Snort mailing list archives
Re: list archives...
From: Max Valdez <maxvalde () servm fc uaem mx>
Date: Wed, 22 Aug 2001 11:49:54 -0500
Hi Here is what I use, no deamonstools, just a cron job to see if snort is running every once in a while. looks simple, and maybe silly, but it works very well for me, besides, if snort dies and the script restart it, I get an email telling me so. In my opinion a deamontool is very good for stable known programs, but if ur dealing with security u can't be that confident, specially on a anti-ids attack. you need to know if the process has been working constantly, and you really need to know if snort dies for any given reason (misconfiguration is the most common in my case) hope my two mexican cents help Max p.s. BTW my script monitors guardian too #!/bin/sh #Monitor de snort, util para poner en crontab # agrega la siguiente linea a crontab # 0-58/15 * * * * /usr/sbin/snort-mon.sh # if [ ! -f /var/run/snort_eth0.pid ] ;then date echo "corriendo snort" /etc/init.d/snort start else pid=`cat /var/run/snort_eth0.pid` run=`ps --pid $pid|tail -1|awk '{print $4}'` # echo $run if [ "$run" != "snort" ] ; then echo "corriendo snort" /etc/init.d/snort start fi run=`ps -efl|grep guar|grep -v grep|sed -e 's/\// /g'|awk '{print $21}'` if [ "$run" != "guardian.pl" /etc/init.d/guardian start fi fi _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- list archives... pbsarnac (Aug 21)
- Re: list archives... Max Valdez (Aug 22)