[Snort-devel] [Snort-users] Trying to develop a systemd snort script, running into errors removing/creating pid files
deusexmachina667 at ...2499...
Thu Oct 23 10:29:08 EDT 2014
I don't want to make assumptions, but it most assuredly looks like it. I
was a little late to those whole systemd thing and I'm trying to embrace
change, but damned if they aren't making it hard. Worst-case scenario: I
have a working init script and centOS 7 still supports chkconfig, I can use
that, but want to try and keep the solution within systemd, in case they go
nuts and nuke all remnants of sys V init in the future.
On Thu, Oct 23, 2014 at 10:08 AM, Shirkdog <shirkdog at ...2499...> wrote:
> Wait...are you saying systemd is not working? :)
> Michael Shirk
> On Thu, Oct 23, 2014 at 10:00 AM, Tony Robinson
> <deusexmachina667 at ...2499...> wrote:
> > Hello There,
> > I'm working on an update for autosnort and I figured it was high past
> > for me to stop half-assing boot persistence for Snort via rc.local and
> > actual init scripts or similar.
> > So here I am, trying to make a systemd script. The goals are to bring up
> > network interface in promisc mode, start snort, and start barnyard2. The
> > script does that. Rather well. Probably not the way systemd devs want
> one to
> > do it... but we'll cross that bridge later.
> > My problem comes when I try to kill snort or barnyard2. The kill command
> > works, but there's errors in the logs:
> > Oct 23 09:38:10 localhost snort: Could not remove pid file
> > /var/run//snort_ens33.pid: Permission denied
> > Oct 23 09:38:10 localhost snort: Snort exiting
> > Barnyard2 doesn't seem to care that it can't remove the pid file and
> > fine, I suppose, because restarting Snort/Barnyard2 seem to work fine:
> > Oct 23 09:45:38 localhost snort: Checking PID path...
> > Oct 23 09:45:38 localhost snort: PID path stat checked out ok, PID
> > path set to /var/run/
> > Oct 23 09:45:38 localhost snort: Writing PID "2912" to file
> > "/var/run//snort_ens33.pid"
> > Oct 23 09:45:43 localhost barnyard2: PID path stat checked out ok,
> > path set to /var/run/
> > Oct 23 09:45:43 localhost barnyard2: Writing PID "2915" to file
> > "/var/run//barnyard2_ens33.pid"
> > Here are the options I use to start snort:
> > snort -D -u snort -g snort -c /opt/snort/etc/snort.conf -i ens33
> > Here are the options I use to start barnyard2:
> > barnyard2 -c /opt/snort/etc/barnyard2.conf -d /var/log/snort -f snort.u2
> > /var/log/snort/barnyard2.waldo -D
> > I know a lot of stuff changed in centOS 7. I noticed that one of them was
> > that /var/run is now a symlink to /run. What would cause Snort/BY2 to
> > permissions to follow the pid file and write their pids, but then not
> > permissions to remove the pid file after execution has stopped?
> > I've attached the systemd script I wrote as well.
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > Please visit http://blog.snort.org to stay current on all the latest
> > news!
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel