Solved

script re-write for Perl script to be used in Linux environment

Posted on 2008-06-19
16
252 Views
Last Modified: 2012-05-05
Does anyone know what would need to be changed to the below script to have it worked in a Linux environment?
### WAYNE'S PERL SCRIPT TO MONITOR AND KILL ROGUE MySQL PROCESSES

use DBI;

use Time::HiRes qw(gettimeofday);

$TimeToKill = 60;

$MySQL_Check_Interval = 10; 

if (!$dbh) {$dbh = &connectToForumsDB()};

$LongReadLen = 1024;

$dbh->{LongReadLen} = $LongReadLen;

$dbh->{LongTruncOk} =  1;

$sql_statement = 'SHOW FULL PROCESSLIST';

$counter = 0;

$kill_counter = 0;

 while (1 != 0)

  {

  $dbh = &connectToForumsDB();

  if ($dbh)

   {

   $LongReadLen = 1024;

   $dbh->{LongReadLen} = $LongReadLen;

   $dbh->{LongTruncOk} =  1;  

   $dataObject = $dbh->prepare($sql_statement);

   $dataObject->execute();

   @dbRows = $dataObject->fetchall_arrayref();

   $rows = 0;

   foreach $rowReference (@dbRows)  ### Set a flag to make sure that we matched rows with our SQL command

    {

    foreach $columnReference (@$rowReference)

     {

     $Id[$rows]     = @$columnReference[0];

     $User[$rows]    = @$columnReference[1]; 

     $Host[$rows]    = @$columnReference[2]; 

     $db[$rows]     = @$columnReference[3]; 

     $Command[$rows]    = @$columnReference[4]; 

     $Time[$rows]    = @$columnReference[5]; 

     $State[$rows]    = @$columnReference[6]; 

     $Info[$rows]    = @$columnReference[7];

     $rows++;

     }

    }

   $time_of_longest_running_thread = 0;

   $current_thread_to_kill = "";

 

   for ($i=0;$i<$rows;$i++)

    {

    if (int($Time[$i] > $TimeToKill) and $Info[$i] =~ /SELECT/i and $Time[$i] > $time_of_longest_running_thread)

     {

     $current_thread_to_kill = $i;

     $time_of_longest_running_thread = $Time[$i];

     }

    }

 

   if ($current_thread_to_kill ne "")

    {

    $Info[$current_thread_to_kill] =~ s/\t| / /gi;

    print "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime(time);

    $year= substr($year,1,2);

    $month = $mon+1;

    $Kill_Log_File = "L:/Auto-Kill Log File-$month-$mday-$year.txt";

    open (LOGFILE,">>$Kill_Log_File");

    print LOGFILE "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    close (LOGFILE);

    $kill_sql_statement = "KILL $Id[$current_thread_to_kill];";

    $dataObject = $dbh->prepare($kill_sql_statement);

    $dataObject->execute();

    @dbRows = ();

    $kill_counter++;

    }

   #$dbh->disconnect();

   print "Rogue SQL Process Counters: $kill_counter/$counter\n";

   $counter++; 

   sleep($MySQL_Check_Interval);

   }

  }

print "Done with loop\n";

 

 

sub connectToForumsDB

 {

 $dbName  = "MyDBName";

 $dbUserName = "MyUsername";

 $dbPassword = "MyPassword";

 $dbDriver = "ODBC";

 

 return (DBI->connect("dbi:ODBC:$dbName", $dbUserName, $dbPassword));

 }

Open in new window

0
Comment
Question by:PeterErhard
16 Comments
 
LVL 84

Expert Comment

by:ozo
ID: 21820202
is DBD::ODBC installed?
0
 

Author Comment

by:PeterErhard
ID: 21820288
No it isn't, thanks for responding.
0
 
LVL 1

Expert Comment

by:NeilForsyth
ID: 21820573
1. The Kill Log File needs to be changed to a unix path (i.e. begins with / instead of a drive letter)

2. ODBC is a Microsoft standard. Judging by the variable names in the script, you are using MySQL, so you don't need ODBC anyway. Try using DBI::mysql. It shouldn't require many changes, check the examples at:
http://search.cpan.org/~capttofu/DBD-mysql-4.007/lib/DBD/mysql.pm

You will also want to put a "shebang" line at the top, such as:

#!/usr/bin/perl

then make the file executable:

chmod +x filename.pl

Also consider making the script a CRON job to run it regularly, or perhaps make it a 'service', so if the script dies, it is automatically re-started. (Making it a service depends on your specific distro, and is much more involved)
$Kill_Log_File = "L:/Auto-Kill Log File-$month-$mday-$year.txt";
 

...
 

