On July 11th, 2002 my eyes were opened. I discovered PM and Perl that day. As I am sure a lot of people do, I have tried to become good at Perl by solving problems at work that needed solving.

One thing I needed to solve was a way of monitoring system health and reporting only what was relavent. Without discussing the merits of other programs that do the same thing, I needed it to be incredibly specific to my environment, I needed it to be fast, and I needed it to be expandable.

The last part is the one that intrigued me - was it possible to write a program that could grow and expand without modifying the code? The answer is yes if you standardize the "types" of things you are looking for. Now the question you may slam me for asking - is this the right approach? Here is a sample of some code to give you an idea of what I am talking about. 

#!/usr/bin/perl -W
use strict;
use Config::IniFiles;
delete @ENV{qw(IFS PATH CDPATH ENV BASH_ENV)};
my $cfg = new Config::IniFiles( -file => "default.ini" );
&processcheck if $cfg->val('PROCESS','ENABLED');
&displayresults;
exit;
sub processcheck {
 my @ptable = `/usr/bin/ps -ef`;
 my @alert = $cfg->val('PROCESS','ALERT');
 my @message = $cfg->val('PROCESS','MESSAGE');
 my @process = $cfg->val('PROCESS','PROCESS');
 for ( my $i = 0; $i <= $#alert; $i++ ) {
  unless(grep /$process[$i]/ , @ptable) {
   $alerts{"$alert[$i]"} .= "\n$message[$i]";
  }
 }
}
sub displayresults {
 print "REPORT TAKEN AT " . localtime(time) . "\n";
 for my $alerttype ( sort keys %alerts ) {
  print "\n\U$alerttype\E ALERTS";
  print "$alerts{$alerttype}\n";
 }
}

#default.ini
[PROCESS]
ENABLED = 1
PROCESS = ldapd -p 389
PROCESS = sendmail: accepting
PROCESS = /xntpd
PROCESS = apache/bin/httpd
MESSAGE = LDAP is not running
MESSAGE = Sendmail daemon is not accepting connections
MESSAGE = NTP daemon is not running
MESSAGE = Apache web server is not running
ALERT = medium
ALERT = major
ALERT = minor
ALERT = minor

[download]

Again, most of the code is tailored for the environment I work in and I couldn't disclose it here if I wanted to. There is a way to set thresholds for disk space and the appropriate alert, ways to check if log files are being updated or are stagnant, etc.

My question is - is this a bad idea, are the security risks too great? The above section of code should work with Taint turned on for those of you who would like to use it. For me, it is a lot easier to go into the config file to adjust a parameter or add a new check then it is to go into the code - especially when what people want changes every day - I wanted the code to stay small and clean.

ok, fire away - my job is secure even if my XPs aren't.

In reply to Anticipation of future needs and other musings from the crystal ball by Limbic~Region

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.