install flashpolicyd

Installation¶ I wrote this on RedHat Enterprise 5.1, you need to install Ruby that is included in the base repositories now and it has no external requirements not met by Ruby. On the download site is a RPM that will install the daemon, but I include below full manual install procedures that will help you get it going on other distros. These instructions apply to RedHat and includes a service that will activate the daemon at startup. Once Ruby installed grab the tarball and extract it: # tar -xvzf flashpolicyd-0.1.tgz # cd flashpolicyd-0.1 # mv flashpolicyd /usr/sbin # mv flashpolicyd.init /etc/init.d/ You need to create a XML file to serve up, by default this should be placed in /etc/flashpolicy.xml. Next you need to enable the service, this runs as root since it has to listen on port 843. # chkconfig --add flashpolicyd # chkconfig flashpolicyd on This assumes a lot of defaults, you can override these in /etc/sysconfig/flashpolicyd a sample file can be seen below: TIMEOUT=10 XML=/etc/flashpolicy.xml LOGFREQ=1800 LOGFILE=/var/log/flashpolicyd.log USER=nobodyRC Script Configuration TIMEOUT If a request does not complete in this many seconds the socket will disconnect XML The file to serve up to clients LOGFREQ This is a frequency in seconds that the server will log general stats to log file LOGFILE The logfile to write, the file will auto rotate based on size, you should not be rotating it with your systems logrotation tool USER The user to run as after opening the port If you are a Puppet user I've also included a module that will install this for you, locations etc are correct as for Red Hat Enterprise, see the puppet subdirectory. Usage¶ The server runs on port 843 as the root user, you can run it with --verbose manually and you'll get a lot of debug in your log file. I, [2008-09-13T08:05:48.443178 #2941] INFO -- : -604375936: Had 1246803 clients and 37262 bogus clients. Uptime 58 days 14 hours 30 min. 0 connection(s) in use now.A bogus client is any client that did not end in a successful request, this may be due to timeouts or simply not receiving a valid request from the client. The script includes a complete --help output but you need to install Ruby::RDoc - you can find this in the ruby-rdoc package from RedHat - to use the --help directly, you could just look at the top of the script the help is all there. The daemon responds to several signals that can be sent using the kill command: Signal Description USR1 Prints a single line stat message, during normal running this stat will be printed every 30 minutes by default, settable using --logfreq USR2 Dumps the current threads and their statusses HUP Toggles debug mode which will print more lines in the log file TERM Exit the process closing all the sockets Monitoring¶ The tarball includes a check script for this service. The script will work with Nagios and other compatible monitoring systems, to get it going is pretty simple: % ./check_flashpolicyd.rb --host your.server.com OK: Got XML response in 0.043149 seconds % ./check_flashpolicyd.rb --host your.server.com CRITICAL: 5 seconds TIMEOUT exceededYou can extend the timeout using the --timeout option to the check script. Making this work with your nagios installation is out of the scope of this doc. Known Issues¶