Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Execd from becoming defunct when Active Response disabled #2692

Merged
merged 2 commits into from Feb 26, 2019
Merged

Prevent Execd from becoming defunct when Active Response disabled #2692

merged 2 commits into from Feb 26, 2019

Conversation

vikman90
Copy link
Member

@vikman90 vikman90 commented Feb 26, 2019
edited

Execd performs two main tasks:

  • Active Response.
  • Command dispatching.

This means that Execd must run either Active Response is enabled or disabled.

But, if We disable Active Response:

<active-response>
  <disabled>yes</disabled>
</active-response>

Then, Execd appears as defunct:

# ps -ef | grep defu
root     29916     1  0 13:12 ?        00:00:00 [ossec-execd] <defunct>

Rationale

Execd starts the command dispatching thread after parsing its configuration. Then, if Active Response is disabled, it closes its main thread (pthread_exit()). This works but lets Execd appear as defunct.

Proposed fix

Let Execd join the command dispatcher thread instead of closing the main thread.

@vikman90 vikman90 added core/execd type/bug Something isn't working labels Feb 26, 2019
@vikman90 vikman90 added this to Needs review in Wazuh 3.9.0 via automation Feb 26, 2019
@vikman90 vikman90 mentioned this pull request Feb 26, 2019
Closed
21 tasks
@vikman90
Prevent Execd from becoming defunct when Active Response disabled.
c1761ad 
Let Execd join the command dispatcher thread instead of closing the main thread.
@vikman90 vikman90 changed the base branch from master to 3.9 February 26, 2019 06:24
@chemamartinez
Copy link
Contributor

Hi @vikman90,

The PR works as expected. However, I have noticed when testing it that, when AR is disabled in agents, two errors are shown when starting by default:

2019/02/26 10:40:57 ossec-agentd: ERROR: (1210): Queue '/queue/alerts/execq' not accessible: 'No such file or directory'.
2019/02/26 10:40:57 ossec-agentd: ERROR: Unable to connect to the active response queue (disabled).

Since AR can be disabled, I consider the second one is not an error, so let me change it to an informational message.

Regards.

Wazuh 3.9.0 automation moved this from Needs review to Review Approved Feb 26, 2019
@chemamartinez chemamartinez merged commit 3b00d8b into 3.9 Feb 26, 2019
Wazuh 3.9.0 automation moved this from Review Approved to Done Feb 26, 2019
@chemamartinez chemamartinez deleted the 3.9-execd-defunct branch February 26, 2019 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chemamartinez chemamartinez chemamartinez approved these changes

Assignees

@vikman90 vikman90

@chemamartinez chemamartinez

Labels
type/bug Something isn't working
Projects
No open projects
Wazuh 3.9.0
  
Completed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vikman90 @chemamartinez