Date: Mon, 4 Aug 2003 14:08:05 +0800 (CST) From: =?big5?q?Kai=20Tai=20Dung?= <patrick_dkt@yahoo.com.hk> To: freebsd-ports@freebsd.org Subject: snort startup script Message-ID: <20030804060805.94627.qmail@web41904.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
--0-833493000-1059977285=:91656
Content-Type: text/plain; charset=big5
Content-Transfer-Encoding: 8bit
Hi,
I have installed the snort ports but it lacks a startup script. The attached file is my startup scripts. The two startup script uses different approach. I think the scripts need more testing and tuning.
Regards
Patrick
第二世(謝霆鋒),習慣失戀(容祖兒),兄妹(陳奕迅)...
Yahoo! 鈴聲下載
--0-833493000-1059977285=:91656
Content-Type: text/plain; name="snort.sh-pidfile"
Content-Description: snort.sh-pidfile
Content-Disposition: inline; filename="snort.sh-pidfile"
#!/bin/sh
# This version looks at the pid file in /var/run
# Change the interface as necessary
interface="xl0"
prog="snort"
# It seems that kill -9 (pid of snort) will not remove the pid file in /var/run
pidfile="/var/run/snort_${interface}.pid"
start() {
if [ -f $pidfile ]; then
echo "$prog is already running as pid `cat $pidfile`"
else
echo "Starting $prog..."
# This will run snort as root
/usr/local/bin/snort -c /usr/local/etc/snort.conf -D -i ${interface} -l /var/log/snort
# This will run snort as user 'snort' and group 'snort'
# /usr/local/bin/snort -c /usr/local/etc/snort.conf -D -u snort -g snort -i ${interface} -l /var/log/snort
fi
}
stop () {
if [ -f $pidfile ]; then
kill `cat $pidfile`
echo "$prog stopped."
else
echo "$prog is not running. Cannot stop."
fi
# This is a killall method, regardless of the variable 'pid'
# /usr/bin/killall snort && echo "$prog stopped."
}
status() {
if [ -f $pidfile ]; then
echo "$prog is running as pid `cat $pidfile`"
else
echo "$prog is not running."
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
# It seems that killing of snort requires some time
sleep 5
start
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
;;
esac
exit 0
--0-833493000-1059977285=:91656
Content-Type: text/plain; name="snort.sh-pid"
Content-Description: snort.sh-pid
Content-Disposition: inline; filename="snort.sh-pid"
#!/bin/sh
# This version uses pid (idea from cupsd startup script)
# Change the interface as necessary
interface="xl0"
prog="snort"
pid=`ps ax | awk '{if (match($5, ".*/snort$") || $5 == "snort") print $1}'`
start() {
if test "$pid" != ""; then
echo "$prog is already running as pid $pid."
else
echo "Starting $prog..."
# This will run snort as root
/usr/local/bin/snort -c /usr/local/etc/snort.conf -D -i ${interface} -l /var/log/snort
# This will run snort as user 'snort' and group 'snort'
# /usr/local/bin/snort -c /usr/local/etc/snort.conf -D -u snort -g snort -i ${interface} -l /var/log/snort
fi
}
stop () {
if test "$pid" != ""; then
kill $pid
echo "$prog stopped."
else
echo "$prog is not running. Cannot stop."
fi
# This is a killall method, regardless of the variable 'pid'
# /usr/bin/killall snort && echo "$prog stopped."
}
status() {
if test "$pid" != ""; then
echo "$prog is running as pid $pid."
else
echo "$prog is not running."
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
# It seems that killing of snort requires some time
sleep 5
# The pid variable has not been cleared when snort is killed,
# but we don't know if snort is really killed, so check again
pid=""
pid=`ps ax | awk '{if (match($5, ".*/snort$") || $5 == "snort") print $1}'`
start
;;
status)
status
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
;;
esac
exit 0
--0-833493000-1059977285=:91656--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804060805.94627.qmail>