[Feature Request] netstat on load average alert
Posted: 11 Jul 2012, 16:29
Hi to everyone,
First I come to thank the developers of the CSF by the efficiency of this system and I'm here to provide an improvements in their codes.
Well.. On my webhost company I created the modification for my csf to send a netstat table report when load average is too high.
I believe that this information is useful, especially in case of DDoS attack if you can know which IPs are attacking and how to mitigate so quickly on your external firewall (if you have one) .
I'd love to have this patch by default in CSF.
This patch was based in csf 5.52 and updated to 5.59 (cPanel).
Thanks in advance. It's great contribute to the CSF!
PS: This forum can't attach files. Sorry.
First I come to thank the developers of the CSF by the efficiency of this system and I'm here to provide an improvements in their codes.
Well.. On my webhost company I created the modification for my csf to send a netstat table report when load average is too high.
I believe that this information is useful, especially in case of DDoS attack if you can know which IPs are attacking and how to mitigate so quickly on your external firewall (if you have one) .
I'd love to have this patch by default in CSF.
This patch was based in csf 5.52 and updated to 5.59 (cPanel).
Thanks in advance. It's great contribute to the CSF!
PS: This forum can't attach files. Sorry.
Code: Select all
--- csf.conf.preupdate 2012-07-05 12:40:11.000000000 -0300
+++ csf.conf 2012-07-09 11:12:29.000000000 -0300
@@ -1678,6 +1679,7 @@
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
+NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
--- lfd. pl-orig 2012-07-09 10:15:53.000000000 -0300
+++ lfd. pl 2012-07-09 11:14:37.000000000 -0300
@@ -2544,6 +2544,20 @@
alarm(0);
if ($@) {push @vmstat, "Unable to obtain vmstat output within 10 seconds - Timed out"}
+ my @netstat;
+ eval {
+ local $SIG{__DIE__} = undef;
+ local $SIG{'ALRM'} = sub {die};
+ alarm(10);
+ my ($childin, $childout);
+ my $cmdpid = open3($childin, $childout, $childout, "$config{NETSTAT} -anp | sort -n");
+ @netstat = <$childout>;
+ waitpid ($cmdpid, 0);
+ alarm(0);
+ };
+ alarm(0);
+ if ($@) {push @netstat, "Unable to obtain netstat output within 10 seconds - Timed out"}
+
my $url = $config{PT_APACHESTATUS};
my ($status, $apache) = &urlget($url);
if ($status) {$apache = "Unable to retrieve Apache Server Status [$url] - $apache"}
@@ -2564,6 +2578,7 @@
$line =~ s/\[totprocs\]/$load[3]/ig;
$line =~ s/\[processlist\]/@proclist/ig;
$line =~ s/\[vmstat\]/@vmstat/ig;
+ $line =~ s/\[netstat\]/@netstat/ig;
$line =~ s/\[apache\]/$apache/ig;
$line =~ s/\[boundary\]/$boundary/ig;
push @message, $line;
--- loadalert.txt.new 2008-03-31 12:45:26.000000000 -0300
+++ loadalert.txt 2012-07-09 11:16:07.000000000 -0200
@@ -43,4 +43,13 @@
[apache]
+--------------[boundary]
+Content-Type: text/plain;
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment;
+ filename="netstat.txt"
+
+Output from netstat:
+[netstat]
+
--------------[boundary]--