查找触发重启的程序或进程

tag-icon tag-icon process raspberry-pi raspbian reboot
查找触发重启的程序或进程

每天晚上凌晨 3:00 整点,我的 Raspberry 都会重新启动,但我所做的或正在运行的任何操作都不会触发此问题。我想确定“有问题的”进程并禁用重新启动。

这是当前版本:

pi@raspberrypi:~ $ lsb_release -a
No LSB modules are available.
Distributor ID: Raspbian
Description:    Raspbian GNU/Linux 10 (buster)
Release:    10
Codename:   buster

我检查了crontab -e;没有什么会触发这个。关于如何确定可能触发预定重启的其他建议?

谢谢。

更新

命令输出last

pi@raspberrypi:~/splitflap $ last
pi       pts/2        192.168.0.8      Wed May  6 17:42   still logged in
pi       pts/2        192.168.0.8      Wed May  6 09:34 - 17:34  (08:00)
pi       pts/1        192.168.0.8      Wed May  6 09:34   still logged in
pi       pts/0        192.168.0.8      Wed May  6 09:34   still logged in
reboot   system boot  4.19.97-v7+      Wed Dec 31 16:00   still running

更新

systemctl list-timers --all命令输出

pi@raspberrypi:~/splitflap/pickle $ systemctl list-timers --all
NEXT                         LEFT          LAST                         PASSED       UNIT                                             ACTIVATES
Thu 2020-05-07 08:39:00 PDT  5min left     Thu 2020-05-07 08:09:10 PDT  24min ago    phpsessionclean.timer                            phpsessionclean.service
Thu 2020-05-07 08:46:11 PDT  12min left    Thu 2020-05-07 08:31:11 PDT  2min 21s ago prometheus-node-exporter-apt.timer               prometheus-node-exporter-apt.service
Thu 2020-05-07 08:46:11 PDT  12min left    Thu 2020-05-07 08:31:11 PDT  2min 21s ago prometheus-node-exporter-smartmon.timer          prometheus-node-exporter-smartmon.service
Thu 2020-05-07 13:51:22 PDT  5h 17min left Wed 2020-05-06 19:22:06 PDT  13h ago      apt-daily.timer                                  apt-daily.service
Fri 2020-05-08 00:00:00 PDT  15h left      Thu 2020-05-07 00:00:12 PDT  8h ago       logrotate.timer                                  logrotate.service
Fri 2020-05-08 00:00:00 PDT  15h left      Thu 2020-05-07 00:00:12 PDT  8h ago       man-db.timer                                     man-db.service
Fri 2020-05-08 03:15:12 PDT  18h left      Thu 2020-05-07 03:15:12 PDT  5h 18min ago systemd-tmpfiles-clean.timer                     systemd-tmpfiles-clean.service
Fri 2020-05-08 06:24:39 PDT  21h left      Thu 2020-05-07 06:04:53 PDT  2h 28min ago apt-daily-upgrade.timer                          apt-daily-upgrade.service
n/a                          n/a           n/a                          n/a          prometheus-node-exporter-ipmitool-sensor.timer   prometheus-node-exporter-ipmitool-sensor.service
n/a                          n/a           n/a                          n/a          prometheus-node-exporter-mellanox-hca-temp.timer prometheus-node-exporter-mellanox-hca-temp.service

我在凌晨 3 点之前没有看到任何内容 - 有一个systemd-tmpfiles-clean.service在凌晨 3:15 运行的程序,但恰恰在凌晨 3:00 时,系统重新启动。

不过,我是 systemd 的新手,所以也许还有其他计时器没有透露?我尝试过sudo systemctl list-timers --all,但得到了相同的列表。

我还在 cron.daily 中发现了以下内容;检查完每个脚本后,没有任何内容会触发重新启动(尽管如果我正确解释 /etc/crontab,每日脚本无论如何都会在第 6 分钟运行(但不清楚是几点),而不是在整点运行。

pi@raspberrypi:~ $ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

pi@raspberrypi:~ $ ls /etc/cron.daily/
apt-compat  bsdmainutils  dpkg  exim4-base  lighttpd  logrotate  man-db  ntp  passwd

使用记录器更新

好消息是对命令的修改记录了请求 - 请参阅最后两行:

pi@raspberrypi:~/splitflap $ cat /var/log/user.log 
 <4 other lines removed>
May  8 03:00:01 raspberrypi reboot: Reboot requested but ignored: reboot 
May  8 03:00:01 raspberrypi reboot: Parent: root     15328 15318  0 03:00 ?        00:00:00 /bin/sh -c /sbin/reboot

Def 感觉更接近,但我承认我缺乏关于如何进一步识别违规程序或服务的知识 - 当我执行ps -ef.

答案1

如果替换/sbin/reboot为通知和日志记录脚本,可能有助于确定导致重新启动的原因。以下是设置此类脚本的一个示例:

mv /sbin/reboot /sbin/reboot.REAL

cat >>/sbin/reboot <'x'
#!/bin/bash
#
logger -t reboot "Reboot requested but ignored: reboot $*"

# Identify the calling process
ps=$(ps -ef | awk -v ppid=$PPID '$2 == ppid')
logger -t reboot "Parent: $ps"

# Abort
exit 1
x

chmod a+x /sbin/reboot

当您调用此伪造时,您将在每次调用reboot中获得两个条目。/var/log/user.log例如,

May  7 16:06:20 pi reboot: Reboot requested but ignored
May  7 16:06:20 pi reboot: Parent: roaima   20862 20857  0 16:01 pts/0    00:00:00 -bash

可能需要对 运用类似风格的截距systemctl ... reboot。这有点困难,因为不破坏其他功能很重要。像这样开始的脚本可能适合安装为/bin/systemctl

#!/bin/bash
#
if [[ "$*" != *reboot* ]]
then
    logger -t reboot "Not a reboot: systemctl $*"
    exec /bin/systemctl.REAL "$@"
fi

logger -t reboot "Reboot requested but ignored: systemctl $*"
...

答案2

罪魁祸首是reboot由根源引发的crontab;虽然我检查过没有重新启动crontab -e,但sudo crontab -e显示了预定的reboot

感谢所有引导我走向正确方向的帮助和评论!

相关内容