shared = (); + # Create the main queue. It is used to store and process all events which are # reported and enqueued by the worker threads. my $queue :shared = new Thread::Queue or die "Could not create new, empty queue. $!\n";; +# Array to store all currently running worker objects. +# (Does not include the socket thread) +my @running_workers; + # Call Init function to initzialize guardian. &Init(); @@ -108,15 +114,11 @@ sub Init () { # Setup IPC mechanism via Socket in an own thread. threads->create(\&Socket); - # Loop through the array of which files should be monitored and - # create a worker thread for each single one. - foreach my $monitored_file (@monitored_files) { - # Check if the file exists and is readable. - if (-r "$monitored_file") { - # Create worker thread for the file. - threads->create(\&Worker,$monitored_file); - } - } + # Generate hash of monitored files. + %monitored_files = &Guardian::Base::GenerateMonitoredFiles(\%mainsettings, \%monitored_files); + + # Start worker threads. + &StartWorkers(); } # @@ -140,10 +142,10 @@ sub Init () { ## shared event queue. # sub Worker ($) { - my $file = @_[0]; + my $file = $_[0]; - # Get the fileposition. - my $fileposition = &Init_fileposition("$file"); + # Signal handler to kill worker. + $SIG{'KILL'} = sub { threads->exit(); }; # Create inotify watcher. my $watcher = new Linux::Inotify2 or die "Could not use inotify. $!\n"; @@ -151,43 +153,61 @@ sub Worker ($) { # Monitor the specified file. $watcher->watch("$file", IN_MODIFY) or die "Could not monitor $file. $!\n"; - # Get all notifications. - while ($watcher->read) { - my @message = (); + # Switch watcher into non-blocking mode. + $watcher->blocking(0); - # Open the file. - open (FILE, $file) or die "Could not open $file. $!\n"; + # Infinite loop. + while(1) { + # Check for any events and perform them, if there + # is a least one. + if ($watcher->read) { + my @message = (); - # Seek to the last known position. - seek (FILE, $fileposition, 0); + # Obtain fileposition from hash. + my $fileposition = $monitored_files{$file}; - # Get the log message. - while (my $line = ) { - # Remove any newlines. - chomp $line; + # Open the file. + open (FILE, $file) or die "Could not open $file. $!\n"; - # Add all lines to the message array. - push (@message, $line); - } + # Seek to the last known position. + seek (FILE, $fileposition, 0); - # Update fileposition. - $fileposition = tell(FILE); + # Get the log message. + while (my $line = ) { + # Remove any newlines. + chomp $line; - # Close file. - close(FILE); + # Add all lines to the message array. + push (@message, $line); + } + + { + # Lock shared hash. + lock(%monitored_files); - # Send filename and message to the parser, - # which will return if an action has to be performed. - my @action = &Guardian::Parser::Parser("$file", @message); + # Update fileposition. + $monitored_files{$file} = tell(FILE); + } - # Send the action to the main process and put it into - # the queue. - if (@action) { - # Lock the queue. - lock($queue); + # Close file. + close(FILE); - # Put the required action into the queue. - $queue->enqueue(@action); + # Send filename and message to the parser, + # which will return if an action has to be performed. + my @action = &Guardian::Parser::Parser("$file", @message); + + # Send the action to the main process and put it into + # the queue. + if (@action) { + # Lock the queue. + lock($queue); + + # Put the required action into the queue. + $queue->enqueue(@action); + } + } else { + # Sleep for 10ms until the next round of the loop will start. + sleep(0.01); } } } @@ -235,35 +255,6 @@ sub Socket () { } } -# -## Function for fileposition initialization. -# -## This function is used to get the cursor position of the end of file (EOF) of -## a specified file. -# -## In order to prevent from permanently read and keep files opened, or dealing -## with huge logfiles, at initialization time of the worker processes, the file will -## be opened once and the cursor position of the end of file (EOF) get stored. -# -sub Init_fileposition ($) { - my $file = $_[0]; - - # Open the file. - open(FILE, $file) or die "Could not open $file. $!\n"; - - # Just seek to the end of the file (EOF). - seek(FILE, 0, 2); - - # Get and store the position. - my $position = tell(FILE), - - # Close the file again. - close(FILE); - - # Return the position. - return $position; -} - # ## Function for capturing process signals. # @@ -274,6 +265,59 @@ sub SignalHandler { $SIG{INT} = \&Shutdown; $SIG{TERM} = \&Shutdown; $SIG{QUIT} = \&Shutdown; + $SIG{HUP} = \&Reload; +} + +# +## Function to start the workers (threads) for all monitored files. +# +## This function will loop through the hash of monitored files and will +## spawn an own thread based worker for each file. Every created worker will +## be added to the array of running workers. +# +sub StartWorkers () { + # Loop through the hash which contains the monitored files and start + # a worker thread for each single one. + foreach my $file (keys %monitored_files) { + # Create worker thread for the file. + push @running_workers, threads->create(\&Worker,$file); + } +} + +# +## Function to stop all running workers. +# +## This function is used to stop all currently running workers and will be +## called when reloading or shutting down guardian. +# +sub StopWorkers () { + # Loop through all running workers. + foreach my $worker (@running_workers) { + # Send the worker the "KILL" signal and detach the + # thread so perl can do an automatically clean-up. + $worker->kill('KILL'); + } +} + +# +## Reload function. +# +## This function will get called if the signal handler recieves a "SIGHUP" signal, +## or the reload command will be sent via socket connection. It is responsible for +## reloading all configure options and stopping/starting the worker threads. +# +sub Reload () { + # Stop all running workers. + &StopWorkers(); + + # Re-read configuration file. + %mainsettings = &Guardian::Config::UseConfig($cmdargs{"config"}); + + # Re-generate hash of monitored files. + %monitored_files = &Guardian::Base::GenerateMonitoredFiles(\%mainsettings, \%monitored_files); + + # Restart the worker threads. + &StartWorkers(); } # @@ -283,9 +327,17 @@ sub SignalHandler { ## by the signal handler when recieving INT (2), QUIT (3) and TERM (15) signals. # sub Shutdown () { + # Stop all workers. + &StopWorkers(); + # Remove socket file on exit. &Guardian::Socket::RemoveSocketFile(); + # Sleep for one second to give perl some + # time to proper clean up everything before + # exiting. + sleep(1); + # Exit guardian. exit; }