[Snort-users] snort/Barnyard startup script

Patrick S. Harper patrick at ...4250...
Wed Jul 7 03:48:06 EDT 2004


There is a file called S99snort in the contrib dir where you uncompressed
the snort source files.  Copy that to /etc/init.d and create a symlink in
the run levels you want to run it in.  For barnyard I just modified the
snort init script, or you can just put it in rc.local (it would be better to
use a script though) 




Patrick S. Harper | CISSP RHCT MCSE
www.internetsecurityguru.com

www.ntsug.org - Snort Users Group

"If there is no light at the end of the tunnel, get down there and light the
damn thing yourself!"
 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mike Cohen
Sent: Tuesday, July 06, 2004 9:34 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] snort/Barnyard startup script

Hello, 

Im fairly new to LInux, and have been tasked with building a snort sensor
for our network.

I have Suse 9 , snort 2.12 with  Barnyard 0.2.0 and mysql up and running. 

None of the services (apache/mysql/barnyard/snort) are running when I start
the server.

I see that I can add apache and mysql to the various runlevels using Yast,
but Im not quite sure how exactly to script the startup of snort and
barnyard.

Ive seen references to snortd, but I cant seem to find any definitive
references to make snort a Daemon, other than the command line switch which
would mean Id have to have it in a script somewhere.

I have no experience with startup scripting of any kind other than dumping
one liners in rc.local.

I see that startup scripts would go in the appropriate runlevel folder, but
is a startup script as simple as just typing in the  snort start command
with the proper switches, saving it a s afile and dumping it in the right
rc.3, and
rc.5 directories? From what I can gather there is more to it, and it looks
like it involves some C coding (which I dont know).

Can somone point me to the right direction? all the books mention using some
runlevel editor tool, but that doesnt seem to apply to snort, since its not
a distro installed service.

any help or insight appreciated.
thanks.

Mike C.


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self
defense, top technical experts, no vendor pitches, unmatched networking
opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004
 





More information about the Snort-users mailing list