[Snort-users] Snort at boot

Robert Schwartz robert at ...5775...
Tue Jun 18 22:36:02 EDT 2002

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net 
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of 
> Zutroi Zatatakowski
> Sent: Tuesday, June 18, 2002 6:58 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort at boot
> Ok, a real stupid one. 
> I'm running OpenBSD, Snort is alright. 
> I thought that adding to /etc/rc:
> snort -de -D -A fast -c /var/snort/snort.conf etc. etc.

Don't use a conf file if you put your switches on the command line and
vice versa, makes things easier to mess with in the long run.

> would start it at boot time but it doesn't seem so. Is there 
> another way to start it automatically after a reboot, or do 
> you think it's something else that prevents it from happening?

The "right" place to put this is in /etc/rc.local instead of /etc/rc
(when you upgrade having your site specific stuff in the site specific
places will make merging /etc/ changes much easier), but it will launch
on boot either way if you put this in:

/usr/local/bin/snort -de -D -A fast -c /var/snort/snort.conf

or set the alerting mode to fast in snort.conf and launch like this:

/usr/local/bin/snort -de -c /etc/rules/snort.conf -D

which will load all the options from snort.conf (depending on the
sensor) and daemonize the process.

I think your issue is that you aren't providing the full path to the
snort binary.  By default OpenBSD doesn't put /usr/local/bin and
/usr/local/sbin in root's path.  If you don't want to do this, go to
somewhere that in root's path on boot-up and make a soft link to the
snort binary, add /usr/local/bin to the path, or compile snort directly
into the /usr/bin dir.  I prefer to keep things where they want to be
and just use full pathnames for the cool stuff so that my files and
processes are always in sync with my designs for security.

> Thanks,

You're welcome, OpenBSD Snort users have to stick together sorting all
this LINUX-centric documentation out :)

More information about the Snort-users mailing list