Page 1 of 1

[Feature Request] netstat on load average alert

Posted: 11 Jul 2012, 16:29
by smuxbr
Hi to everyone,
First I come to thank the developers of the CSF by the efficiency of this system and I'm here to provide an improvements in their codes.
Well.. On my webhost company I created the modification for my csf to send a netstat table report when load average is too high.

I believe that this information is useful, especially in case of DDoS attack if you can know which IPs are attacking and how to mitigate so quickly on your external firewall (if you have one) .

I'd love to have this patch by default in CSF.

This patch was based in csf 5.52 and updated to 5.59 (cPanel).

Thanks in advance. It's great contribute to the CSF!

PS: This forum can't attach files. Sorry.

Code: Select all

--- csf.conf.preupdate  2012-07-05 12:40:11.000000000 -0300
+++ csf.conf    2012-07-09 11:12:29.000000000 -0300
@@ -1678,6 +1679,7 @@
 SENDMAIL = "/usr/sbin/sendmail"
 PS = "/bin/ps"
 VMSTAT = "/usr/bin/vmstat"
+NETSTAT = "/bin/netstat"
 LS = "/bin/ls"
 MD5SUM = "/usr/bin/md5sum"
 TAR = "/bin/tar"

--- lfd. pl-orig 2012-07-09 10:15:53.000000000 -0300
+++ lfd. pl      2012-07-09 11:14:37.000000000 -0300
@@ -2544,6 +2544,20 @@
                        alarm(0);
                        if ($@) {push @vmstat, "Unable to obtain vmstat output within 10 seconds - Timed out"}

+                        my @netstat;
+                        eval {
+                                local $SIG{__DIE__} = undef;
+                                local $SIG{'ALRM'} = sub {die};
+                                alarm(10);
+                                my ($childin, $childout);
+                                my $cmdpid = open3($childin, $childout, $childout, "$config{NETSTAT} -anp | sort -n");
+                                @netstat = <$childout>;
+                                waitpid ($cmdpid, 0);
+                                alarm(0);
+                        };
+                        alarm(0);
+                        if ($@) {push @netstat, "Unable to obtain netstat output within 10 seconds - Timed out"}
+
                        my $url = $config{PT_APACHESTATUS};
                        my ($status, $apache) = &urlget($url);
                        if ($status) {$apache = "Unable to retrieve Apache Server Status [$url] - $apache"}
@@ -2564,6 +2578,7 @@
                                $line =~ s/\[totprocs\]/$load[3]/ig;
                                $line =~ s/\[processlist\]/@proclist/ig;
                                $line =~ s/\[vmstat\]/@vmstat/ig;
+                               $line =~ s/\[netstat\]/@netstat/ig;
                                $line =~ s/\[apache\]/$apache/ig;
                                $line =~ s/\[boundary\]/$boundary/ig;
                                push @message, $line;

--- loadalert.txt.new   2008-03-31 12:45:26.000000000 -0300
+++ loadalert.txt       2012-07-09 11:16:07.000000000 -0200
@@ -43,4 +43,13 @@

 [apache]

+--------------[boundary]
+Content-Type: text/plain;
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment;
+ filename="netstat.txt"
+
+Output from netstat:
+[netstat]
+
 --------------[boundary]--


Re: [Feature Request] netstat on load average alert

Posted: 12 Aug 2012, 10:02
by chirpy
That is the purpose of the PT_LOAD_ACTION option - you can run whatever applications you want within your own script.