Ensure a process is not running
This is a standalone policy that will kill the sleep
process. You can adapt
it to make sure that any undesired process is not running.
body common control
{
bundlesequence => { "process_kill" };
}
bundle agent process_kill
{
processes:
"sleep"
signals => { "term", "kill" }; #Signals are presented as an ordered list to the process.
#On Windows, only the kill signal is supported, which terminates the process.
}
This policy can be found in /var/cfengine/share/doc/examples/unit_process_kill.cf
.
Example run:
# /bin/sleep 1000 &
[1] 5370
# cf-agent -f unit_process_kill.cf
[1]+ Terminated /bin/sleep 1000
#
Now let's do it again with inform mode turned on, and CFEngine will show the process table entry that matched the pattern we specified ("sleep"):
# /bin/sleep 1000 &
[1] 5377
# cf-agent -f unit_process_kill.cf -IK
2013-06-08T16:30:06-0700 info: This agent is bootstrapped to '192.168.183.208'
2013-06-08T16:30:06-0700 info: Running full policy integrity checks
2013-06-08T16:30:06-0700 info: /process_kill/processes/'sleep': Signalled 'term' (15) to process 5377 (root 5377 3854 5377 0.0 0.0 11352 0 612 1 16:30 00:00:00 /bin/sleep 1000)
[1]+ Terminated /bin/sleep 1000
#
If we add the -v switch to turn on verbose mode, we see the /bin/ps command CFEngine used to dump the process table:
# cf-agent -f unit_process_kill.cf -Kv
...
2013-06-08T16:38:20-0700 verbose: Observe process table with /bin/ps -eo user,pid,ppid,pgid,pcpu,pmem,vsz,ni,rss,nlwp,stime,time,args
2013-06-08T16:38:20-0700 verbose: Matched 'root 5474 3854 5474 0.0 0.0 11352 0 612 1 16:38 00:00:00 /bin/sleep 1000'
...