[Snort-users] Ubuntu 8 /etc/rc.local issue

Ams ams.sec at ...11827...
Fri Aug 7 17:01:05 EDT 2009


 I should be able to run 2 instances of Snort (one for each interface) and
Barnyard in Daemon mode? Is that correct? Thanks for your time.

On Fri, Aug 7, 2009 at 3:31 PM, Michael Boman <michael.boman at ...11827...>wrote:

> Run snort in daemon mode, your system is still waiting for the snort
> process to complete.
>
> Best regards
> Michael Boman
>
>
> On Fri, Aug 7, 2009 at 22:10, Ams <ams.sec at ...11827...> wrote:
>
>> Hi Guys,
>>
>> I am trying to run snort at boot time automatically. Using Ubuntu 8-
>> Snort, barnyard compiled from source, 3 interfaces in total- 2 interfaces
>> for NIDS and 1 for management. I edited the /etc/rc.local file and added the
>> following lines:
>>
>> *Contents of /etc/rc.local*
>> ------------------------------------------------------------------
>> ifconfig eth0 up promisc
>> /usr/local/bin/snort -c /etc/snort.conf -i eth0
>> sudo /usr/local/bin/barnyard2 -c /etc/snort/barn2.conf -G
>> /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort -f
>> snort.log -w /var/log/snort/barnyard.waldo
>>
>> ifconfig eth1 up promisc
>> /usr/local/bin/snort -c /etc/snort.conf -i eth1
>> sudo /usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -G
>> /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -d /var/log/snort -f
>> snort.log -w /var/log/snort/barnyard.waldo
>> ------------------------------------------------------------------------
>>
>> When I do ps -aux|grep snort on startup, all I see running is
>> /usr/local/bin/snort -c /etc/snort.conf -i eth0. Why didn't the remaining
>> commands execute? Will appreciate your input. Thanks a bunch.
>>
>> Ams
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>> 30-Day
>> trial. Simplify your report design, integration and deployment - and focus
>> on
>> what you do best, core application coding. Discover what's new with
>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
>
> --
> http://michaelboman.org - Security Blog & Wiki
>



-- 
Amit Bakhshi
Associate of (ISC)2 in CISSP, GPEN, GCIH, GWAS, GSEC, GISF, SSP-GHD, MCP,
SCJA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090807/2ee56ad8/attachment.html>


More information about the Snort-users mailing list