CHECK PROCESS MATCHING does not work on 5.27.0 when monit runs as non-root
On version 5.26.0 I have several working checks defined as for example.
check process ntp matching "ntpd"
Monit daemon runs as a monit user. After upgrade to 5.27.0 monit does not match those processes or any other process run as other user.
To reproduce. Correct behaviour of 5.26.0
[monit@host ~]$ /home/monit/monit-linux-x64-5.26.0.bin -c /opt/monitor/monit.conf procmatch ntp
List of processes matching pattern "ntp":
┌───┬───────┬───────┬──────────────────────────────────────────────────────────┐
│ │ PID │ PPID │ Command │
├───┼───────┼───────┼──────────────────────────────────────────────────────────┤
│ * │ 3226 │ 1 │ /usr/sbin/ntpd -u ntp:ntp -g │
└───┴───────┴───────┴──────────────────────────────────────────────────────────┘
Total matches: 1
Not working behaviour on 5.27.0
[monit@host ~]$ /home/monit/monit-linux-x64-5.27.0.bin -c /opt/monitor/monit.conf procmatch ntp
List of processes matching pattern "ntp":
Total matches: 0
Binaries for linux-64.
Comments (10)
-
Account Deleted reporter -
Hello Artur,
who is the owner of the process you checked with procmatch.As Long as the process is owned by the user I use to check the procmatch, the process will be found.
But all other processes are not owned by the user are not found.It seems to me, Linux check the process owner only, on AIX I find all processes with the name matching to procmatch. On Linux I get my processes are matching only.
Nice to see,
Lutz
-
Account Deleted reporter Hello Lutz,
this is exactly as you are describing. The newest version of monit, when run as non-root user is not able to match any process wich is not running as the same user as monit daemon. I do not find this mentioned in the change log so that is why I registered this issue. -
Hello Tildeslash,
I think the process list does not contain all processes as long as monit does not run as root,
initprocesstree_sysdep does not collect some processes becauseSometimes _parseProcPidIO(&proc) failed, this was ignored in the past and
_parseProcFdCount(&proc) is new and failed sometime too.This is nice, the process tree try to contain useful data only, but unfortunately some processes are ignored now.
Someone should check the reason for something like this (see src/process/sysdep_LINUX.c)
// parse /proc/PID/io static bool _parseProcPidIO(Proc_T proc) { char buf[4096]; char *tmp = NULL; if (_statistics.hasIOStatistics) { if (file_readProc(buf, sizeof(buf), "io", proc->data.pid, NULL)) { // read bytes (total) : } else { // file_readProc() already printed a DEBUG() message return false; } } return true; }
All PIDs without any io data are ignored now.
And for this
int initprocesstree_sysdep(ProcessTree_T **reference, ProcessEngine_Flags pflags) { ASSERT(reference); : for (size_t i = 0; i < globbuf.gl_pathc; i++) { proc.data.pid = atoi(globbuf.gl_pathv[i] + 6); // skip "/proc/" if (_parseProcPidStat(&proc) && _parseProcPidStatus(&proc) && _parseProcPidIO(&proc) && _parseProcPidCmdline(&proc, pflags) && _parseProcFdCount(&proc)) { // Non-mandatory statistics (may not exist) _parseProcPidAttrCurrent(&proc);
_parseProcFdCount(&proc) should moved to the non mandatory statistics, sometimes not all Information are available.
A short look to the code only, I try do do some more testing in some of my Linux systems.
In the passt, some data was missing for a process, but the process tree was complete. Now, I missed no data but some processes.
With regards,
Lutz -
Hello,
I got a test Linux system and do some tests based on the suggested modifications, for src/process/sysdep_LINUX.c.monit -v -B procmatch ssh system statistic error -- opendir /proc/978/fd: Permission denied Cannot open proc file '/proc/98/io' -- Permission denied system statistic error -- opendir /proc/98/fd: Permission denied Cannot open proc file '/proc/983/io' -- Permission denied system statistic error -- opendir /proc/983/fd: Permission denied Cannot open proc file '/proc/990/io' -- Permission denied system statistic error -- opendir /proc/990/fd: Permission denied Cannot open proc file '/proc/998/io' -- Permission denied system statistic error -- opendir /proc/998/fd: Permission denied List of processes matching pattern "ssh": PID PPID Command * 101933 1 /usr/sbin/sshd -D -4 56843 101933 sshd: j123456 [priv] 56867 56843 sshd: j123456@notty 56868 56867 logksh -c /usr/lib/ssh/sftp-server 56869 56868 /usr/lib/ssh/sftp-server 57289 101933 sshd: j123456 [priv] 57340 57289 sshd: j123456@pts/0 Total matches: 7 WARNING: Multiple processes match the pattern. Monit will select the process with the highest uptime, the one highlighted.
