Description
Hi,
working more with intelmq these days I noticed when executing intelmqctl stop sometimes some bots are still reported as running afterwards in the output (not that big of an issue) and the exit-code is != 1 (bigger issue, since my wrapper script (using systemd for restarting and most important for starting when booting the server) reacts on this).
I noticed when running intelmqctl status after the intelmqctl stop, the bots actually are reported as stopped. Looking deeper into the code responsible for stopping the bots, I noticed intelmq(ctl) uses the following prodecure for stopping the whole botnet:
- Iterate over the bots in the botnet ()
intelmq/intelmq/bin/intelmqctl.py
Lines 563 to 564 in aadc887
- Send them the
SIGTERMsignal ()intelmq/intelmq/lib/processmanager.py
Lines 197 to 199 in aadc887
- Wait for
0.75Seconds ()intelmq/intelmq/bin/intelmqctl.py
Line 567 in aadc887
- Check if the bots are running () -> determines the exit code
intelmq/intelmq/bin/intelmqctl.py
Lines 568 to 571 in aadc887
So to me it looks like on our server it takes too long until all the bots are finally stopped (when executing intelmqctl status the bots are stopped after all). In our case we're speeking about 16 bots on a server with 4 GiB RAM and 2 cores (not that impressive specs, but so far we're not dealing with massive amounts of data and half of the bots are really just for testing purposes).
With this in mind, does my analysis make sense to you (as people knowing intelmq much better than I do)?
So far my approach would be simply increasing the time intelmqctl stop sleeps until checking on the bots (not generally, but adding this as a parameter to the CLI). Am I missing a simpler solution here?