Snort mailing list archives
puresecure startup scripts
From: Neal Hamilton <nealhamiltonjr () yahoo com>
Date: Mon, 29 Jul 2002 22:09:42 -0500
if anyone here is using puresecure on openbsd 3.1 could you please take a look at the issue i am having with the startup scripts and advise what to do.
thanks in advance.I installed some startup scripts to /etc/rc.local , so the app (puresecure)and its deps. Mysqld and apache would start upon boot. I followed the vendors instructions to the T which I will paste below, but I am getting the following errors when the script tries to run upon boot. I have pasted a copy of the instructions, the scripts and my final rc.local file below. Would one of you fine script guru's take a look at this and see what I need to edit to correct this.
Thanks in advance
The system: openbsd 3.1, stock kernel
The errors are as follows:
Starting local daemons
/usr/local/bin/mysqld.sh [49] : syntax error: '(' unexpected
/usr/local/bin/httpd.sh [43] : syntax error: '(' unexpected
/usr/local/bin/puresecure.sh [38] syntax error '(' unexpected
The instructions I followed is the following:
Demarc PureSecure 1.6
Startup and Shutdown Scripts for BSD Unix
-------------------------------------------------------------------------------
This document will explain how to install the startup and shutdown scripts
provided for use on a BSD server.
Notes:
* You should always be extremely careful when altering a computer's startup or
shutdown procedure.
BSDs can simply follow the directions to install the scripts using the
/etc/rc.local file as described in Method 1 below.
-------------------------------------------------------------------------------
METHOD 1: Installing the scripts in /etc/rc.local
----------------------------------------------------------------------------
If you are using the /etc/rc.local method you may copy the scripts into any
path you choose as long as the path is reflected in the lines below, for this
example we will assume that they will be moved to /usr/local/bin/ as shown:
******did this*********
'cp httpd.sh /usr/local/bin/'
'cp mysqld.sh /usr/local/bin/'
'cp puresecure.sh /usr/local/bin/'
You should then append the following lines to your /etc/rc.local file:
********did this********
#--------------------------------------------------
# Startup MySQL Database Server
if [ -x /usr/local/bin/mysqld.sh ]; then
/usr/local/bin/mysqld.sh
fi
# Startup Apache Web Server
if [ -x /usr/local/bin/httpd.sh ]; then
/usr/local/bin/httpd.sh
fi
# Startup PureSecure Sensor
if [ -x /usr/local/bin/puresecure.sh ]; then
/usr/local/bin/puresecure.sh
fi
#--------------------------------------------------
here is the scripts that I inserted into rc.local
#cd /usr/local/bin
******below is the script for mysqld:******************
#cat mysqld | more
#!/bin/sh
# Modified Mandrake MySQL Startup script to support most flavors of unix/linux
# Original Copyright is as follows:
# Copyright Abandoned 1996 TCX DataKonsult AB & Monty Program KB & Detron
HB # This file is public domain and comes with NO WARRANTY of any kind
# Set some defaults
datadir=/usr/local/mysql/var
basedir=/usr/local/mysql
bindir=/usr/local/mysql/bin
TMPDIR=/tmp
TMP=/tmp
pidfile=$datadir/mysqld.pid
start(){
# Start daemon
# Safeguard (relative paths, core dumps..)
cd $basedir
export TMPDIR
export TMP
if test -x $bindir/safe_mysqld
then
# Give extra arguments to mysqld
echo "Starting MySQL Server"
$bindir/safe_mysqld --datadir=$datadir --pid-file=$pidfile 2>&1 &
# safe_mysqld &
echo
echo
sleep 2
status
# Make lock for RedHat / SuSE
if test -w /var/lock/subsys
then
touch /var/lock/subsys/mysql
fi
echo
else
echo "Can't execute $bindir/safe_mysqld"
fi
}
stop(){
# Stop daemon. We use a signal here to avoid having to know the
# root password.
# Safeguard (relative paths, core dumps..)
cd $basedir
echo "Stopping MySQL Server"
if [ -f "$pidfile" ]
then
mysqld_pid=`cat $pidfile`
kill $mysqld_pid
# mysqld should remove the pidfile when it exits, so wait for it.
sleep 1
while [ -s $pidfile -a "$flags" != aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa ]
do
[ -z "$flags" ] && echo "Wait for mysqld to exit\c" || echo ".\c"
flags=a$flags
sleep 1
echo "Still alive... attempting to kill MySQL Server again..."
done
if [ -s $pidfile ]
then
echo " gave up waiting!"
exit -1
fi
# delete lock for RedHat / SuSE
if test -f /var/lock/subsys/mysql
then
rm /var/lock/subsys/mysql
fi
echo
echo "Stopped MySQL Server"
exit 0
else
echo "No mysqld pid file found. Looked for $mysql_pid." "$pidfile"
exit -1
echo
fi
}
status(){
# check if the process is running
echo "Checking to see if MySQL Server daemon is running:"
echo "------------------------------------------------------"
echo "Running processes:"
ps auxww | grep mysqld | grep -v grep | grep -v status
echo "------------------------------------------------------"
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
reload)
$0 stop
$0 start
;;
restart)
$0 stop
$0 start
;;
*)
# usage
echo "Usage: $0 {start|stop|status|reload|restart}"
exit 1
;;
esac
******** httpd.sh script****************************
#!/bin/sh
#
# Apache Server (SSL)
# startup script
# Comments to support chkconfig on RedHat style Linux
# chkconfig: 2345 111 111
# description: Apache SSL Web Server
httpd_binary="/usr/local/www/bin/apachectl"
if test -f $httpd_binary
then
#we've found the script, so we can continue
echo -n
else
echo "apachectl not found at $httpd_binary"
exit 0
fi
RETVAL=0
start() {
# Start Apache/SSL
echo " Starting Apache Web Server: "
echo "----------------------------------------------------------"
$httpd_binary startssl
RETVAL=$?
echo
return $RETVAL
}
restart() {
# Restart Server
echo " Restarting Apache Web Server: "
echo "----------------------------------------------------------"
$httpd_binary restart
RETVAL=$?
echo
return $RETVAL
}
stop() {
# Stop Server
echo " Stopping Apache Web Server: "
echo "----------------------------------------------------------"
$httpd_binary stop
RETVAL=$?
echo
return $RETVAL
}
status() {
# Status of Server
echo "Attempting to list Apache Service processes:"
echo "----------------------------------------------------------"
ps auxww | grep httpd | grep -v status
echo
echo "----------------------------------------------------------"
echo "Attempting to access Apache status via Lynx if configured:"
echo "----------------------------------------------------------"
$httpd_binary status
RETVAL=$?
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
restart
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit $?
*****puresecure.sh script*******************************
#!/bin/sh
#
# Demarc PureSecure Sensor
# startup script
# Comments to support chkconfig on RedHat style Linux
# chkconfig: 2345 101 101
# description: PureSecure Total Intrusion Detection System Sensor
psd_binary="/usr/local/puresecure/sensor/bin/psd"
psd_config_file="/usr/local/puresecure/sensor/conf/psd.conf"
#psd_extra_options="-i eth1"
[ -f $psd_binary ] || exit 0
[ -f $psd_config_file ] || exit 0
RETVAL=0
start() {
# Start Sensor
echo -n "Starting PureSecure Sensor: "
$psd_binary -f $psd_config_file $psd_extra_options -b
RETVAL=$?
echo
return $RETVAL
}
restart() {
# Restart Sensor
echo -n "Restarting PureSecure Sensor: "
$psd_binary -f $psd_config_file $psd_extra_options -R
RETVAL=$?
echo
return $RETVAL
}
stop() {
# Stop Sensor
echo -n "Stopping PureSecure Sensor: "
$psd_binary $psd_extra_options -k
RETVAL=$?
echo
return $RETVAL
}
status() {
# Status of Sensor
$psd_binary -f $psd_config_file $psd_extra_options -g
RETVAL=$?
echo
return $RETVAL
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status
;;
restart)
restart
;;
*)
echo $"Usage: $0 {start|stop|status|restart}"
exit 1
esac
exit $?
*******my rc.local file***********************************************
#cd /etc
# cat rclocal
cat: rclocal: No such file or directory
PS-MAIN# cat rc.local
# $OpenBSD: rc.local,v 1.33 2001/06/05 23:01:55 naddy Exp $
# site-specific startup actions, daemons, and other things which # can be
done AFTER your system goes into securemode. For actions # which should be
done BEFORE your system has gone into securemode # please see
/etc/rc.securelevel
# site-specific startup actions, daemons which can be run
# Add your local changes additions to this file
echo -n 'starting local daemons:'
# run ntpdate prior to ntpd
if [ $securelevel -le 1 -a X"${ntpdate_flags}" != X"NO" \
-a -x /usr/local/sbin/ntpdate ]; then
echo -n ' ntpdate'
/usr/local/sbin/ntpdate -b ${ntpdate_flags} >/dev/null fi
if [ X"${ntpd}" == X"YES" -a -x /usr/local/sbin/ntpd \
-a -e /etc/ntp.conf ]; then
echo -n ' ntpd'; /usr/local/sbin/ntpd -p /var/run/ntpd.pid
fi
if [ -x /usr/local/sbin/cfsd ]; then
if ps auxc | grep -q '^ *root .* mountd$'; then
echo -n ' cfsd'; /usr/local/sbin/cfsd >/dev/null 2>&1
mount -o port=3049,nfsv2,intr localhost:/null /crypt
else
echo -n ' cfsd (failed, no mountd running)'
fi
fi
#if [ -x /usr/local/sbin/snmpd ]; then
# echo -n ' snmpd'; /usr/local/sbin/snmpd
#fi
echo '.'
# Netatalk stuff
#if [ -f /etc/netatalk/rc.atalk ]; then
# . /etc/netatalk/rc.atalk
#fi
#--------------------------------------------------
# Startup MySQL Database Server
if [ -x /usr/local/bin/mysqld.sh ]; then
/usr/local/bin/mysqld.sh
fi
# Startup Apache Web Server
if [ -x /usr/local/bin/httpd.sh ]; then
/usr/local/bin/httpd.sh
fi
# Startup PureSecure Sensor
if [ -x /usr/local/bin/puresecure.sh ]; then
/usr/local/bin/puresecure.sh
fi
#--------------------------------------------------
Current thread:
- puresecure startup scripts Neal Hamilton (Jul 29)