snort startup script

=?big5?q?Kai=20Tai=20Dung?= patrick_dkt at yahoo.com.hk
Sun Aug 3 23:08:06 PDT 2003 

Hi,

I have installed the snort ports but it lacks a startup script. The attached file is my startup scripts. The two startup script uses different approach. I think the scripts need more testing and tuning.

Regards
Patrick


²Ä¤G¥@(Á¾^¾W)¡A²ßºD¥¢ÅÊ(®e¯ª¨à)¡A¥S©f(³¯«³¨³)...
Yahoo! ¹aÁn¤U¸ü
-------------- next part --------------
#!/bin/sh

# This version looks at the pid file in /var/run

# Change the interface as necessary
interface="xl0"

prog="snort"

# It seems that kill -9 (pid of snort) will not remove the pid file in /var/run
pidfile="/var/run/snort_${interface}.pid"

start() {
	if [ -f $pidfile ]; then
		echo "$prog is already running as pid `cat $pidfile`"
	else

	echo "Starting $prog..."
	# This will run snort as root
	/usr/local/bin/snort -c /usr/local/etc/snort.conf -D -i ${interface} -l /var/log/snort
	
	# This will run snort as user 'snort' and group 'snort'
	# /usr/local/bin/snort -c /usr/local/etc/snort.conf -D -u snort -g snort -i ${interface} -l /var/log/snort

	fi
}

stop () {
	if [ -f $pidfile ]; then
		kill `cat $pidfile`
		echo "$prog stopped."
	else
		echo "$prog is not running. Cannot stop."
	fi

	# This is a killall method, regardless of the variable 'pid'
	# /usr/bin/killall snort && echo "$prog stopped."
}

status() {
	if [ -f $pidfile ]; then
		echo "$prog is running as pid `cat $pidfile`"
	else
		echo "$prog is not running."
	fi
}

case "$1" in
start)
	start
	;;
stop)
	stop
	;;
restart)
	stop
	# It seems that killing of snort requires some time
	sleep 5
	start
	;;
status)
	status
	;;
*)
	echo $"Usage: $0 {start|stop|restart|status}" 
	;;
esac

exit 0
-------------- next part --------------
#!/bin/sh

# This version uses pid (idea from cupsd startup script)

# Change the interface as necessary
interface="xl0"

prog="snort"

pid=`ps ax | awk '{if (match($5, ".*/snort$") || $5 == "snort") print $1}'`

start() {
        if test "$pid" != ""; then
		echo "$prog is already running as pid $pid."
	else

	echo "Starting $prog..."
	# This will run snort as root
	/usr/local/bin/snort -c /usr/local/etc/snort.conf -D -i ${interface} -l /var/log/snort
	
	# This will run snort as user 'snort' and group 'snort'
	# /usr/local/bin/snort -c /usr/local/etc/snort.conf -D -u snort -g snort -i ${interface} -l /var/log/snort

	fi
}

stop () {
	if test "$pid" != ""; then
		kill $pid
		echo "$prog stopped."
	else
		echo "$prog is not running. Cannot stop."
	fi

	# This is a killall method, regardless of the variable 'pid'
	# /usr/bin/killall snort && echo "$prog stopped."
}

status() {
	if test "$pid" != ""; then
		echo "$prog is running as pid $pid."
	else
		echo "$prog is not running."
	fi
}

case "$1" in
start)
	start
	;;
stop)
	stop
	;;
restart)
	stop
	# It seems that killing of snort requires some time
	sleep 5
	# The pid variable has not been cleared when snort is killed,
	# but we don't know if snort is really killed, so check again
	pid=""
	pid=`ps ax | awk '{if (match($5, ".*/snort$") || $5 == "snort") print $1}'`
	start
	;;
status)
	status
	;;
*)
	echo $"Usage: $0 {start|stop|restart|status}" 
	;;
esac

exit 0

More information about the freebsd-ports mailing list