Snort mailing list archives

RE: Snort at boot

From: "Robert Schwartz" <robert () mrsquirrel com>
Date: Tue, 18 Jun 2002 22:37:29 -0700

-----Original Message-----
From: snort-users-admin () lists sourceforge net 
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of 
Zutroi Zatatakowski
Sent: Tuesday, June 18, 2002 6:58 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort at boot

Ok, a real stupid one. 
I'm running OpenBSD, Snort is alright. 
I thought that adding to /etc/rc:
snort -de -D -A fast -c /var/snort/snort.conf etc. etc.


Don't use a conf file if you put your switches on the command line and
vice versa, makes things easier to mess with in the long run.

would start it at boot time but it doesn't seem so. Is there 
another way to start it automatically after a reboot, or do 
you think it's something else that prevents it from happening?


The "right" place to put this is in /etc/rc.local instead of /etc/rc
(when you upgrade having your site specific stuff in the site specific
places will make merging /etc/ changes much easier), but it will launch
on boot either way if you put this in:

/usr/local/bin/snort -de -D -A fast -c /var/snort/snort.conf

or set the alerting mode to fast in snort.conf and launch like this:

/usr/local/bin/snort -de -c /etc/rules/snort.conf -D

which will load all the options from snort.conf (depending on the
sensor) and daemonize the process.

I think your issue is that you aren't providing the full path to the
snort binary.  By default OpenBSD doesn't put /usr/local/bin and
/usr/local/sbin in root's path.  If you don't want to do this, go to
somewhere that in root's path on boot-up and make a soft link to the
snort binary, add /usr/local/bin to the path, or compile snort directly
into the /usr/bin dir.  I prefer to keep things where they want to be
and just use full pathnames for the cool stuff so that my files and
processes are always in sync with my designs for security.

Thanks,


You're welcome, OpenBSD Snort users have to stick together sorting all
this LINUX-centric documentation out :)


----------------------------------------------------------------------------
                   Bringing you mounds of caffeinated joy
                   >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort at boot Zutroi Zatatakowski (Jun 18)
- Re: Snort at boot Andreas Östling (Jun 18)
- RE: Snort at boot Robert Schwartz (Jun 18)
- <Possible follow-ups>
- RE: Snort at boot McCammon, Keith (Jun 18)