From owner-freebsd-ports@FreeBSD.ORG Thu Jan 14 19:52:53 2010 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF7131065670 for ; Thu, 14 Jan 2010 19:52:53 +0000 (UTC) (envelope-from prvs=6238b49e3=pschmehl_lists@tx.rr.com) Received: from ip-001.utdallas.edu (ip-001.utdallas.edu [129.110.20.107]) by mx1.freebsd.org (Postfix) with ESMTP id A43868FC1F for ; Thu, 14 Jan 2010 19:52:53 +0000 (UTC) X-Group: SUSPECTLIST_NO_SBRS X-IronPort-AV: E=Sophos;i="4.49,276,1262584800"; d="scan'208";a="25394052" Received: from zxtm01.utdallas.edu (HELO utd65257.utdallas.edu) ([129.110.10.32]) by ip-001.utdallas.edu with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Jan 2010 13:23:52 -0600 Date: Thu, 14 Jan 2010 13:23:52 -0600 From: Paul Schmehl To: FreeBSD Ports Message-ID: <887980C67102A382EA2561AD@utd65257.utdallas.edu> X-Mailer: Mulberry/4.0.6 (Linux/x86) X-Munged-Reply-To: Figure it out MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Problems with the security/snort port X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Paul Schmehl List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 19:52:53 -0000 For some reason, since the upgrade of snort, the rc.d script does not work properly. The start process remains running and never releases th binary to run in the background as a daemon. As a result, I have to background the start process each time I start snort. # ps -auxw | grep snort root 14387 28.1 1.9 26096 9468 p0 R 5:53PM 0:04.27 /usr/local/bin/snort -u snort -g snort -Dq -i sis0 -c /usr/local/et root 14333 0.0 1.6 10064 8192 ?? Ss 5:50PM 0:00.05 /usr/local/bin/barnyard2 -D -d /var/log/snort -f snort.u2 -w /var/l root 14380 0.0 0.3 3464 1348 p0 S 5:53PM 0:00.01 /bin/sh /usr/local/etc/rc.d/snort start As you can see, snort is being started with the -D switch, but the commandline to start the daemon is still running. If I don't background it, and I hit control C to get back to a prompt, snort closes "normally", as though I had hit stop. Has anyone else seen this? Any idea what the problem might be? -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson