From owner-freebsd-questions@FreeBSD.ORG Thu Mar 12 20:17:06 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E516F1065674 for ; Thu, 12 Mar 2009 20:17:06 +0000 (UTC) (envelope-from prvs=pschmehl_lists=315d2495b@tx.rr.com) Received: from ip-relay-002.utdallas.edu (ip-relay-002.utdallas.edu [129.110.20.112]) by mx1.freebsd.org (Postfix) with ESMTP id B1C098FC18 for ; Thu, 12 Mar 2009 20:17:06 +0000 (UTC) (envelope-from prvs=pschmehl_lists=315d2495b@tx.rr.com) X-Group: RELAYLIST X-IronPort-AV: E=Sophos;i="4.38,352,1233554400"; d="scan'208,217";a="7864513" Received: from smtp3.utdallas.edu ([129.110.20.110]) by ip-relay-002.utdallas.edu with ESMTP; 12 Mar 2009 15:05:29 -0500 Received: from utd65257.utdallas.edu (utd65257.utdallas.edu [129.110.3.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.utdallas.edu (Postfix) with ESMTPSA id A76B68639; Thu, 12 Mar 2009 15:05:29 -0500 (CDT) Date: Thu, 12 Mar 2009 20:05:29 +0000 From: Paul Schmehl To: FreeBSD , freebsd-questions@freebsd.org Message-ID: In-Reply-To: <49B95E83.7050002@optiksecurite.com> References: <49B95E83.7050002@optiksecurite.com> X-Mailer: Mulberry/4.0.6 (Linux/x86) X-Munged-Reply-To: Figure it out MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Re: Error starting Snort via rc.d X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 20:17:07 -0000 --On Thursday, March 12, 2009 14:12:03 -0500 FreeBSD wrote: > > Hello list! > > I'm running FreeBSD 7.1-RELEASE-p3 with a fresh ports tree. I just > installed Snort 2.8.2.2_2 from the ports. The problem is that I always > got an error when I want to start/stop/restart Snort via > /usr/local/etc/rc.d/snort. > > I isolated the part of the script that is outputting the error. The > problem comes from the last line : run_rc_command "$1" > > The error I get is : > eval: 1: Syntax error: "(" unexpected (expecting ")") > > I don't have any problem starting MySQL, so I don't understand why > there's a problem with this command only for Snort. > > Thanks for your precious help, > The problem isn't in the last line. That's just a common impression when an error message isn't clear. You have to understand that the rc.d system, while it makes creating startup scripts easier, obfuscates (to some degree) what's going on in the backround. If you'll notice, there is no eval command in the snort startup script. What's being parsed by eval is /etc/rc.conf. If you'll look at /etc/rc.subr, you'll see that it uses eval to assess the values that you have assigned to the various variables used in the snort startup script. For example, it checks to see if you've enabled the script by evaluating /etc/rc.conf for the line _enable="YES". It checks the run_rc_command to see if the name is correct, what, if any, the arguments are that should be appended to the run command, what, if any, the extra arguments are, and so forth. I'll bet you have a snort variable in /etc/rc.conf that isn't quoted correctly. Send us the results of this command: grep snort /etc/rc.conf It should look something like this: # grep snort /etc/rc.conf snort_enable="YES" snort_flags="-u snort -g snort -Dq" snort_interface="bge0" -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* Check the headers before clicking on Reply.