$dbDriver = "ODBC";

return (DBI->connect("dbi:ODBC:$dbName", $dbUserName, $dbPassword));

Open in new window

0
 
LVL 39

Expert Comment

by:Adam314
ID: 21822520
For the log file, filenames with spaces are not common (and many don't like them).  You might want to consider using underscores instead of spaces.  And you will likely not want to put the log at the root - /var/log is a common place for logs.
0
 

Author Comment

by:PeterErhard
ID: 21835493
Thanks for the comments guys, but I'm still a bit confused.

What parts of the script do I need to change exactly?
0
 

Author Comment

by:PeterErhard
ID: 21844781
Anyone?
0
 
LVL 39

Expert Comment

by:Adam314
ID: 21846312

$Kill_Log_File = "/var/log/Auto-Kill_Log_File-$month-$mday-$year.txt";

Open in new window

0
 

Author Comment

by:PeterErhard
ID: 21853600
Thanks for getting back to me Adam, what about this part though.

Would you mind re-posting the whole script with the changes needed?
sub connectToForumsDB

 {

 $dbName  = "MyDBName";

 $dbUserName = "MyUsername";

 $dbPassword = "MyPassword";

 $dbDriver = "ODBC";

 

 return (DBI->connect("dbi:ODBC:$dbName", $dbUserName, $dbPassword));

 }

Open in new window

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 39

Expert Comment

by:Adam314
ID: 21855135
You can still use ODBC.  ODBC is similar to DBI that microsoft created - so it's an extra layer.  It might be more efficient to use a mysql driver instead:

return (DBI->connect("dbi:mysql:database=$dbName;host=$host", $dbUserName, $dbPassword));

Open in new window

0
 

Author Comment

by:PeterErhard
ID: 21864543
So the below should work fine under Linux?
### WAYNE'S PERL SCRIPT TO MONITOR AND KILL ROGUE MySQL PROCESSES

use DBI;

use Time::HiRes qw(gettimeofday);

$TimeToKill = 60;

$MySQL_Check_Interval = 10; 

if (!$dbh) {$dbh = &connectToForumsDB()};

$LongReadLen = 1024;

$dbh->{LongReadLen} = $LongReadLen;

$dbh->{LongTruncOk} =  1;

$sql_statement = 'SHOW FULL PROCESSLIST';

$counter = 0;

$kill_counter = 0;

 while (1 != 0)

  {

  $dbh = &connectToForumsDB();

  if ($dbh)

   {

   $LongReadLen = 1024;

   $dbh->{LongReadLen} = $LongReadLen;

   $dbh->{LongTruncOk} =  1;  

   $dataObject = $dbh->prepare($sql_statement);

   $dataObject->execute();

   @dbRows = $dataObject->fetchall_arrayref();

   $rows = 0;

   foreach $rowReference (@dbRows)  ### Set a flag to make sure that we matched rows with our SQL command

    {

    foreach $columnReference (@$rowReference)

     {

     $Id[$rows]     = @$columnReference[0];

     $User[$rows]    = @$columnReference[1]; 

     $Host[$rows]    = @$columnReference[2]; 

     $db[$rows]     = @$columnReference[3]; 

     $Command[$rows]    = @$columnReference[4]; 

     $Time[$rows]    = @$columnReference[5]; 

     $State[$rows]    = @$columnReference[6]; 

     $Info[$rows]    = @$columnReference[7];

     $rows++;

     }

    }

   $time_of_longest_running_thread = 0;

   $current_thread_to_kill = "";

 

   for ($i=0;$i<$rows;$i++)

    {

    if (int($Time[$i] > $TimeToKill) and $Info[$i] =~ /SELECT/i and $Time[$i] > $time_of_longest_running_thread)

     {

     $current_thread_to_kill = $i;

     $time_of_longest_running_thread = $Time[$i];

     }

    }

 

   if ($current_thread_to_kill ne "")

    {

    $Info[$current_thread_to_kill] =~ s/\t| / /gi;

    print "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime(time);

    $year= substr($year,1,2);

    $month = $mon+1;

    $Kill_Log_File = "L:/Auto-Kill Log File-$month-$mday-$year.txt";

    open (LOGFILE,">>$Kill_Log_File");

    print LOGFILE "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    close (LOGFILE);

    $kill_sql_statement = "KILL $Id[$current_thread_to_kill];";

