search

secureoptions / threshold

A simple tool which allows you to set a ping or TCP-based monitor/trigger, and then executes user-defined command
Other
15 stars 1 forks source link

Jobs running even after killing all #1

Open amitmaniar opened 6 years ago

amitmaniar commented 6 years ago

I was trying to debug some network issues today and found that jobs were running in background even after killing all of them. I set threshold using following command. sudo threshold -c 3 -d -P 22 -a "tcpdump -w /tmp/capture.pcap -i eth0 host " -p then after sometime I kill all jobs using following command sudo threshold -l now when I check processes ( sudo ps -ewf | grep threshold ), I see following output.

root      4224     1  0 13:07 pts/33   00:00:00 sh /etc/threshold/actions/26968
root      7361     1  0 13:07 pts/33   00:00:00 sh /etc/threshold/actions/26968
root     10163     1  0 13:08 pts/33   00:00:00 sh /etc/threshold/actions/26968
root     13708     1  0 13:08 pts/33   00:00:00 sh /etc/threshold/actions/26968
root     29840     1  0 13:06 pts/33   00:00:00 sh /etc/threshold/actions/26968

I think -k option is not stopping daemon processes.

secureoptions commented 6 years ago

Hi,

It looks like the threshold daemon processes have been stopped, but your subsequent tcpdump actions are still running after being triggered. Anyways, this is a good point. We'll see about tracking/stopping the actions themselves as well as the threshold processes.

On Wed, Apr 11, 2018 at 6:11 AM, amitmaniar notifications@github.com wrote:

I was trying to debug some network issues today and found that jobs were running in background even after killing all of them. I set threshold using following command. sudo threshold -c 3 -d -P 22 -a "tcpdump -w /tmp/capture.pcap -i eth0 host " -p then after sometime I kill all jobs using following command sudo threshold -l now when I check processes ( sudo ps -ewf | grep threshold ), I see following output.

root 4224 1 0 13:07 pts/33 00:00:00 sh /etc/threshold/actions/26968 root 7361 1 0 13:07 pts/33 00:00:00 sh /etc/threshold/actions/26968 root 10163 1 0 13:08 pts/33 00:00:00 sh /etc/threshold/actions/26968 root 13708 1 0 13:08 pts/33 00:00:00 sh /etc/threshold/actions/26968 root 29840 1 0 13:06 pts/33 00:00:00 sh /etc/threshold/actions/26968

I think -k option is not stopping daemon processes.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/secureoptions/threshold/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AG-BuIO6THddZcybesowwYY647C4hue0ks5tngD5gaJpZM4TQAAE .

secureoptions commented 6 years ago

After looking into this further, there are actually situations where an user may not want to stop actions that have already been executed when they stop pending threshold jobs. However, you can easily stop the actions manually. For example to kill all the "tcpdump" actions, you can execute the command "killall tcpdump", etc.

amitmaniar commented 6 years ago

Hi,
Thank you for details. I was not able to reproduce the issue. May be action was running in background.