runit

During the last ten years many initd alternatives have appeared. Some are very “SysV-like” like initng. Others are way more radical in their design both more modern and complex (systemd / upstart).

But what if you need a simple and lightweight alternative with supervision capability ?

Then runit is a very good choice, and you can use it to replace or complement initd.

Install runit

aptitude install runit

Add a service to supervise

The core of runit is the /etc/sv directory. This directory contains a subdirectory for each process that runit should manage. Let say we want to add a varnish service:

# vi /etc/sv/varnish/run
#!/bin/sh
exec 2>&1
. /etc/default/varnish 
rm -f /var/lib/varnish/$INSTANCE/*
exec varnishd -F $DAEMON_OPTS

Simple and neat. Note that the process shouldn’t be launch in background / daemonized mode. If necessary add the appropriate option. Then:

# chmod +x run
mkdir supervise
chmod 755 supervise

Now don’t forget to add a diversion to the official initscript and then enable the supervision:

ln -s  /etc/sv/varnish /etc/service/varnish

The sv command

sv status gu-monprojet
sv check gu-monprojet
sv up gu-monprojet
sv down gu-monprojet
sv restart gu-monprojet

As you can see commands are very straightforwards.

Note that sv can be use to send pretty much every unix signal (HUP, USR1, USR2, etc…).

Logging process output

Under runit process logging is dead simple: let your process send it data to STDOUT and svlogd will do the rest. This program collect your process’s data and save it into a system-standard location. It will take care of rotating log file if necessary by itself.

To add a log to a process create a log script:

# vi /etc/sv/varnish/log
#!/bin/sh
exec svlogd -tt /var/log/varnishd

Replace initd

To replace initd by runit, just follow the official documentation.

NSE scripts

The most powerful feature of nmap is its script engine. This allow you to use it in a semi-automatic mode, performing complex task, such as vulnerability detection, backdoor detection and even vulnerability exploitation.

You can find a list of NSE scripts here, and write your own in LUA.

Currently my two favorite are :