From owner-freebsd-ports-bugs@freebsd.org Wed Oct 18 04:37:32 2017 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1DB1EE296DD for ; Wed, 18 Oct 2017 04:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B9176A3CC for ; Wed, 18 Oct 2017 04:37:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v9I4bVTw045717 for ; Wed, 18 Oct 2017 04:37:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 223052] [PATCH] security/suricata: fix suricata stale pid file issue Date: Wed, 18 Oct 2017 04:37:31 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: reshadpatuck1@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2017 04:37:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223052 --- Comment #2 from Reshad Patuck --- (In reply to Franco Fichtner from comment #1) Hey, I run suricata as a user suricata which for me is in the bpf group. The bpf grop has read access to /dev/bpf via a devfs config: ``` # Allow members of group bpf to read from /dev/bpf own bpf root:bpf perm bpf 0740 ``` This allows me to run packet captures from a user account instead of as roo= t, as long as the user is in the bpf group. I don't need multiple pid files, I need to move the pid file to a location where the suricata user can write it. For this I chown /var/run/suricata to user suricata and put the pid file in there (/var/run/suricata/suricata.pid) As for killing the pidfile, if the box has rebooted because of a power fail= ure there is a chance (remote) that something else may be using the pid which suricata was on previously. In this case, the pid file will not be cleared and suricata will fail to st= art. To make sure, I run the status command which not only checks that the pid in the pidfile is running but also that the process associated with it is suricata. I then clear the pid file if suricata is not running and the pid file exist= s. Hope this clears your queries. Best, Reshad --=20 You are receiving this mail because: You are the assignee for the bug.=