search

stamparm / maltrail

Malicious traffic detection system
MIT License
6.58k stars 1.09k forks source link

Running a docker container built with your Dockerfile both server.py and sensor.py fail to restart. #19243

Closed hpeters closed 9 months ago

hpeters commented 9 months ago

Running a docker container created with your Dockerfile fails to restart server.py and sensor.py via cron.

How To Reproduce Build a docker container via your instructions.

Expected behavior When 2 1 /usr/bin/pkill -f maltrail is run server.py and sensor.py should get restarted by /1 if [ -n "$(ps -ef | grep -v grep | grep server.py)" ]; then : ; else python /opt/maltrail/server.py -c /opt/maltrail/maltrail.conf; fi >> /var/log/cron.log' /1 * if [ -n "$(ps -ef | grep -v grep | grep sensor.py)" ]; then : ; else python /opt/maltrail/sensor.py -c /opt/maltrail/maltrail.conf; fi >> /var/log/cron.log'

The problem is the following line is still detected by ps -ef: root 1 0 0 Feb20 ? 00:00:00 /bin/sh -c bash -c "python /opt/maltrail/server.py &" && bash -c "python /opt/maltrail/sensor.py &" && cron && tail -f /var/log/cron.log

You need to add grep -v bash to the line so it ignore's the above line. Your current Dockerfile has:

RUN (echo '/1 if [ -n "$(ps -ef | grep -v grep | grep server.py)" ]; then : ; else python /opt/maltrail/server.py -c /opt/maltrail/maltrail.conf; fi >> /var/log/cron.log') | crontab RUN (crontab -l ; echo '/1 if [ -n "$(ps -ef | grep -v grep | grep sensor.py)" ]; then : ; else python /opt/maltrail/sensor.py -c /opt/maltrail/maltrail.conf; fi >> /var/log/cron.log') | crontab

I use:

RUN (echo '/1 if [ -n "$(ps -ef | grep -v grep | grep -v bash | grep server.py)" ]; then : ; else bash -c "python /opt/maltrail/server.py -c /opt/maltrail/maltrail.conf &"; fi) | crontab RUN (crontab -l ; echo '/1 if [ -n "$(ps -ef | grep -v grep | grep -v bash | grep sensor.py)" ]; then : ; else bash -c "python /opt/maltrail/sensor.py -c /opt/maltrail/maltrail.conf &"; fi) | crontab

Environment:

stamparm commented 9 months ago

image

stamparm commented 9 months ago

if i try to do this in separate terminals, it seems to me that all works as expected

image

image

p.s. sensor stopped because of no (root) permissions

hpeters commented 9 months ago

This is what is running in my container shown when running ps -ef.

UID PID PPID C STIME TTY TIME CMD root 1 0 0 Feb20 ? 00:00:00 /bin/sh -c bash -c "python /opt/maltrail/server.py &" && bash -c "python /opt/maltrail/sensor.py &" && cron && tail -f /var/log/cron.log root 12 1 0 Feb20 ? 00:00:06 cron root 13 1 0 Feb20 ? 00:00:28 tail -f /var/log/cron.log root 18986 1 0 01:03 ? 00:02:00 python /opt/maltrail/sensor.py -c /opt/maltrail/maltrail.conf root 18987 1 0 01:03 ? 00:00:09 python /opt/maltrail/server.py -c /opt/maltrail/maltrail.conf root 26279 0 0 09:32 pts/0 00:00:00 bash root 26292 26279 0 09:32 pts/0 00:00:00 ps -ef

The line with pid 1 is the line with the problem it has bash in it but more importantly it has server.py and sensor.py in it. This line still exits even after the cron command: 2 1 * /usr/bin/pkill -f maltrail is run.

The cron commands: /1 if [ -n "$(ps -ef | grep -v grep | grep server.py)" ]; then : ; else python /opt/maltrail/server.py -c /opt/maltrail/maltrail.conf; fi >> /var/log/cron.log /1 if [ -n "$(ps -ef | grep -v grep | grep sensor.py)" ]; then : ; else python /opt/maltrail/sensor.py -c /opt/maltrail/maltrail.conf; fi >> /var/log/cron.log

match on that pid 1 line and think the server.py and sensor.py are still runing and doesn't restart them. Adding grep -v bash prevents that from happening.

stamparm commented 9 months ago

@hpeters added that piece with the latest commit