LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-17-2004, 08:03 PM   #1
hari_seldon99
Member
 
Registered: Jun 2003
Location: Front of PC
Distribution: Linux Mandrake
Posts: 212

Rep: Reputation: 30
reconfigure snort daemon startup script


Hi,


I just installed snort from RPM in Mandrake 10.0. The startup script in /etc/rc.d/init.d starts snort & instructs it to log to /var/log/snort/alert. However, I need for it to log violations in /var/log/messages. Now, how do I edit the snortd file so that it may do so? I'm afraid I know next to nothing about building unix shell scripts (beyond the obvious, that is). Please do advise me on how to do that, or point me to a howto that might help ( the howto's in snort.org do not have this). Maybe it's something trivial, but I do not want to risk misconfiguring the script.

Please do advise.

For reference, the /etc/rc.d/init.d/snorts is provided below:


*********************************************************************************************
#!/bin/sh
# $Id: snortd,v 1.3 2003/12/12 02:05:51 cazz Exp $
# snortd Start/Stop the snort IDS daemon.
# chkconfig: 2345 40 60
# description: snort is a lightweight network intrusion detection tool that \
# currently detects more than 1100 host and network \
# vulnerabilities, portscans, backdoors, and more.
#
# Source function library.
. /etc/rc.d/init.d/functions
# Source the local configuration file
. /etc/sysconfig/snort
# Convert the /etc/sysconfig/snort settings to something snort can
# use on the startup line.
if [ "$ALERTMODE"X = "X" ]; then
ALERTMODE=""
else
ALERTMODE="-A $ALERTMODE"
fi

if [ "$USER"X = "X" ]; then
USER="snort"
fi

if [ "$GROUP"X = "X" ]; then
GROUP="snort"
fi

if [ "$BINARY_LOG"X = "1X" ]; then
BINARY_LOG="-b"
else
BINARY_LOG=""
fi

if [ "$CONF"X = "X" ]; then
CONF="-c /etc/snort/snort.conf"
else
CONF="-c $CONF"
fi

if [ "$INTERFACE"X = "X" ]; then
INTERFACE="-i eth0"
else
INTERFACE="-i $INTERFACE"
fi

if [ "$DUMP_APP"X = "1X" ]; then
DUMP_APP="-d"
else
DUMP_APP=""
fi

if [ "$NO_PACKET_LOG"X = "1X" ]; then
NO_PACKET_LOG="-N"
else
NO_PACKET_LOG=""
fi

if [ "$PRINT_INTERFACE"X = "1X" ]; then
PRINT_INTERFACE="-I"
else
PRINT_INTERFACE=""
fi

if [ "$PASS_FIRST"X = "1X" ]; then
PASS_FIRST="-o"
else
PASS_FIRST=""
fi

if [ "$LOGDIR"X = "X" ]; then
LOGDIR=/var/log/snort
fi

######################################
# Now to the real heart of the matter:
# See how we were called.
case "$1" in
start)
echo -n "Starting snort: "
cd $LOGDIR
if [ "$INTERFACE" = "-i ALL" ]; then
for i in `cd /proc/sys/net/ipv4/conf; ls -d eth* |sed s/"\/"//g`
do
mkdir -p "$LOGDIR/$i"
chown -R snort:snort $LOGDIR
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST
done
else
daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST
fi
touch /var/lock/subsys/snort
echo
;;
stop)
echo -n "Stopping snort: "
killproc snort
rm -f /var/lock/subsys/snort
echo
;;
reload)
echo "Sorry, not implemented yet"
;;
restart)
$0 stop
$0 start
;;
status)
status snort
;;
*)
echo "Usage: $0 {start|stop|reload|restart|status}"
exit 2
esac

exit 0
 
Old 05-18-2004, 01:40 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,260
Blog Entries: 54

Rep: Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841Reputation: 2841
I need for it to log violations in /var/log/messages.
Check Snort manual for syslog logging, check "man syslog.conf" for facility/priority, then either edit snort.conf and add the syslog statement or edit syslog.conf and add snort's facility (0-9) to log to syslog's messages file.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems in running a script as a daemon at startup fahad26 Programming 5 03-07-2012 07:24 AM
Snort daemon havelino Linux - Security 3 02-03-2005 05:12 AM
how can I get/make a proper squid daemon startup script for boot time binkybuckle Debian 0 07-05-2003 07:58 PM
syslog startup daemon script jpflager Linux - Software 6 03-05-2003 12:59 PM
I want to start Snort as a service/daemon Olusegun Linux - Software 3 10-15-2002 10:35 AM


All times are GMT -5. The time now is 07:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration