Date: Wed, 18 Oct 2017 04:37:31 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 223052] [PATCH] security/suricata: fix suricata stale pid file issue Message-ID: <bug-223052-13-kQX1UkCSfC@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-223052-13@https.bugs.freebsd.org/bugzilla/> References: <bug-223052-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223052 --- Comment #2 from Reshad Patuck <reshadpatuck1@gmail.com> --- (In reply to Franco Fichtner from comment #1) Hey, I run suricata as a user suricata which for me is in the bpf group. The bpf grop has read access to /dev/bpf via a devfs config: ``` # Allow members of group bpf to read from /dev/bpf own bpf root:bpf perm bpf 0740 ``` This allows me to run packet captures from a user account instead of as roo= t, as long as the user is in the bpf group. I don't need multiple pid files, I need to move the pid file to a location where the suricata user can write it. For this I chown /var/run/suricata to user suricata and put the pid file in there (/var/run/suricata/suricata.pid) As for killing the pidfile, if the box has rebooted because of a power fail= ure there is a chance (remote) that something else may be using the pid which suricata was on previously. In this case, the pid file will not be cleared and suricata will fail to st= art. To make sure, I run the status command which not only checks that the pid in the pidfile is running but also that the process associated with it is suricata. I then clear the pid file if suricata is not running and the pid file exist= s. Hope this clears your queries. Best, Reshad --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-223052-13-kQX1UkCSfC>