BGPWatch / News: Recent posts

A new version of BGPWatch is written and being tested. The new version uses /proc instead of the output from ps for maintaining a list of processes.

The most important thing about this change is that it has allowed me to close up a security issue that has been around from the beginning. With current versions a user can name any of their executables, such as eggdrop, to the name of one of your processes that you do not count against them and then it will not go against their limit. With this new version you can specify a full path to programs that you do not want to count against a user, such as /usr/bin/vi, and then that is also checked so if a user renames their eggdrop to vi it still counts against their total since it is in /home/username/whatever/.

BGPWatch-2.3.1 is finally released after several weeks of running on one of my servers with no issues. There are no new features this time around, just a bunch of optimized code to do away with placeholder variables and temporary files.

Well, the new BGPWatch I announced some time ago has finally been installed on one of my production servers. I'll leave it running there for a few days to make sure it doesn't do anything crazy and then put it on here for all of you to use.

BGPWatch has undergone some significant changes.
* Disk I/O has been reduced to only reading the config files on startup, rather than writing all user processes to disk and then reading those files again seconds (or less) later.
* Multiple unnecessary loops through arrays have been removed.
* Several excess temporary or placeholder scalars and arrays have been removed.

bgpwatch-2.3 has been released after running on a production box for around 2 months with no issues.

I have added a test mode (defaults to on) which will just tell you which processes would have been killed rather than actually killing them. This should make testing to make sure you've got everything configured properly a lot safer.

Support for using full usernames rather than the shortened usernames that ps outputs has been added, so you'll need to update your userlist and ignorelist if you're running an older version.... read more

I put test mode into v2.3 last night and it seems to work as intended. I think this will be very helpful in ensuring that you've got bgpwatch configured how you want it before you let it start killing processes.

bgpwatch 2.3 is almost here, finally. I got around to writing code so that you can use full usernames in your config files instead of the username as it appears in the output of ps (which shortens longer names). This functionality is being tested by myself and a few volunteers.

Before releasing I plan to add a test mode which will just list which processes would have been killed with their name, pid, and owner without actually killing them so that you can test to make sure it's configured and working as expected more easily.... read more

You can now downloaded the correct 2.2.2 code that should actually work. Again, I'm sorry about taking so long to fix this. I have been inactive with this project and for some reason my 2.2.2 source that I run did not have the error in the code.

Also, in the last news I said line 183. It should have been line 154. Don't fix code and play WoW at the same time.

It appears that on line 183 there is a bug:

Sorry it took so long, but I found it. Line 183 is the problem.

next FIRST if $procname =~ /\b$_\b/";

That line needs the " removed so that it is

next FIRST if $procname =~ /\b$_\b/;

Sorry it took so long to get this fixed as the bug was pointed out to me quite some time ago but I've been fairly inactive with this. I'm not sure how that got into the code on here as it's not in the code that is running on my server. I'll try to remember to get the updated code for download in the next day or two.... read more

There's one thing that I believe I left out of the README. Some people have figured it out on their own, but just in case you haven't, here it is.

To run from cron you will not want to run the bgpwatch script directly. What you will want to do is create a script in whatever dir bgpwatch is installed to. Run that script from cron. The script should then run the bgpwatch script using the full path to bgpwatch. If you do not do this the script will not find the needed configuration files.

Please remove my e-mail address and put your own in there. It doesn't do any good for me to receive e-mails when users on your system go over their limit.

I just found a problem where it sometimes is not deleting the tmp files properly, causing you to get reports of users using too many processes. I will make a release to fix this, but for the time being you can add this on line 205:
unlink "$read";

I just noticed something that I figured I should warn you guys about. Bpgwatch uses the output of ps. The ps utility only gives the first 7 characters of a username, so if you have users that have 8+ character usernames, remember to shorten it when putting them in one of the config files.

I am deciding on the best solution to this right now. I could use /proc, but that only brings it up to 8 characters, not much improvement. I can also use the uid instead of username, but that will make managing users in bgpwatch a bit of a pain, but I may make that an optional way to do it. If you've got a preferance of any recommendations, feel free to send me an e-mail at jmichalicek@Hotmail.com or ret@bash-shell.net

getting bgpwatch-2.2 is definitely recommended. I found a little bug where if you had any processes listed to be banned, all processes would always match and be killed (unless the owner was on the list of users to ignore)... not good. That's been fixed now.

I also minimized the code for sending e-mail, so it is slightly smaller now.

I was looking at the code preparing to make some changes for 2.1 and I realized that even with the security mode set to off, processes owned by users not on either the userlist or the ignored user list will still be killed. I corrected the code that was causing that just a few minutes ago and it will be included in the 2.1 release which should be out later today or tomorrow, most likely.

bgpwatch has been completely rewritten from the ground up in perl. The code is much more efficient, with far less disk i/o and more work done in memory, and less nested loops to mess with.

For those of you looking to modify it further, the source code is now much easier to read and even has comments.

BGPWatch has been completely rewritten in Perl. The code is smaller, it's significantly more efficient with almost no disk access unlike before, and best of all, the code has comments **gasp**.

I will have it uploaded within the next couple days, I'm just trying to tweak a few things.

bgpwatch-1.5 has been released, this fixes some instances that users could have hidden "illegal" processes from bgpwatch previously.

bgpwatch-1.3 has been released. This version corrects the bug in previous versions where if a process had [ or ] in it and was owned by a user who was not in the ignorelist, then you would recieve grep errors.
I also removed the notes from the various list files because I have not yet put code into the program to ignore lines starting with #, so there was a chance that they could cause problems for some people.

I believe I have fixed the problem where processes using the grep special character [ and ] causing errors. I have added code to strip those characters from process names before running any greps using them. I will test it for a couple days before releasing the new version to be sure it works as expected.

bgpwatch-1.2 is now available. A new feature, a banned process list, has been added. This adds the functionality to set certain processes to be killed if run by monitored users whether they are over their limit or not.

bgpwatch 1.1, the most thorough background process monitor for Linux, is now available for download.

Go get it, use it, and let me know what else you'd like to see added or any bugs you find.