[Snort-users] Snort Startup Script

dogbert at ...11664... dogbert at ...11664...
Mon Apr 18 15:26:59 EDT 2005


Hi All,

   Ran into a interesting problem.  I'm using the standard snort startup script 
to start and stop Snort (no problems), but apparently, there isn't any limit on 
the number of times where you can actually start snort (which can be kind of 
goofy), so this is what I have done to limit that:

#!/bin/bash
# $Id: S99snort,v 1.1 2001/12/18 22:14:37 cazz Exp $
# /etc/init.d/snort : start or stop the SNORT Intrusion Database System
#
# Written by Lukasz Szmit <ptashek at ...8563...>
#
# Configuration

# set config file & path to snort executable
SNORT_PATH=/usr/local/bin
#CONFIG=/usr/local/share/snort/snort.conf
CONFIG=/usr/local/etc/snort.conf

# set interface
IFACE=eth1

# set GID/Group Name
SNORT_GID=nobody

# other options
OPTIONS="-D -b"

# End of configuration


test -x $SNORT_PATH/snort || exit 0

# is snort already running, if so, exit...

case "$1" in
     start)

# check to see if snort is already running, if so, exit...

        if [ -e /var/run/snort* ]; then
            echo Snort already running...exiting...
            exit 0
        fi
#
        echo "Starting Intrusion Database System: SNORT"
        $SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID $OPTIONS
        if [ "`pidof $SNORT_PATH/snort`" ]; then
                echo "SNORT is up and running!"
        else
                exit 0
        fi
        echo -n "."
        ;;

I only posted up thru the start) section, but my question becomes, is this the 
correct way to determine if snort is already running, or do other readers have 
a better idea or way to do this?

Bill





More information about the Snort-users mailing list