"tripwire" is commonly used in the UNIX environment to monitor and report on potential security intrusions. The problem occurs if you try and run a script the calls "tripwire --check", due to the potential problem of the check process taking longer than 60 seconds to complete.
There are many ways this can be addressed, however, we wished to have PRTG control all aspects of monitoring tripwire, as well as letting the schedule of running the "tripwire --check".
To overcome the limitation, 2 scripts were developed;
script1 simply read the variable from the last "tripwire --check" and returns that information to PRTG. If a per-determined time period has expired (in the example, 6 hours), then a 2nd script is invoked, using the UNIX "nohup" function.
script2 runs under the unix "nohup", and will perform the actual "tripwire --check" and post it's results in the variable read by script1. A timestamp of the last execution of the check process is stored as part of the variable read by script1. This way, script1 knows when to kick off another check process.
The variable is stored in /tmp/tripwire.results. The 6 hours can be modifed in script1 to meet the customisation of your particular installation.
Add comment