Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Script Question

From: Marty Smith <marty.smith () bankevb com>
Date: Thu, 23 Jul 2015 19:58:25 +0000
Hello,

I am pretty new to the Snort platform, I have recently set up a server on a VM running Debian 8.0 and I am running 
Snort v2.9.7.3.  The install went fairly well except for writing the script to get it to start as a service.  It would 
not start correctly using it.  Here is the beginning of the file that I found:

### BEGIN INIT INFO
# Provides: snortbarn
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# X-Interactive: true
# Short-Description: Start Snort and Barnyard
### END INIT INFO
. /lib/init/vars.sh
. /lib/lsb/init-functions
mysqld_get_param() {
/usr/sbin/mysqld --print-defaults | tr " " "\n" | grep -- "--$1" | tail -n 1 | cut -d= -f2
}
do_start()
{
log_daemon_msg "Starting Snort and Barnyard" ""
# Make sure mysql has finished starting
ps_alive=0
while [ $ps_alive -lt 1 ];
do
pidfile=`mysqld_get_param pid-file`
if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi
sleep 1
done

The problem was with the line

if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi

My server did not recognize the -f argument before the "$pidfile" variable.  I removed the -f argument from the script 
and the snort and barnyard2 services loaded.  My question is what does the -f argument do in this case?  Is there a 
reason that it was not recognized that I can correct by loading a dependency or something similar? I have also seen 
similar scripts use the -e argument, what does that do?  I am just trying to understand things better so that I can 
reapply them correctly in the future.

Many thanks in advance for any help here.

Thanks,

Marty

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: