I don't know what is it and how to fix this, but I've written a
shell-script, which restart sensor if issCSF or issDaemon processes are not
present in ps output.
The only problem I've found with it is if sensor is stopped legitimately my
script start to restart sensor endlessly and its not good, but this script
can be freely modified to prevent this if it's needed.
Also, I recommend to stop this script during XPU installation.
Important: If you will have problems with use of this script, I will not
carry the responsibility, so, do not use this script without needlessly!
Here it is:
#!/bin/sh
###!/bin/sh -x
##
## svsoldatov, 28.02.2004
##
PID_FILE='/var/run/check_rne.pid'
GREP_TMPL1='/opt/ISS/issSensors/network_sensor_1/issCSF'
GREP_TMPL2='issDaemon'
PSCMD='/bin/ps -ef'
GREPCMD='/bin/grep'
MAILCMD='/bin/mail'
ECHOCMD='/bin/echo'
LOGGERCMD='/usr/bin/logger'
ADMINS='svsoldatov@tnk-bp.ru'
#ISSRESTARTCMD=/etc/init.d/realsecure stop 1>/dev/null 2>/dev/null;
$SLEEPCMD 5; /etc/init.d/realsecure start 1>/dev/null 2>/dev/null
PAUSE='10'
SLEEPCMD='/bin/sleep'
$ECHOCMD $$ >$PID_FILE
handler () {
##echo exiting...
rm $PID_FILE
exit 0
}
trap handler 1 2
while :
do
PS=`$PSCMD | $GREPCMD "$GREP_TMPL1"`
PS2=`$PSCMD | $GREPCMD "$GREP_TMPL2"`
#echo "PS=$PS="
#echo "PS2=$PS2="
if [ "x$PS" = "x" -o "x$PS2" = "x" ]
then
#echo "RNE was down! Started..."
/etc/init.d/realsecure stop 1>/dev/null 2>/dev/null;
$SLEEPCMD 5; /etc/init.d/realsecure start 1>/dev/null 2>/dev/null
$SLEEPCMD $PAUSE
$LOGGERCMD -p user.emerg RNE was down! Restarted...
#$ECHOCMD RNE was down and startsed again! | $MAILCMD -t
$ADMINS
fi
$SLEEPCMD $PAUSE
done
---
Best regards, Sergey V. Soldatov.
Information security department.
tel/fax +7 095 745 89 50 (1613)
"Hertzog, Albert"
<AHertzog@fnb.co.za> To: <SVSoldatov@tnk.ru>
cc:
01.03.2005 12:08 Subject: [ISSForum] RNE on
Linux
I recently installed a G100 appliance in inline mode and today it started
with the same error.
|----------------------------------------------------------------------------------------------|
| (G100-Int-Blue) - The Application received signal 11. The engine will exit.
|
|----------------------------------------------------------------------------------------------|
Did you manage to solve your problem.
Regards
Albert Hertzog
Technology Risk Management
FirstRand Bank
+2711 889 5208
+2783 660 8994
ahertzog@fnb.co.za
___________________________________________
The views expressed in this email are, unless otherwise stated, those of
the author and not those
of the FirstRand Banking Group an Authorised Financial Service Provider or
its management.
The information in this e-mail is confidential and is intended solely for
the addressee.
Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity
of information and data
transmitted electronically and to preserve the confidentiality thereof, no
liability or
responsibility whatsoever is accepted if information or data is, for
whatever reason, corrupted
or does not reach its intended destination.
__________________________________
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
