Current File : //lib/fm-agent/countermeasures/plugins/ServiceRestartHelper.py
"""
FortiMonitor service restart Countermeasure helper - base class to allow easy restart of services
regardless of the controlling service in use. Currently supports:
- init
- Upstart
- SystemD
- ...
Copyright 2023 Fortinet, Inc. All Rights Reserved.
fm-ops@fortinet.com
To use, create a subclass of ServiceRestartHelper and define the following property:
- service: The service name to restart
The following other properties can be set if you wish to customize further:
- max_frequency: Optional override to limit how often the service can be restarted
- name - A human-readable name for the countermeasure
- textkey - A unique textkey describing the countermeasure
- description: Optional longer description of what the plugin does
For example:
class ApacheRestartCountermeasure(ServiceRestartHelper):
service = "apache2"
max_frequency = 900 # Restart at most once every 15 minutes
"""
import os
import sys
from CountermeasurePlugin import CountermeasurePlugin
class ServiceRestartHelper(CountermeasurePlugin):
wall_announce_delay = 10
max_frequency = None
sudo_requirements = [["service", "svcadmin", "stopsrc", "initctl"]]
service = None
capture_output = True
author = "support@panopta.com"
@property
def name(self):
return "Restart %s" % self.service
@property
def textkey(self):
return "restart.%s" % self.service.strip()
@property
def description(self):
return "Restart the %s service" % self.service
def validate(self):
problems = []
if self.name == "Base Countermeasure":
problems.append("Missing name definition")
if self.textkey == "base":
problems.append("Missing textkey definition")
if self.service is None:
problems.append("Missing service definition")
return problems and ", ".join(problems) or None
def run(self):
if self.service is None:
self.log.error("No service specified for %s Countermeasure" % self.__class__.__name__)
return
# Figure out what service management system is in use
# TODO: Fill in this logic, potentially using details from
# https://github.com/ansible/ansible-modules-core/blob/devel/system/service.py
if "sunos" in sys.platform:
service = "sunos"
elif "freebsd" in sys.platform:
service = "freebsd"
elif "aix" in sys.platform:
service = "aix"
# Various Linux options from here on down
elif self.which("initctl") and os.path.exists("/etc/init/%s.conf" % self.service):
service = "upstart"
elif self.which("systemctl"):
service = "systemctl"
elif self.which("service"):
service = "service"
elif os.path.exists("/etc/init.d/%s" % self.service):
service = "init"
# If we made it to here, we haven't identified a management framework
else:
self.save_text_output("Unknown service management framework, unable to restart %s" % self.service)
return
self.log.info("Found service management framework %s" % service)
# Based on the service management system, restart the service
if service == "aix":
return_code, output = self.execute("sudo -n stopsrc -s %s; sudo startsrc -s %s" % (self.service, self.service))
elif service == "sunos":
return_code, output = self.execute("sudo -n svcadm restart %s" % self.service)
elif service == "freebsd":
return_code, output = self.execute("sudo -n service %s restart" % self.service)
elif service == "init":
return_code, output = self.execute("sudo -n /etc/init.d/%s restart" % self.service)
elif service == "systemctl":
return_code, output = self.execute("sudo -n systemctl restart %s" % self.service)
elif service == "upstart":
return_code, output = self.execute("sudo -n initctl restart %s" % self.service)
elif service == "service":
return_code, output = self.execute("sudo -n service %s restart" % self.service)
else:
self.save_text_output("Unknown service management framework, unable to restart %s" % self.service)
return
final_output = "Completed restart of %s" % self.service
if output and self.capture_output:
final_output += "\n" + output
self.log.info(final_output)
self.save_text_output(final_output)
self.save_return_code(return_code)
Mini Shell