对于 D 代:
这是 secast-1.0.4.0-x86_64-ub12 版本中出现的新问题,而之前的版本 secast-1.0.1.0-x86_64-ub12 中并未出现该问题。
当 secast 作为服务运行(service secast start)或从命令行以守护进程模式启动(/usr/local/secast/secast)时,它会在几秒钟后无缘无故地退出。启动以前版本的 secast 时,它会按预期运行,直到用户操作明确关闭它。
在前台运行最新版本的 secast (/usr/local/secast/secast –f) 时,这个问题并不明显。
以下是 /var/log/secast 文件的内容(请注意“General, Received shutdown request via HUP”这一行),表明在守护进程模式下运行时出现问题:
2014-06-25T15:14:43, 00000100, S, General, SecAst starting as daemon under process ID 2059
2014-06-25T15:14:43, 00001700, D, Database, Database manager thread started
2014-06-25T15:14:43, 00000100, D, General, SecAst version 1.0.4.0; build date Monday; June 23; 2014 11:44:00 PM EDT; Ubuntu 12 LTS; Intel 64-bit
2014-06-25T15:14:43, 00000108, D, General, SecAst state changing to starting
2014-06-25T15:14:43, 00000810, D, Controller, firewall (iptables) not flushed on start
2014-06-25T15:14:43, 00000504, I, Asterisk, Existing Asterisk log file (/var/log/asterisk/messages) open for monitoring
2014-06-25T15:14:43, 00000600, D, EventQueue, Security event queue starting
2014-06-25T15:14:43, 00000300, I, Controller, Telnet server listening on 0.0.0.0:3000
2014-06-25T15:14:43, 00001600, I, Controller, Pipe server listening
2014-06-25T15:14:43, 00001010, I, License, License file not present. Defaulting to free edition
2014-06-25T15:14:43, 00001300, D, GeoIp, Found GeoIP database version 2.0.1394137568 updated Thursday; March 6; 2014 3:26:08 PM EDT
2014-06-25T15:14:43, 00001302, I, GeoIp, Opened GeoIP database
2014-06-25T15:14:44, 00001705, D, Database, Opened database [secast] on host [localhost]
2014-06-25T15:14:44, 00001705, I, Database, Database open for archiving
2014-06-25T15:14:44, 00000800, D, Alert, Sent email: SecAst Incomplete Start
2014-06-25T15:14:44, 00000106, I, General, SecAst state changing to standby
2014-06-25T15:14:45, 00000800, D, Alert, Sent email: Entering standby state
2014-06-25T15:14:45, 00000102, I, General, Received shutdown request via HUP signal
2014-06-25T15:14:45, 00000601, D, EventQueue, Security event queue stopping
2014-06-25T15:14:45, 00000604, D, EventQueue, Flushed 0 event(s) from queue
2014-06-25T15:14:45, 00001706, I, Database, Database closed
2014-06-25T15:14:45, 00001701, D, Database, Database Manager stopped
2014-06-25T15:14:45, 00000110, D, General, SecAst state changing to stopping
2014-06-25T15:14:45, 00001211, D, Asterisk, Flushed 0 message(s) from received message queue
2014-06-25T15:14:45, 00001210, D, Asterisk, Flushed 0 message(s) from sent message queue
2014-06-25T15:14:45, 00001500, D, Controller, Flushed 0 user(s) from user watch list
2014-06-25T15:14:45, 00001303, I, GeoIp, Closed GeoIP database
2014-06-25T15:14:45, 00001307, D, GeoIp, Flushed 0 location(s) from geoIP cache
2014-06-25T15:14:46, 00000800, D, Alert, Sent email: SecAst Stopping
2014-06-25T15:14:46, 00001602, I, Controller, Pipe server stopping
2014-06-25T15:14:46, 00000506, I, Asterisk, Asterisk log file closing
2014-06-25T15:14:46, 00000201, I, Controller, Telnet server stopping
2014-06-25T15:14:46, 00000808, D, Controller, firewall (iptables) not flushed on shutdown
2014-06-25T15:14:46, 00001400, D, Controller, Flushed 0 IP('s) from IP watch list
2014-06-25T15:14:46, 00000903, D, ThreatInfo, Flushed 0 IP('s) from internal blocked list
2014-06-25T15:14:46, 00000101, S, General, SecAst terminating with exit code 0 (Normal termination) after running for 3 second(s)
注意: /usr/local/secast/secast 在一次会话期间确实成功保持打开状态,但重新启动计算机后问题再次出现。
鉴于之前的构建在这方面似乎按预期工作,这是否需要代码修复?
答案1
SecAst 正在停止,因为它收到了来自 Linux 的 HUP 信号,请注意日志中的以下行:
2014-06-25T15:14:45, 00000102, I, General, Received shutdown request via HUP signal
应用必须收到 HUP 信号时关闭。那么问题是 SecAst 为何会收到 HUP 信号。
最有可能的是,SecAst 收到了来自 secast init.d 服务脚本的关机请求(它使用 HUP 信号告诉 SecAst 可执行文件正确关机)。您/某人/cron/等是否发出了“service secast stop”?检查您的系统日志 - 是否有来自 SecAst 的 init 脚本的条目?