    $dataObject = $dbh->prepare($kill_sql_statement);

    $dataObject->execute();

    @dbRows = ();

    $kill_counter++;

    }

   #$dbh->disconnect();

   print "Rogue SQL Process Counters: $kill_counter/$counter\n";

   $counter++; 

   sleep($MySQL_Check_Interval);

   }

  }

print "Done with loop\n";

 

 

sub connectToForumsDB

 {

 $dbName  = "MyDBName";

 $dbUserName = "MyUsername";

 $dbPassword = "MyPassword";

 $dbDriver = "ODBC";

 

 return (DBI->connect("dbi:mysql:database=$dbName;host=$host", $dbUserName, $dbPassword));

 }

Open in new window

0
 
LVL 39

Expert Comment

by:Adam314
ID: 21866472
This:
    $Kill_Log_File = "L:/Auto-Kill Log File-$month-$mday-$year.txt";
Should be:
    $Kill_Log_File = "/var/log/Auto-Kill_Log_File-$month-$mday-$year.txt";

The $host isn't defined in the connectToForumsDB subroutine.  It should be the hostname of the server running MySQL.  And the $dbDriver isn't needed.

0
 

Author Comment

by:PeterErhard
ID: 21873158
Thanks for that, have posted below.

What you say the $dbDriver isn't required, what are you referring to?
### WAYNE'S PERL SCRIPT TO MONITOR AND KILL ROGUE MySQL PROCESSES

use DBI;

use Time::HiRes qw(gettimeofday);

$TimeToKill = 60;

$MySQL_Check_Interval = 10; 

if (!$dbh) {$dbh = &connectToForumsDB()};

$LongReadLen = 1024;

$dbh->{LongReadLen} = $LongReadLen;

$dbh->{LongTruncOk} =  1;

$sql_statement = 'SHOW FULL PROCESSLIST';

$counter = 0;

$kill_counter = 0;

 while (1 != 0)

  {

  $dbh = &connectToForumsDB();

  if ($dbh)

   {

   $LongReadLen = 1024;

   $dbh->{LongReadLen} = $LongReadLen;

   $dbh->{LongTruncOk} =  1;  

   $dataObject = $dbh->prepare($sql_statement);

   $dataObject->execute();

   @dbRows = $dataObject->fetchall_arrayref();

   $rows = 0;

   foreach $rowReference (@dbRows)  ### Set a flag to make sure that we matched rows with our SQL command

    {

    foreach $columnReference (@$rowReference)

     {

     $Id[$rows]     = @$columnReference[0];

     $User[$rows]    = @$columnReference[1]; 

     $Host[$rows]    = @$columnReference[2]; 

     $db[$rows]     = @$columnReference[3]; 

     $Command[$rows]    = @$columnReference[4]; 

     $Time[$rows]    = @$columnReference[5]; 

     $State[$rows]    = @$columnReference[6]; 

     $Info[$rows]    = @$columnReference[7];

     $rows++;

     }

    }

   $time_of_longest_running_thread = 0;

   $current_thread_to_kill = "";

 

   for ($i=0;$i<$rows;$i++)

    {

    if (int($Time[$i] > $TimeToKill) and $Info[$i] =~ /SELECT/i and $Time[$i] > $time_of_longest_running_thread)

     {

     $current_thread_to_kill = $i;

     $time_of_longest_running_thread = $Time[$i];

     }

    }

 

   if ($current_thread_to_kill ne "")

    {

    $Info[$current_thread_to_kill] =~ s/\t| / /gi;

    print "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime(time);

    $year= substr($year,1,2);

    $month = $mon+1;

    $Kill_Log_File = "/var/log/Auto-Kill_Log_File-$month-$mday-$year.txt";

    open (LOGFILE,">>$Kill_Log_File");

    print LOGFILE "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    close (LOGFILE);

    $kill_sql_statement = "KILL $Id[$current_thread_to_kill];";

    $dataObject = $dbh->prepare($kill_sql_statement);

    $dataObject->execute();

    @dbRows = ();

    $kill_counter++;

    }

   #$dbh->disconnect();

   print "Rogue SQL Process Counters: $kill_counter/$counter\n";

   $counter++; 

   sleep($MySQL_Check_Interval);

   }

  }

print "Done with loop\n";

 

 

sub connectToForumsDB

 {

 $dbName  = "MyDBName";

 $dbUserName = "MyUsername";

 $dbPassword = "MyPassword";

 $dbDriver = "ODBC";

 

 return (DBI->connect("dbi:mysql:database=$dbName;host=$host", $dbUserName, $dbPassword));

