snort startup script
=?big5?q?Kai=20Tai=20Dung?=
patrick_dkt at yahoo.com.hk
Sun Aug 3 23:08:06 PDT 2003
Hi,
I have installed the snort ports but it lacks a startup script. The attached file is my startup scripts. The two startup script uses different approach. I think the scripts need more testing and tuning.
Regards
Patrick
²Ä¤G¥@(Á¾^¾W)¡A²ßºD¥¢ÅÊ(®e¯ª¨à)¡A¥S©f(³¯«³¨³)...
Yahoo! ¹aÁn¤U¸ü
-------------- next part --------------
#!/bin/sh
# This version looks at the pid file in /var/run
# Change the interface as necessary
interface="xl0"
prog="snort"
# It seems that kill -9 (pid of snort) will not remove the pid file in /var/run
pidfile="/var/run/snort_${interface}.pid"
start() {
if [ -f $pidfile ]; then
echo "$prog is already running as pid `cat $pidfile`"
else
echo "Starting $prog..."
# This will run snort as root
/usr/local/bin/snort -c /usr/local/etc/snort.conf -D -i ${interface} -l /var/log/snort
# This will run snort as user 'snort' and group 'snort'
# /usr/local/bin/snort -c /usr/local/etc/snort.conf -D -u snort -g snort -i ${interface} -l /var/log/snort
fi
}
stop () {
if [ -f $pidfile ]; then
kill `cat $pidfile`
echo "$prog stopped."
else
echo "$prog is not running. Cannot stop."
fi
# This is a killall method, regardless of the variable 'pid'
# /usr/bin/killall snort && echo "$prog stopped."
}
status() {
if [ -f $pidfile ]; then
echo "$prog is running as pid `cat $pidfile`"
else
echo "$prog is not running."
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
# It seems that killing of snort requires some time
sleep 5
start
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
;;
esac
exit 0
-------------- next part --------------
#!/bin/sh
# This version uses pid (idea from cupsd startup script)
# Change the interface as necessary
interface="xl0"
prog="snort"
pid=`ps ax | awk '{if (match($5, ".*/snort$") || $5 == "snort") print $1}'`
start() {
if test "$pid" != ""; then
echo "$prog is already running as pid $pid."
else
echo "Starting $prog..."
# This will run snort as root
/usr/local/bin/snort -c /usr/local/etc/snort.conf -D -i ${interface} -l /var/log/snort
# This will run snort as user 'snort' and group 'snort'
# /usr/local/bin/snort -c /usr/local/etc/snort.conf -D -u snort -g snort -i ${interface} -l /var/log/snort
fi
}
stop () {
if test "$pid" != ""; then
kill $pid
echo "$prog stopped."
else
echo "$prog is not running. Cannot stop."
fi
# This is a killall method, regardless of the variable 'pid'
# /usr/bin/killall snort && echo "$prog stopped."
}
status() {
if test "$pid" != ""; then
echo "$prog is running as pid $pid."
else
echo "$prog is not running."
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
# It seems that killing of snort requires some time
sleep 5
# The pid variable has not been cleared when snort is killed,
# but we don't know if snort is really killed, so check again
pid=""
pid=`ps ax | awk '{if (match($5, ".*/snort$") || $5 == "snort") print $1}'`
start
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
;;
esac
exit 0
More information about the freebsd-ports
mailing list