* Steffen Dettmer wrote on Sat, Apr 28, 2001 at 16:44 +0200:
The idea:
ssh $HOST $FIREWALL_START ssh $HOST $FIREWALL_WATCHERKILL
I implemented such a thing. It seems to be reliable and usable.
First tests looked good. To share the results here some note and
details (some parts [...] cut):
1. launching the watcher, in bash shell code:
function launch_watcher()
{
#make sure we are the onliest instance:
[...]
#launch watcher ($0 watcher)
{
export caller=$0;
export WATCH_ME=$$;
export TIMEOUT;
nohup setsid $0 watcher 2>&1 | $LOGGER &
last=$!
if [ "$PIPESTATUS" != "0" ] ; then
echo "error launching watcher process!";
echo "error launching watcher process!" | $LOGGER;
exit 1;
fi
} &
sleep 2;
#now we need to check if the watcher is still running (it
# exits immediatly on error
ps ax | egrep "\? .* $0" | egrep -v "(grep|$$)" > /dev/null
if [ "$?" != "0" ] ; then
echo "Watcher already DIED!"
echo "check syslog!"
test -r /var/log/messages && tail /var/log/messages
exit 1;
else
echo "Watcher session is running."
fi
}
2. The watcher itself:
function watcher()
{
function signal_handler()
{
echo "Watcher: Signal \"OK\" caught --> Exiting."
exit 0;
}
#called correctly?
[...]
trap "signal_handler" SIGUSR1
#give firewall some time to set up rules
[...]
#check if firewall is still running and kill in this case
if kill -0 $WATCH_ME 2>/dev/null ; then
echo "Watcher: $WATCH_ME alive...TIMED OUT. KILLING IT NOW."
kill -TERM $WATCH_ME 2>/dev/null
[...]
sleep 1
force_ssh_open_direct;
echo "Watcher: exiting."
exit 1
fi
echo "Watcher: waiting for OK..."
#give admin some time to call "firewall ok" which kill
# this process. After that time we open SSH
for (( n=0 ; n