Issue 987: Squert ip2c cron job should lock to prevent multiple insta…

…nces

bin/so-squert-ip2c-5min

@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Copyright (C) 2016 Doug Burks and Security Onion <doug.burks@gmail.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+#########################################
+# Variables
+#########################################
+# What file should we log output to?
+IP2C_LOG="/var/log/nsm/squert-ip2c-5min.log"
+
+# Lock file
+IP2C_LOCK="/var/log/nsm/squert-ip2c-5min.lock"
+
+# Run squert-ip2c as IP2C_USER
+# Set directory and files to be owned by IP2C_USER:IP2C_GROUP
+IP2C_USER="sguil"
+IP2C_GROUP="sguil"
+
+# The values above can be overridden in securityonion.conf
+source /etc/nsm/securityonion.conf
+
+#########################################
+# Got r00t?
+#########################################
+if [[ $(/usr/bin/id -u) -ne 0 ]]; then
+    echo "This program needs root privileges.  Please try again using sudo."
+    exit
+fi
+
+#########################################
+# Check to see if database exists and then run squert-ip2c
+#########################################
+if [ ! -d /var/lib/mysql/securityonion_db/ ]; then
+	echo "No Sguil database.  Exiting."
+	exit
+else
+	# Wipe existing $IP2C_LOG and insert date and a blank line
+	date > $IP2C_LOG
+	echo >> $IP2C_LOG
+
+	if [ -f $IP2C_LOCK ] ; then
+		echo "Found lock file.  Exiting." >> $IP2C_LOG
+		exit
+	else
+		# no lock found, so we can proceed
+		# if this takes more than 5 minutes, prevent other instances from running
+		touch $IP2C_LOCK
+		/usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 >> $IP2C_LOG
+		# clear lock file
+		rm -f $IP2C_LOCK
+	fi
+fi

cron.d/squert-ip2c

@@ -5,5 +5,5 @@
 SHELL=/bin/sh
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 
-*/5 * * * * root [ -d /var/lib/mysql/securityonion_db/ ] && /usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 > /dev/null 2>&1
+*/5 * * * * root /usr/bin/so-squert-ip2c-5min > /dev/null 2>&1
 00 6 * * 0 root /usr/bin/so-squert-ip2c cron > /dev/null 2>&1

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-squert-cron (20120722-0ubuntu0securityonion10) trusty; urgency=medium
+
+  * Issue 987: Squert ip2c cron job should lock to prevent multiple instances 
+
+ -- Doug Burks <doug.burks@gmail.com>  Thu, 22 Sep 2016 14:09:21 -0400
+
 securityonion-squert-cron (20120722-0ubuntu0securityonion9) trusty; urgency=medium
 
   * random cron delay should be at least 10 minutes 

debian/patches/Issue-987:-Squert-ip2c-cron-job-should-lock-to-prevent-multiple-instances

@@ -0,0 +1,102 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-squert-cron (20120722-0ubuntu0securityonion10) trusty; urgency=medium
+ .
+   * Issue 987: Squert ip2c cron job should lock to prevent multiple instances
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- /dev/null
++++ securityonion-squert-cron-20120722/bin/so-squert-ip2c-5min
+@@ -0,0 +1,65 @@
++#!/bin/bash
++#
++# Copyright (C) 2016 Doug Burks and Security Onion <doug.burks@gmail.com>
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++#########################################
++# Variables
++#########################################
++# What file should we log output to?
++IP2C_LOG="/var/log/nsm/squert-ip2c-5min.log"
++
++# Lock file
++IP2C_LOCK="/var/log/nsm/squert-ip2c-5min.lock"
++
++# Run squert-ip2c as IP2C_USER
++# Set directory and files to be owned by IP2C_USER:IP2C_GROUP
++IP2C_USER="sguil"
++IP2C_GROUP="sguil"
++
++# The values above can be overridden in securityonion.conf
++source /etc/nsm/securityonion.conf
++
++#########################################
++# Got r00t?
++#########################################
++if [[ $(/usr/bin/id -u) -ne 0 ]]; then
++    echo "This program needs root privileges.  Please try again using sudo."
++    exit
++fi
++
++#########################################
++# Check to see if database exists and then run squert-ip2c
++#########################################
++if [ ! -d /var/lib/mysql/securityonion_db/ ]; then
++	echo "No Sguil database.  Exiting."
++	exit
++else
++	# Wipe existing $IP2C_LOG and insert date and a blank line
++	date > $IP2C_LOG
++	echo >> $IP2C_LOG
++
++	if [ -f $IP2C_LOCK ] ; then
++		echo "Found lock file.  Exiting." >> $IP2C_LOG
++		exit
++	else
++		# no lock found, so we can proceed
++		# if this takes more than 5 minutes, prevent other instances from running
++		touch $IP2C_LOCK
++		/usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 >> $IP2C_LOG
++		# clear lock file
++		rm -f $IP2C_LOCK
++	fi
++fi
+--- securityonion-squert-cron-20120722.orig/cron.d/squert-ip2c
++++ securityonion-squert-cron-20120722/cron.d/squert-ip2c
+@@ -5,5 +5,5 @@
+ SHELL=/bin/sh
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+-*/5 * * * * root [ -d /var/lib/mysql/securityonion_db/ ] && /usr/bin/php -e /var/www/so/squert/.inc/ip2c.php 1 > /dev/null 2>&1
++*/5 * * * * root /usr/bin/so-squert-ip2c-5min > /dev/null 2>&1
+ 00 6 * * 0 root /usr/bin/so-squert-ip2c cron > /dev/null 2>&1

debian/patches/series

@@ -7,3 +7,4 @@ add-cron-option-to-force-random-delay
 upload-to-git
 change-$LOG-to-$IP2C_LOG
 random-cron-delay-should-be-at-least-10-minutes
+Issue-987:-Squert-ip2c-cron-job-should-lock-to-prevent-multiple-instances

debian/postinst

@@ -7,6 +7,7 @@ case "$1" in
 
 	# Make sure scripts are executable        
 	chmod +x /usr/bin/so-squert-ip2c || echo "Error making squert-ip2c executable."
+	chmod +x /usr/bin/so-squert-ip2c-5min || echo "Error making squert-ip2c-5min executable."
 
     ;;