Snort mailing list archives
Re: [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Thu, 23 Oct 2014 10:29:08 -0400
I don't want to make assumptions, but it most assuredly looks like it. I was a little late to those whole systemd thing and I'm trying to embrace change, but damned if they aren't making it hard. Worst-case scenario: I have a working init script and centOS 7 still supports chkconfig, I can use that, but want to try and keep the solution within systemd, in case they go nuts and nuke all remnants of sys V init in the future. On Thu, Oct 23, 2014 at 10:08 AM, Shirkdog <shirkdog () gmail com> wrote:
Wait...are you saying systemd is not working? :) --- Michael Shirk On Thu, Oct 23, 2014 at 10:00 AM, Tony Robinson <deusexmachina667 () gmail com> wrote:Hello There, I'm working on an update for autosnort and I figured it was high pasttimefor me to stop half-assing boot persistence for Snort via rc.local andmakeactual init scripts or similar. So here I am, trying to make a systemd script. The goals are to bring upthenetwork interface in promisc mode, start snort, and start barnyard2. The script does that. Rather well. Probably not the way systemd devs wantone todo it... but we'll cross that bridge later. My problem comes when I try to kill snort or barnyard2. The kill command works, but there's errors in the logs: Oct 23 09:38:10 localhost snort[2502]: Could not remove pid file /var/run//snort_ens33.pid: Permission denied Oct 23 09:38:10 localhost snort[2502]: Snort exiting Barnyard2 doesn't seem to care that it can't remove the pid file andthat'sfine, I suppose, because restarting Snort/Barnyard2 seem to work fine: Oct 23 09:45:38 localhost snort[2912]: Checking PID path... Oct 23 09:45:38 localhost snort[2912]: PID path stat checked out ok, PID path set to /var/run/ Oct 23 09:45:38 localhost snort[2912]: Writing PID "2912" to file "/var/run//snort_ens33.pid" Oct 23 09:45:43 localhost barnyard2[2915]: PID path stat checked out ok,PIDpath set to /var/run/ Oct 23 09:45:43 localhost barnyard2[2915]: Writing PID "2915" to file "/var/run//barnyard2_ens33.pid" Here are the options I use to start snort: snort -D -u snort -g snort -c /opt/snort/etc/snort.conf -i ens33 Here are the options I use to start barnyard2: barnyard2 -c /opt/snort/etc/barnyard2.conf -d /var/log/snort -f snort.u2-w/var/log/snort/barnyard2.waldo -D I know a lot of stuff changed in centOS 7. I noticed that one of them was that /var/run is now a symlink to /run. What would cause Snort/BY2 tohavepermissions to follow the pid file and write their pids, but then nothavepermissions to remove the pid file after execution has stopped? I've attached the systemd script I wrote as well.------------------------------------------------------------------------------_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latestSnortnews!
-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Trying to develop a systemd snort script, running into errors removing/creating pid files Tony Robinson (Oct 23)
- Re: [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files Shirkdog (Oct 23)
- Re: [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files Tony Robinson (Oct 23)
- Re: Trying to develop a systemd snort script, running into errors removing/creating pid files Josh Rosenbaum (jrosenba) (Oct 23)
- Re: Trying to develop a systemd snort script, running into errors removing/creating pid files Robert Millott (Oct 27)
- Re: [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files Shirkdog (Oct 23)