roles/monitoring/prometheus/exporter/node/templates/textfile-collector-scripts/deleted-libraries.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

#!/usr/bin/env {{ python_basename }}
"""
Script to count the number of deleted libraries that are linked by running
processes and expose a summary as Prometheus metrics.

The aim is to discover processes that are still using libraries that have since
been updated, perhaps due security vulnerabilities.
"""

import errno
import glob
import os
import sys


def main():
    processes_linking_deleted_libraries = {}

    for path in glob.glob('/proc/*/maps'):
        try:
            with open(path, 'rb') as file:
                for line in file:
                    part = line.decode().strip().split()

                    if len(part) == 7:
                        library = part[5]
                        comment = part[6]

                        if '/lib/' in library and '(deleted)' in comment:
                            if path not in processes_linking_deleted_libraries:
                                processes_linking_deleted_libraries[path] = {}

                            if library in processes_linking_deleted_libraries[path]:
                                processes_linking_deleted_libraries[path][library] += 1
                            else:
                                processes_linking_deleted_libraries[path][library] = 1
        except FileNotFoundError:
            # Ignore non-existent files, since the files may have changed since
            # we globbed.
            pass
        except ProcessLookupError:
            # If process vanishes while collecting the linked libs reading lines from
            # the map file yields this error.
            pass

    num_processes_per_library = {}

    for process, library_count in processes_linking_deleted_libraries.items():
        libraries_seen = set()
        for library, count in library_count.items():
            if library in libraries_seen:
                continue

            libraries_seen.add(library)
            if library in num_processes_per_library:
                num_processes_per_library[library] += 1
            else:
                num_processes_per_library[library] = 1

    metric_name = 'node_processes_linking_deleted_libraries'
    description = 'Count of running processes that link a deleted library'
    print('# HELP {0} {1}'.format(metric_name, description))
    print('# TYPE {0} gauge'.format(metric_name))

    for library, count in num_processes_per_library.items():
        dir_path, basename = os.path.split(library)
        basename = basename.replace('"', '\\"')
        dir_path = dir_path.replace('"', '\\"')
        print('{0}{{ '{{' }}library_path="{1}", library_name="{2}"{{ '}}' }} {3}'.format(
            metric_name,
            dir_path,
            basename,
            count)
        )


if __name__ == "__main__":
    main()