How to keep a script running all the time in linux?

Question

I'm trying to run a simple python script all the time. I want it to start automatically on bootup and be able to recover from failures. That is, if there is a failure that causes the script to stop, I don't really care and just want it to start running again. I'm OK if the whole device restarts.

I just tested a working script using init.d, but am not sure how to recover from a failure? Have a cronjob check for the existence of a pid?

I'd also like to check for integrity. That is, I'd like to make sure the script was not modified accidentally by some other process. I've heard of checking a CRC32 of the script against a known value but am not sure how to get any kind of md5 on a file that's being executed.

This is a super simple python script btw (one file, ~20lines). I'm not sure if that really changes anything.

Answer 1

The Ghost blogging platform installation instructions [license: CC-BY-3.0] has a section showing how to use supervisord to deploy a nodejs script (which runs the blog) so that it will restart when it fails and on system reboot.

Supervisor (http://supervisord.org/) Popular Linux distributions—such as Fedora, Debian, and Ubuntu—maintain a package for Supervisor: A process control system which allows you to run Ghost at startup without using init scripts. Unlike an init script, Supervisor is portable between Linux distributions and versions.

Install Supervisor as required for your Linux distribution. Typically, this will be:

Debian/Ubuntu: apt-get install supervisor

Fedora: yum install supervisor

Most other distributions: easy_install supervisor

Ensure that Supervisor is running, by running service supervisor start Create the startup script for your Ghost installation. Typically this will go in /etc/supervisor/conf.d/ghost.conf For example:

[program:ghost] 
command = node /path/to/ghost/index.js 
directory = /path/to/ghost 
user = ghost 
autostart = true 
autorestart = true 
stdout_logfile = /var/log/supervisor/ghost.log 
stderr_logfile = /var/log/supervisor/ghost_err.log 
environment = NODE_ENV="production"

Start Ghost using Supervisor: supervisorctl start ghost

To stop Ghost: supervisorctl stop ghost

OK, so if your script is called myscript.py and it belongs to user snake and lives in /home/snake.

Then the command should be python /home/snake/myscript.py, the directory should be wherever you want to run this (we'll assume this is /home/snake), the user should be set appropriately (we'll assume you want to run as user snake), the autos stay the same, and the logfiles should be renamed.

The environment sets any ENV variables that are needed by the script. Typically you won't need any unless you are using them to control aspects of your script.

1. Install supervisord as above, but don't set up anything for ghost
2. Instead, Create /etc/supervisor/conf.d/myscript as follows:
3. supervisorctl start myscript

/etc/supervisor/conf.d/myscript

[program:myscript] 
command = python /home/snake/myscript.py 
directory = /home/snake
user = snake
autostart = true 
autorestart = true 
stdout_logfile = /var/log/supervisor/myscript.log 
stderr_logfile = /var/log/supervisor/myscript_err.log 

Should be running, and will restart even on reboot.

Regarding your security question, this is problematic. If you assume an attacker has read/write access to the file system containing the script, they can also change the security hash. Public key signatures are a little better, because the attacker won't know what to change the signature to as he lacks the private key. But once again, the attacker might simply rewrite the code that tests the signature and bypass it or replace the script to run a script after verification to run some other command always.