Killing "sshd" does not trigger an alarm event

It was identified that the sshd service was being restarted automatically by systemd because the ssh.service file had the "Restart=on-failure" set, which prevented pmon to proper monitor it resulting in the alarm not being set. Comparing with CentOS, we confirmed that this line in the service file was commented out. However, checking the openssh-config for Debian, the line was also commented out, but the file, sshd.service is not the file used by openssh-server package in Debian, instead, it is the ssh.service. This commit replaces sshd.service file by ssh.service (based on the file from the Debian package openssh-server) and add the modification to comment out the "Restart=on-failure". Test Plan PASS: Build and install PASS: Unlock AIO-SX PASS: Verified that killing the sshd process 10 times would trigger the alarm Closes-bug: 1991400 Signed-off-by: Manasses Julio <manasses.dasilvajunior@windriver.com> Change-Id: I477d5261ccf44ccb29c7b3ab0dbc9bd816a753cc
2022-09-30 11:08:27 -03:00 · 2022-09-30 11:08:27 -03:00 · 9b43fdabc6
commit 9b43fdabc6
parent 2d8433ab90
4 changed files with 23 additions and 20 deletions
--- a/openssh-config/debian/deb_folder/openssh-config.install
+++ b/openssh-config/debian/deb_folder/openssh-config.install
@ -1,3 +1,3 @@
 ssh_config /usr/share/starlingx
 sshd_config /usr/share/starlingx
-sshd.service /usr/share/starlingx
+ssh.service /usr/share/starlingx
--- a/openssh-config/debian/deb_folder/postinst
+++ b/openssh-config/debian/deb_folder/postinst
@ -4,6 +4,6 @@ set -e

 cp -f /usr/share/starlingx/ssh_config /etc/ssh/ssh_config
 cp -f /usr/share/starlingx/sshd_config /etc/ssh/sshd_config
-cp -f /usr/share/starlingx/sshd.service /lib/systemd/system/sshd.service
+cp -f /usr/share/starlingx/ssh.service /lib/systemd/system/ssh.service

 #DEBHELPER#
--- a/openssh-config/source-debian/ssh.service
+++ b/openssh-config/source-debian/ssh.service
@ -0,0 +1,21 @@
+[Unit]
+Description=OpenBSD Secure Shell server
+After=network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/sbin/sshd -t
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/usr/sbin/sshd -t
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+#Restart=on-failure
+#RestartPreventExitStatus=255
+Type=notify
+RuntimeDirectory=sshd
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
+Alias=sshd.service
--- a/openssh-config/source-debian/sshd.service
+++ b/openssh-config/source-debian/sshd.service
@ -1,18 +0,0 @@
-[Unit]
-Description=OpenSSH server daemon
-Documentation=man:sshd(8) man:sshd_config(5)
-After=network.target sshd-keygen.service
-Wants=sshd-keygen.service
-
-[Service]
-EnvironmentFile=/etc/default/ssh
-ExecStart=/etc/init.d/sshd start
-ExecStop=/etc/init.d/sshd stop
-ExecReload=/bin/kill -HUP $MAINPID
-PIDFile=/var/run/sshd.pid
-KillMode=none
-#Restart=on-failure
-#RestartSec=42s
-
-[Install]
-WantedBy=multi-user.target