I got some information about other processes again and some error messages for the files the user can not read (I used the verbose mode to show this).
This looks similar to the past, based on monit 5.26.0../monit -v -B procmatch ssh Cannot open proc file '/proc/973/io' -- Permission denied Cannot open proc file '/proc/974/io' -- Permission denied Cannot open proc file '/proc/978/io' -- Permission denied Cannot open proc file '/proc/98/io' -- Permission denied Cannot open proc file '/proc/983/io' -- Permission denied Cannot open proc file '/proc/990/io' -- Permission denied Cannot open proc file '/proc/998/io' -- Permission denied List of processes matching pattern "ssh": PID PPID Command * 101933 1 /usr/sbin/sshd -D -4 56843 101933 sshd: j123456[priv] 56867 56843 sshd: j123456@notty 56868 56867 logksh -c /usr/lib/ssh/sftp-server 56869 56868 /usr/lib/ssh/sftp-server 57289 101933 sshd: j123456 [priv] 57340 57289 sshd: j123456@pts/0 Total matches: 7 WARNING: Multiple processes match the pattern. Monit will select the process with the highest uptime, the one highlighted.
With regards,
Lutz -
Hello Artur,
I make a monit package with the suggested fix available, this package is for testing purpose only.See https://bitbucket.org/lutzmad/monit/downloads/monit-5.27.0-suse12match-x64.tar.gz
Some more packages are available too on https://bitbucket.org/lutzmad/monit/downloads/
With regards,
Lutz -
- attached match-src-monit-5.27.0.diff
This are the code changes. Lutz
-
Hello Tildeslash,
I add a pull request to fix this issue, from my point of view. See https://bitbucket.org/tildeslash/monit/pull-requests/99With regards,
Lutz -
repo owner - changed status to resolved
Merged in issue_916 (pull request #99)
Fix issue 916, when monit runs as non-root
Approved-by: Tildeslash
→ <<cset b9155d68a100>>
-
repo owner Issue
#924was marked as a duplicate of this issue. - Log in to comment
On FreeBSD 12.x works correctly as expected.
[monit@host ~]$ monit -V
This is Monit version 5.26.0
Built with ssl, with ipv6, with compression, with pam and with large files
Copyright (C) 2001-2019 Tildeslash Ltd. All Rights Reserved.
[monit@host ~]$ monit -c /home/monit/monitrc procmatch "/usr/local/sbin/ntpd"
List of processes matching pattern "/usr/local/sbin/ntpd":
┌───┬───────┬───────┬──────────────────────────────────────────────────────────┐
│ │ PID │ PPID │ Command │
├───┼───────┼───────┼──────────────────────────────────────────────────────────┤
│ * │ 74578 │ 1 │ /usr/local/sbin/ntpd -f /usr/local/etc/ntpd.conf │
└───┴───────┴───────┴──────────────────────────────────────────────────────────┘
Total matches: 1
[monit@host ~]$ monit -V
This is Monit version 5.27.0
Built with ssl, with ipv6, with compression, with pam and with large files
Copyright (C) 2001-2020 Tildeslash Ltd. All Rights Reserved.
[monit@host ~]$ monit -c /home/monit/monitrc procmatch "/usr/local/sbin/ntpd"
List of processes matching pattern "/usr/local/sbin/ntpd":
┌───┬──────────┬──────────┬────────────────────────────────────────────────────┐
│ │ PID │ PPID │ Command │
├───┼──────────┼──────────┼────────────────────────────────────────────────────┤
│ * │ 74578 │ 1 │ /usr/local/sbin/ntpd -f /usr/local/etc/ntpd.conf │
└───┴──────────┴──────────┴────────────────────────────────────────────────────┘
Total matches: 1