From 9b43fdabc633b0e22637991536e3be7f662de644 Mon Sep 17 00:00:00 2001 From: Manasses Julio Date: Fri, 30 Sep 2022 11:08:27 -0300 Subject: [PATCH] Killing "sshd" does not trigger an alarm event It was identified that the sshd service was being restarted automatically by systemd because the ssh.service file had the "Restart=on-failure" set, which prevented pmon to proper monitor it resulting in the alarm not being set. Comparing with CentOS, we confirmed that this line in the service file was commented out. However, checking the openssh-config for Debian, the line was also commented out, but the file, sshd.service is not the file used by openssh-server package in Debian, instead, it is the ssh.service. This commit replaces sshd.service file by ssh.service (based on the file from the Debian package openssh-server) and add the modification to comment out the "Restart=on-failure". Test Plan PASS: Build and install PASS: Unlock AIO-SX PASS: Verified that killing the sshd process 10 times would trigger the alarm Closes-bug: 1991400 Signed-off-by: Manasses Julio Change-Id: I477d5261ccf44ccb29c7b3ab0dbc9bd816a753cc --- .../debian/deb_folder/openssh-config.install | 2 +- openssh-config/debian/deb_folder/postinst | 2 +- openssh-config/source-debian/ssh.service | 21 +++++++++++++++++++ openssh-config/source-debian/sshd.service | 18 ---------------- 4 files changed, 23 insertions(+), 20 deletions(-) create mode 100644 openssh-config/source-debian/ssh.service delete mode 100644 openssh-config/source-debian/sshd.service diff --git a/openssh-config/debian/deb_folder/openssh-config.install b/openssh-config/debian/deb_folder/openssh-config.install index 9eb0972..6513bbf 100644 --- a/openssh-config/debian/deb_folder/openssh-config.install +++ b/openssh-config/debian/deb_folder/openssh-config.install @@ -1,3 +1,3 @@ ssh_config /usr/share/starlingx sshd_config /usr/share/starlingx -sshd.service /usr/share/starlingx +ssh.service /usr/share/starlingx diff --git a/openssh-config/debian/deb_folder/postinst b/openssh-config/debian/deb_folder/postinst index 580a99a..eb248ce 100644 --- a/openssh-config/debian/deb_folder/postinst +++ b/openssh-config/debian/deb_folder/postinst @@ -4,6 +4,6 @@ set -e cp -f /usr/share/starlingx/ssh_config /etc/ssh/ssh_config cp -f /usr/share/starlingx/sshd_config /etc/ssh/sshd_config -cp -f /usr/share/starlingx/sshd.service /lib/systemd/system/sshd.service +cp -f /usr/share/starlingx/ssh.service /lib/systemd/system/ssh.service #DEBHELPER# diff --git a/openssh-config/source-debian/ssh.service b/openssh-config/source-debian/ssh.service new file mode 100644 index 0000000..0174c81 --- /dev/null +++ b/openssh-config/source-debian/ssh.service @@ -0,0 +1,21 @@ +[Unit] +Description=OpenBSD Secure Shell server +After=network.target auditd.service +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStartPre=/usr/sbin/sshd -t +ExecStart=/usr/sbin/sshd -D $SSHD_OPTS +ExecReload=/usr/sbin/sshd -t +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +#Restart=on-failure +#RestartPreventExitStatus=255 +Type=notify +RuntimeDirectory=sshd +RuntimeDirectoryMode=0755 + +[Install] +WantedBy=multi-user.target +Alias=sshd.service diff --git a/openssh-config/source-debian/sshd.service b/openssh-config/source-debian/sshd.service deleted file mode 100644 index 3314c94..0000000 --- a/openssh-config/source-debian/sshd.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=OpenSSH server daemon -Documentation=man:sshd(8) man:sshd_config(5) -After=network.target sshd-keygen.service -Wants=sshd-keygen.service - -[Service] -EnvironmentFile=/etc/default/ssh -ExecStart=/etc/init.d/sshd start -ExecStop=/etc/init.d/sshd stop -ExecReload=/bin/kill -HUP $MAINPID -PIDFile=/var/run/sshd.pid -KillMode=none -#Restart=on-failure -#RestartSec=42s - -[Install] -WantedBy=multi-user.target