 }

Open in new window

0
 
LVL 39

Expert Comment

by:Adam314
ID: 21873980
In your connectToForumsDB, you set $dbDriver to "ODBC".  This variable isn't used.  Also, you use $host, which you don't define.
sub connectToForumsDB

{

    $dbName  = "MyDBName";

    $dbUserName = "MyUsername";

    $dbPassword = "MyPassword";

    $host = "Your_mysql_server";

    

    return (DBI->connect("dbi:mysql:database=$dbName;host=$host", $dbUserName, $dbPassword));

}

Open in new window

0
 

Author Comment

by:PeterErhard
ID: 21874034
Thanks Adam, so this should be the final result?
### WAYNE'S PERL SCRIPT TO MONITOR AND KILL ROGUE MySQL PROCESSES

use DBI;

use Time::HiRes qw(gettimeofday);

$TimeToKill = 60;

$MySQL_Check_Interval = 10; 

if (!$dbh) {$dbh = &connectToForumsDB()};

$LongReadLen = 1024;

$dbh->{LongReadLen} = $LongReadLen;

$dbh->{LongTruncOk} =  1;

$sql_statement = 'SHOW FULL PROCESSLIST';

$counter = 0;

$kill_counter = 0;

 while (1 != 0)

  {

  $dbh = &connectToForumsDB();

  if ($dbh)

   {

   $LongReadLen = 1024;

   $dbh->{LongReadLen} = $LongReadLen;

   $dbh->{LongTruncOk} =  1;  

   $dataObject = $dbh->prepare($sql_statement);

   $dataObject->execute();

   @dbRows = $dataObject->fetchall_arrayref();

   $rows = 0;

   foreach $rowReference (@dbRows)  ### Set a flag to make sure that we matched rows with our SQL command

    {

    foreach $columnReference (@$rowReference)

     {

     $Id[$rows]     = @$columnReference[0];

     $User[$rows]    = @$columnReference[1]; 

     $Host[$rows]    = @$columnReference[2]; 

     $db[$rows]     = @$columnReference[3]; 

     $Command[$rows]    = @$columnReference[4]; 

     $Time[$rows]    = @$columnReference[5]; 

     $State[$rows]    = @$columnReference[6]; 

     $Info[$rows]    = @$columnReference[7];

     $rows++;

     }

    }

   $time_of_longest_running_thread = 0;

   $current_thread_to_kill = "";

 

   for ($i=0;$i<$rows;$i++)

    {

    if (int($Time[$i] > $TimeToKill) and $Info[$i] =~ /SELECT/i and $Time[$i] > $time_of_longest_running_thread)

     {

     $current_thread_to_kill = $i;

     $time_of_longest_running_thread = $Time[$i];

     }

    }

 

   if ($current_thread_to_kill ne "")

    {

    $Info[$current_thread_to_kill] =~ s/\t| / /gi;

    print "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    ($sec,$min,$hour,$mday,$mon,$year,$wday) = localtime(time);

    $year= substr($year,1,2);

    $month = $mon+1;

    $Kill_Log_File = "/var/log/Auto-Kill_Log_File-$month-$mday-$year.txt";

    open (LOGFILE,">>$Kill_Log_File");

    print LOGFILE "Alert: Kill $Id[$current_thread_to_kill], Time: $Time[$current_thread_to_kill], Statement: \n$Info[$current_thread_to_kill]\n\n";

    close (LOGFILE);

    $kill_sql_statement = "KILL $Id[$current_thread_to_kill];";

    $dataObject = $dbh->prepare($kill_sql_statement);

    $dataObject->execute();

    @dbRows = ();

    $kill_counter++;

    }

   #$dbh->disconnect();

   print "Rogue SQL Process Counters: $kill_counter/$counter\n";

   $counter++; 

   sleep($MySQL_Check_Interval);

   }

  }

print "Done with loop\n";

 

sub connectToForumsDB

{

    $dbName  = "MyDBName";

    $dbUserName = "MyUsername";

    $dbPassword = "MyPassword";

    $host = "Your_mysql_server";

    

    return (DBI->connect("dbi:mysql:database=$dbName;host=$host", $dbUserName, $dbPassword));

}

Open in new window

0
 
LVL 39

Accepted Solution

by:
Adam314 earned 500 total points
ID: 21874233
Looks good.  You will have to replace the "Your_mysql_server" with the name/ip of your server....
0
 

Author Comment

by:PeterErhard
ID: 21874417
Thanks Adam
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now