Snort mailing list archives
Re: Snort as a Service on Ubuntu 9
From: Andres Carrera Rivera <protoss_black88 () hotmail com>
Date: Wed, 1 Dec 2010 13:43:01 -0500
Thanks this is what I used, it works pretty well.. one problem was just to make permissions to read the file. (chmod 0700 /etc/init.d/snortfile). Now I'm implementing a Snort Firwall, I'm using Guardian code based on pearl. I want to do the same, run guardian as a Service. #! /bin/sh ### BEGIN INIT INFO # Provides: Snort # Required-Start: $local_fs $remote_fs $syslog $network mysql # Required-Stop: $local_fs $remote_fs $syslog $network mysql # Default-Start: 2 3 4 5 # Default-Stop: S 0 1 6 # Short-Description: Init script to start the Snort daemon # Description: Provides Snort service on startup and terminates # on shutdown. Snort is an IDS or IPS. This script # assumes that snort is installed in /usr/sbin and # that it's main snort.conf file is in /etc/snort. # The service will be started as a daemon, listening # on eth0 and will also start quietly. If you require # something other than this, you will have to edit # the script accordingly. # USE AT YOUR OWN RISK, YMMV. THIS SCRIPT COMES WITH # ABSOLUTELY NO WARRANTY WHATSOEVER. # License: GPLv2 see http://www.gnu.org/licenses/gpl-2.0.txt ### END INIT INFO # Author: Nigel Houghton <nigel.houghton () sourcefire com> PATH=/usr/sbin:/usr/bin:/sbin:/bin DESC="Snort service for IDS or IPS" NAME=snort CONFIG="/etc/snort/etc/snort_Aprendizaje.conf" INTERFACE="eth2" DAEMON=/usr/local/bin/$NAME DAEMON_ARGS="-c $CONFIG -i $INTERFACE -qD" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/snortstartAp # Exit if the package is not installed [ -x "$DAEMON" ] || exit 1 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables [ -f /etc/default/rcS ] && . /etc/default/rcS # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. if [ -f "$PIDFILE" ]; then rm -f $PIDFILE fi return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac : ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)
- Re: Snort as a Service on Ubuntu 9 Joel Esler (Dec 01)
- <Possible follow-ups>
- Re: Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)