################
PSMON User Guide
################

Process Monitor 
===============

AED includes a process monitor to ensure that services configured to run by the **chkconfig** or **systemctl** systems continue to run. If a service dies, AED will automatically restart the process. 
   
----------------

Adding Services to Monitor 
==========================

To add a service, simply enable it via **chkconfig** or **systemctl** and then generate the AED policy for the systems current start. The following steps accomplish this task:

   **Step 1: Enable a Service**

      As the root user, run the following command:
	  
         .. code-block:: console
		 
            systemctl enable <service_name>
			
      Example:
	  
         .. code-block:: console
		 
            systemctl enable httpd 
			

   **Step 2: Generate the AED Policy**
   
      Run the following command: 
	  
         .. code-block:: console

            asl -s -f 


---------------

Removing Services to Monitor
============================

To remove a service, simply disable it via **chkconfig** or **systemctl** and then generate the AED policy for the systems current start. Please follow the following steps to do this: 

   **Step 1: Disable a Service**

      As the root user, run the following command:

          .. code-block:: console

             systemctl disable <service_name>

      Example:

          .. code-block:: console

             service disable httpd

			 
   **Step 2: Generate the AED Policy**

       Run the following command:

          .. code-block:: console

             asl -s -f 


---------------

Disabling PSMON
===============

   .. note:: It is **NOT** recommended that you disable the process monitor. Doing so will also tell AED to not monitor its own services, and if a service fails for any reason AED will not restart the service. 

   Please follow the steps below to disable PSMON.

      **Step 1: Edit the AED Configuration File**
	  
	      Inside of **/etc/asl/config** set the following:

             .. code-block:: console 

                PSMON_ENABLE="no"


      **Step 2: Update the AED Security Policy**

         Run the following command:
		 
            .. code-block:: console

               asl -s -fails


      **Step 3: Kill the PSMON Process(es)**

         Run the following command: 
		 
            .. code-block:: console

               killall -9 psmon 


      **Step 4: Remove the Package**

         Run the following command:
		 
            .. code-block:: console

               rpm -e psmon --nodeps



--------------

Monitoring Processes with Systemd
=================================

Centos/Redhat 7 systems use systemd, which has its own process monitoring capability, psmon is only used to monitor processes that do not use systemd.

To monitor and automatically restart a process, please follow the process below:

   **Step 1: Check to make sure the service is managed by systemd**
   
      Each service will have a service file in **/etc/systemd/system** directory. For the purpose of this example the multi-user run level will be used, which is the most common run level Linux servers will start in. If you do not know what this means, your system is probably pre-configured to boot into the multi-user run level.
	  
      Make sure the service has a functional systemd init script located at: 
	  
         .. code-block:: console
		 
            /etc/systemd/system/mult-user.target.wants/service.service
			

   **Step 2 (Optional): Enable the Service**
   
      If the service is not already enabled, enable the service by running the following command:
	  
         .. code-block:: console
		 
            sudo systemctl enable service.service
			
      This will create a symlink in **/etc/systemd/system/mult-user.wants/** that looks like the following:
	  
         .. code-block:: console
		 
            lrwxrwxrwx 1 root root 38 Jan 13 11:54 /etc/systemd/system/multi-user.target.wants/service.service -> /usr/lib/systemd/system/service.service
			
      This will enable automatic starting after a **reboot**.
	  
	  
   **Step 3: Configure the Service to Automatically Restart**
   
      Edit the **/etc/systemd/system/mult-user.wants/service.service** file. It should contain a line like the example below. 
	  
         .. code-block:: console
		 
            Restart=always
			
      If this is not set to "always", set it to always and the service will be automatically restarted if it crashes. 
	  
	  
   **Step 4: Reload the Systemd Daemon**
   
      Reload the systemd daemon by running the following command:
	  
         .. code-block:: console
		 
            sudo systemctl daemon-reload
			

   **Step 5: Restart the Service**

      Restart the service by running the following command: 

         .. code-block:: console

            sudo systemctl restart service.service


   **Step 6 (Optional but recommended): Test to see if the service is started on reboot**

      Run the following command to reboot the system: 

         .. code-block:: console

            sudo reboot

   **Step 7: Kill the Process to see if it Automatically Restarts**

      Run the following command: 

         .. code-block:: console

            killall -9 service

.. note:: Replace 'service' with the service name you want to test, for example httpd. 

			
			   
			
