#!/usr/bin/perl -w

# Purpose: diskmond checks every 60 seconds to make sure that the disk
# utilization for the partition that holds the psad "fwdata" file is not 
# beyond a threshold that the administrator defines.
#
# Copyright (C) 1999-2001 Michael B. Rash (mbr@cipherdyne.com)
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 
#    USA

use Psad;
use POSIX "setsid";
use strict;

#==================== config ======================= ## do not remove this line (used by install.pl to preserve configs) ##
my $MAX_PERCENTAGE = 95;        # The max disk usage for /var/log/psad
                             # Note: this value must be greater than the
                             # current disk usage percentage... do 'df -k'
                             # to check.
my $CHECK_INTERVAL = 60;        # Default is 60 seconds.
my $PSAD_LOGFILE = "/var/log/psad/scanlog";
my $PSAD_FW_DATA = "/var/log/psad/fwdata";

### system binaries ###
my $dfCmd = "/bin/df";
my $catCmd = "/bin/cat";
my $tailCmd = "/usr/bin/tail";
my $psad_dir = "/var/log/psad";
#================== end config ===================== ## do not remove this line (used by install.pl to preserve configs) ##
#===================== main =======================

my %Cmds = (
	"df"		=> $dfCmd,
        "tail"          => $tailCmd,
	"cat"		=> $catCmd
);

### check to make sure the commands specified in the config section are in the right place, and attempt to correct automatically if not.
%Cmds = &Psad::check_commands(\%Cmds);

&Psad::unique_pid("/var/run/diskmond.pid");

my $pid = fork;
exit if $pid;
die "@@@@@  $0: Couldn't fork: $!" unless defined($pid);
POSIX::setsid() or die "@@@@@  $0: Can't start a new session: $!\n";

### write the pid to the pid file
&Psad::writepid("/var/run/diskmond.pid");

my $usage = 0;  # initialize partition usage

### main loop
for (;;) {
        $usage = &get_usage($psad_dir, \%Cmds);
        if ($usage >= $MAX_PERCENTAGE ) {   # Check to see if we need to start archiving
                &archive($PSAD_FW_DATA, $PSAD_LOGFILE, \%Cmds);
        }
        sleep $CHECK_INTERVAL;  # check disk usage every $CHECK_INTERVAL seconds
}
exit 0;
#===================== end main =======================

sub get_usage() {
	my ($psad_dir, $Cmds_href) = @_;
	my @df_data = `$Cmds_href->{'df'} $psad_dir`;
	shift @df_data;
	my $prcnt = (split /\s+/, $df_data[0])[4];
	chop $prcnt;  ### get rid of the "%"
	return $prcnt;
}
sub archive() {
	my ($fwdata, $psadlogfile, $Cmds_href) = @_;
	`$Cmds_href->{'tail'} -200 $psadlogfile > ${psadlogfile}.bak`;
	`$Cmds_href->{'cat'} /dev/null > $psadlogfile`;
	`$Cmds_href->{'tail'} -200 $fwdata > ${fwdata}.bak`;
	`$Cmds_href->{'cat'} /dev/null > $fwdata`;
}
