我在/etc/incron.d/example
中进行了如下配置的CentOS 7.6上的incrond 0.5.12:
/var/tmp/dir IN_CREATE sh /root/incron_script.sh $@/$#
我的/root/incron_script.sh
仅包含以下内容:echo "$@" >> /tmp/incrond_log.log
这意味着,当我在var/tmp/dir
中创建文件时,文件完整路径会附加到/tmp/incrond_log.log
中。就是这样。
基本上,问题在于,如果将incrond配置为调用Shell脚本,则除非该Shell脚本以0以外的值退出,否则正在创建进程并且不会停止进程。
我正在查看的是systemctl status incrond
(或ps aux | grep ...
,同样的东西)的输出。
因此,例如,下面有2个创建的进程。
[root@server ~]# systemctl status incrond
● incrond.service - Inotify System Scheduler
Loaded: loaded (/usr/lib/systemd/system/incrond.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-12-11 13:39:55 +03; 11min ago
Process: 16746 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
Main PID: 16747 (incrond)
Tasks: 498
Memory: 5.9M
CGroup: /system.slice/incrond.service
├─13687 /usr/sbin/incrond
├─13747 /usr/sbin/incrond
我们创建5个文件,检查其名称是否附加到日志中(incrond正在运行),并检查产生了多少个进程。
mkdir -p /var/tmp/dir
rm -f /var/tmp/dir/*
echo -n > /tmp/incrond_log.log
systemctl restart incrond
for i in $(seq 1 5);
do
touch /var/tmp/dir/a$i.txt
sleep 0.5
tail -n1 /tmp/incrond_log.log
systemctl status incrond | grep /usr/sbin/incrond | wc -l
done
我希望incrond可以为在此目录中创建的每个文件派生一个进程,但是在此之后没有立即执行,因此会立即退出。
如果日志显示文件路径在日志文件中,则表示被入侵进程自完成工作以来就应该停止了。
默认情况下,systemctl status incrond
中有2个进程,因此该命令的预期结果是:
/var/tmp/dir/a1.txt
2
/var/tmp/dir/a2.txt
2
/var/tmp/dir/a3.txt
2
/var/tmp/dir/a4.txt
2
/var/tmp/dir/a5.txt
2
实际结果是:
/var/tmp/dir/a1.txt
3
/var/tmp/dir/a2.txt
4
/var/tmp/dir/a3.txt
5
/var/tmp/dir/a4.txt
6
/var/tmp/dir/a5.txt
7
问题表现为僵尸进程:
root 1540 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 1551 0.0 0.0 12784 672 ? S 19:49 0:00 /usr/sbin/incrond
root 1553 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 1566 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 1576 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2339 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2348 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2351 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 2355 0.0 0.0 12784 224 ? S 19:49 0:00 /usr/sbin/incrond
root 5471 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 5480 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 5483 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 5561 0.0 0.0 0 0 ? Z 19:17 0:00 [incrond] <defunct>
root 8012 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
root 8023 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
root 8025 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
root 8148 0.0 0.0 0 0 ? Z 19:12 0:00 [incrond] <defunct>
据我所知。我不知道该如何进一步研究。
如果我exit 1
不是正常退出,则进程正确退出。所以我的/root/incron_script
变成了:echo "$@" >> /tmp/incrond_log.log && exit 1
。
我的状态现在看起来像:
[root@server ~]# systemctl status incrond
● incrond.service - Inotify System Scheduler
Loaded: loaded (/usr/lib/systemd/system/incrond.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-12-11 14:09:04 +03; 16s ago
Process: 7882 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
Main PID: 7888 (incrond)
Tasks: 6
Memory: 220.0K
CGroup: /system.slice/incrond.service
└─7888 /usr/sbin/incrond
Dec 11 14:09:09 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a1.txt) EVENT (IN_CREATE)
Dec 11 14:09:09 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a1.txt )
Dec 11 14:09:10 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a2.txt) EVENT (IN_CREATE)
Dec 11 14:09:10 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a2.txt )
Dec 11 14:09:10 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a3.txt) EVENT (IN_CREATE)
Dec 11 14:09:10 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a3.txt )
Dec 11 14:09:11 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a4.txt) EVENT (IN_CREATE)
Dec 11 14:09:11 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a4.txt )
Dec 11 14:09:11 server.example.com incrond[7888]: PATH (/var/tmp/dir) FILE (a5.txt) EVENT (IN_CREATE)
Dec 11 14:09:11 server.example.com incrond[7888]: (system::example) CMD (sh /root/incron_script.sh /var/tmp/dir/a5.txt )
那么这是预期的行为吗?为什么退出0会使进程保持活动状态,而退出1却没有?这在哪里记录?关于如何进一步调试它的任何建议?