Date: Thu, 12 Mar 2009 20:05:29 +0000 From: Paul Schmehl <pschmehl_lists@tx.rr.com> To: FreeBSD <freebsd@optiksecurite.com>, freebsd-questions@freebsd.org Subject: Re: Error starting Snort via rc.d Message-ID: <D6C3CCA22353A80D9B47C370@utd65257.utdallas.edu> In-Reply-To: <49B95E83.7050002@optiksecurite.com> References: <49B95E83.7050002@optiksecurite.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, March 12, 2009 14:12:03 -0500 FreeBSD
<freebsd@optiksecurite.com> wrote:
>
> Hello list!
>
> I'm running FreeBSD 7.1-RELEASE-p3 with a fresh ports tree. I just
> installed Snort 2.8.2.2_2 from the ports. The problem is that I always
> got an error when I want to start/stop/restart Snort via
> /usr/local/etc/rc.d/snort.
>
> I isolated the part of the script that is outputting the error. The
> problem comes from the last line : run_rc_command "$1"
>
> The error I get is :
> eval: 1: Syntax error: "(" unexpected (expecting ")")
>
> I don't have any problem starting MySQL, so I don't understand why
> there's a problem with this command only for Snort.
>
> Thanks for your precious help,
>
The problem isn't in the last line. That's just a common impression when an
error message isn't clear. You have to understand that the rc.d system, while
it makes creating startup scripts easier, obfuscates (to some degree) what's
going on in the backround.
If you'll notice, there is no eval command in the snort startup script. What's
being parsed by eval is /etc/rc.conf. If you'll look at /etc/rc.subr, you'll
see that it uses eval to assess the values that you have assigned to the
various variables used in the snort startup script.
For example, it checks to see if you've enabled the script by evaluating
/etc/rc.conf for the line <scriptname>_enable="YES". It checks the
run_rc_command to see if the name is correct, what, if any, the arguments are
that should be appended to the run command, what, if any, the extra arguments
are, and so forth.
I'll bet you have a snort variable in /etc/rc.conf that isn't quoted correctly.
Send us the results of this command:
grep snort /etc/rc.conf
It should look something like this:
# grep snort /etc/rc.conf
snort_enable="YES"
snort_flags="-u snort -g snort -Dq"
snort_interface="bge0"
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
Check the headers before clicking on Reply.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6C3CCA22353A80D9B47C370>