[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tiger-devel] [RFC] Moving some check_root checks into OS specific c

From: Ryan Bradetich
Subject: Re: [Tiger-devel] [RFC] Moving some check_root checks into OS specific checks.
Date: 26 Jun 2003 09:17:22 -0600

> That's also a nice check, but maybe should be in an check_ssh module. So 
> that it will only run if the SSH_CONFIG is available (and define that 
> per OS)

This sounds excellent.  It also takes care of the problem of locating
the correct sshd_config.  I will produce a patch for this today.

> Yes, one of the things I wanted to implement in the main engine is to be 
> able to override common checks with local (OS-specific) checks. That's 
> in the TODO:
> "- Modify Tiger so it can use a system's scripts if it exists and 
> substitute the one under scripts/ by introducing a run_script funcion 
> (check  if the script is under scripts and under systems/$OS/... and run 
> it)"

very cool!

> It's understandable that some checks might be fine-tuned for some OS but 
> not for others so Tiger could first check, if it is configured to run a 
> check, if the check_XXX is available for a specific OS and, if not, to 
> run the generic check.
> This avoids duplicating too much of the code and provides a failback 
> mechanism for those OS you do not much about. Take the 
> 'check_listeningprocs' for example (that's when I first started thinking 
> about it). There is a generic check (that uses LSOF), a SunOS 5.8 
> specific check (which uses PFILES) and a Linux check (which can use 
> either LSOF or NETSTAT). Currently Tiger will always run the generic 
> check, there's no way to tell it "if I'm running an OS which has 
> implemented a more refined check please use it".
> In this case, LSOF might not be available in the system you are running 
> but probably PFILES (in SunOS) or NETSTAT (in Linux and Solaris also, 
> but it does not give all the information it needs) might be. Currently 
> the call to any check is just to run it directly, I was thinking on 
> adding a wrapper function that would do something akin to what the 
> config (line 150 to 183) script does, look for in all the 
> $OS/$REL/$REV/$ARCH directories and take the most specific file.

This sounds like what I need :)  Let me chew on it for a bit and see
what I can do.  Do you have any preferences of where the override files
should exist?  Same directory as $OS/$REL/$REV/$ARCH?  This makes sense,
but that is also where the check_system check* scripts live as well. 
Maybe this is a non-issue, but could be potentially confusing.


- Ryan

> Best regards
> Javi
Ryan Bradetich <address@hidden>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]