[Feature Request] netstat on load average alert

Post Reply
smuxbr
Junior Member
Posts: 4
Joined: 18 Sep 2011, 15:56

[Feature Request] netstat on load average alert

Post by smuxbr »

Hi to everyone,
First I come to thank the developers of the CSF by the efficiency of this system and I'm here to provide an improvements in their codes.
Well.. On my webhost company I created the modification for my csf to send a netstat table report when load average is too high.

I believe that this information is useful, especially in case of DDoS attack if you can know which IPs are attacking and how to mitigate so quickly on your external firewall (if you have one) .

I'd love to have this patch by default in CSF.

This patch was based in csf 5.52 and updated to 5.59 (cPanel).

Thanks in advance. It's great contribute to the CSF!

PS: This forum can't attach files. Sorry.

Code: Select all

--- csf.conf.preupdate  2012-07-05 12:40:11.000000000 -0300
+++ csf.conf    2012-07-09 11:12:29.000000000 -0300
@@ -1678,6 +1679,7 @@
 SENDMAIL = "/usr/sbin/sendmail"
 PS = "/bin/ps"
 VMSTAT = "/usr/bin/vmstat"
+NETSTAT = "/bin/netstat"
 LS = "/bin/ls"
 MD5SUM = "/usr/bin/md5sum"
 TAR = "/bin/tar"

--- lfd. pl-orig 2012-07-09 10:15:53.000000000 -0300
+++ lfd. pl      2012-07-09 11:14:37.000000000 -0300
@@ -2544,6 +2544,20 @@
                        alarm(0);
                        if ($@) {push @vmstat, "Unable to obtain vmstat output within 10 seconds - Timed out"}

+                        my @netstat;
+                        eval {
+                                local $SIG{__DIE__} = undef;
+                                local $SIG{'ALRM'} = sub {die};
+                                alarm(10);
+                                my ($childin, $childout);
+                                my $cmdpid = open3($childin, $childout, $childout, "$config{NETSTAT} -anp | sort -n");
+                                @netstat = <$childout>;
+                                waitpid ($cmdpid, 0);
+                                alarm(0);
+                        };
+                        alarm(0);
+                        if ($@) {push @netstat, "Unable to obtain netstat output within 10 seconds - Timed out"}
+
                        my $url = $config{PT_APACHESTATUS};
                        my ($status, $apache) = &urlget($url);
                        if ($status) {$apache = "Unable to retrieve Apache Server Status [$url] - $apache"}
@@ -2564,6 +2578,7 @@
                                $line =~ s/\[totprocs\]/$load[3]/ig;
                                $line =~ s/\[processlist\]/@proclist/ig;
                                $line =~ s/\[vmstat\]/@vmstat/ig;
+                               $line =~ s/\[netstat\]/@netstat/ig;
                                $line =~ s/\[apache\]/$apache/ig;
                                $line =~ s/\[boundary\]/$boundary/ig;
                                push @message, $line;

--- loadalert.txt.new   2008-03-31 12:45:26.000000000 -0300
+++ loadalert.txt       2012-07-09 11:16:07.000000000 -0200
@@ -43,4 +43,13 @@

 [apache]

+--------------[boundary]
+Content-Type: text/plain;
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment;
+ filename="netstat.txt"
+
+Output from netstat:
+[netstat]
+
 --------------[boundary]--

chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: [Feature Request] netstat on load average alert

Post by chirpy »

That is the purpose of the PT_LOAD_ACTION option - you can run whatever applications you want within your own script.
Post Reply