Snort mailing list archives

Re: Snort as a Service on Ubuntu 9

From: Andres Carrera Rivera <protoss_black88 () hotmail com>
Date: Wed, 1 Dec 2010 13:43:01 -0500
Thanks this is what I used, it works pretty well..
one problem was just to make permissions to read the file. (chmod 0700 
/etc/init.d/snortfile).

Now I'm implementing a Snort Firwall, I'm using Guardian code based on 
pearl.
I want to do the same, run guardian as a Service.

#! /bin/sh
### BEGIN INIT INFO
# Provides:          Snort
# Required-Start:    $local_fs $remote_fs $syslog $network mysql
# Required-Stop:     $local_fs $remote_fs $syslog $network mysql
# Default-Start:     2 3 4 5
# Default-Stop:      S 0 1 6
# Short-Description: Init script to start the Snort daemon
# Description:       Provides Snort service on startup and terminates
#                    on shutdown. Snort is an IDS or IPS. This script
#                    assumes that snort is installed in /usr/sbin and
#                    that it's main snort.conf file is in /etc/snort.
#                    The service will be started as a daemon, listening
#                    on eth0 and will also start quietly. If you require
#                    something other than this, you will have to edit
#                    the script accordingly.
#                    USE AT YOUR OWN RISK, YMMV. THIS SCRIPT COMES WITH
#                    ABSOLUTELY NO WARRANTY WHATSOEVER.
# License:           GPLv2 see http://www.gnu.org/licenses/gpl-2.0.txt
### END INIT INFO

# Author: Nigel Houghton <nigel.houghton () sourcefire com>

PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="Snort service for IDS or IPS"
NAME=snort
CONFIG="/etc/snort/etc/snort_Aprendizaje.conf"
INTERFACE="eth2"
DAEMON=/usr/local/bin/$NAME
DAEMON_ARGS="-c $CONFIG -i $INTERFACE -qD"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/snortstartAp

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 1

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
  # Return
  #   0 if daemon has been started
  #   1 if daemon was already running
  #   2 if daemon could not be started
  start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON 
--test > /dev/null \
   || return 1
  start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
   $DAEMON_ARGS \
   || return 2
}

#
# Function that stops the daemon/service
#
do_stop()
{
  # Return
  #   0 if daemon has been stopped
  #   1 if daemon was already stopped
  #   2 if daemon could not be stopped
  #   other if a failure occurred
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile 
$PIDFILE --name $NAME
  RETVAL="$?"
  [ "$RETVAL" = 2 ] && return 2
  start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec 
$DAEMON
  [ "$?" = 2 ] && return 2
  # Many daemons don't delete their pidfiles when they exit.
  if [ -f "$PIDFILE" ]; then
     rm -f $PIDFILE
    fi
  return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
  start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name 
$NAME
  return 0
}

case "$1" in
   start)
  [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
  do_start
  case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
  esac
  ;;
   stop)
  [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
  do_stop
  case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
  esac
  ;;
   restart|force-reload)
  log_daemon_msg "Restarting $DESC" "$NAME"
  do_stop
  case "$?" in
    0|1)
   do_start
   case "$?" in
    0) log_end_msg 0 ;;
    1) log_end_msg 1 ;; # Old process is still running
    *) log_end_msg 1 ;; # Failed to start
   esac
   ;;
    *)
     # Failed to stop
   log_end_msg 1
   ;;
  esac
  ;;
   *)
  echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
  exit 3
  ;;
esac

:

------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:

Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)
- Re: Snort as a Service on Ubuntu 9 Joel Esler (Dec 01)
- <Possible follow-ups>
- Re: Snort as a Service on Ubuntu 9 Andres Carrera Rivera (Dec 01)