Hi,
while searching for something else I found this:
Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):
"# Function - killproc [-p pidfile] pathname [signal] # # Purpose: # # Inputs: -p pidfile, uses the specified pidfile # pathname, pathname to the specified program ..."
But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to an error (FAIL) if both 'green0' and 'red0' are enabled and should be both stopped:
... killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd ^^^^^^ ... killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay ^^^^^^^^^ ... killproc -p /var/run/rngd.pid /usr/sbin/rngd ^^^^^ ... killproc -p /var/run/snort_$DEVICE.pid /var/run ^^^^^^^^
IMHO, all these should be changed to "pathname to the specified program" as cited above ('/usr/sbin').
Can anyone please confirm?
Best, Matthias
Hi,
yes indeed.
But is not 100% necessary to pass the -p parameter with the PID file. I just removed that when ever it got difficult to use and did not even add that for new scripts.
But using $DEVICE is definitely wrong in the snort script.
-Michael
On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
Hi,
while searching for something else I found this:
Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):
"# Function - killproc [-p pidfile] pathname [signal] # # Purpose: # # Inputs: -p pidfile, uses the specified pidfile # pathname, pathname to the specified program ..."
But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to an error (FAIL) if both 'green0' and 'red0' are enabled and should be both stopped:
... killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd ^^^^^^ ... killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay ^^^^^^^^^ ... killproc -p /var/run/rngd.pid /usr/sbin/rngd ^^^^^ ... killproc -p /var/run/snort_$DEVICE.pid /var/run ^^^^^^^^
IMHO, all these should be changed to "pathname to the specified program" as cited above ('/usr/sbin').
Can anyone please confirm?
Best, Matthias
Hi,
On 24.04.2017 12:24, Michael Tremer wrote:
Hi,
yes indeed.
But is not 100% necessary to pass the -p parameter with the PID file. I just removed that when ever it got difficult to use and did not even add that for new scripts.
I noticed that. 'killproc' is used in two different ways.
'killproc -p' is only used in four init-scripts (dhcp, dhcrelay, rngd and snort). All other scripts use 'killproc [PROGRAMNAME]', sometimes 'killproc [PATH][PROGRAMNAME].
As I'm not really sure about this: which solution should we prefer?
But using $DEVICE is definitely wrong in the snort script.
Ok - but as far as I can see, this is working?
Improving this would lead to changing the complete 'start'- and 'stop'-section:
Example: ... stop) DEVICES="" if [ -r /var/run/snort_$BLUE_DEV.pid ]; then DEVICES+="$BLUE_DEV " fi if [ -r /var/run/snort_$GREEN_DEV.pid ]; then DEVICES+="$GREEN_DEV " fi
if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then DEVICES+="$ORANGE_DEV " fi
RED=`cat /var/ipfire/red/iface 2>/dev/null` if [ -r /var/run/snort_$RED.pid ]; then DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null` fi
for DEVICE in $DEVICES; do boot_mesg "Stopping Intrusion Detection System on $DEVICE..." killproc -p /var/run/snort_$DEVICE.pid /var/run done ...
The whole thing began because I wanted a 'reload' section for 'snort' for use after automatic rule updates, which seems to work:
... reload) DEVICES="" if [ -r /var/run/snort_$BLUE_DEV.pid ]; then DEVICES+="$BLUE_DEV " fi
if [ -r /var/run/snort_$GREEN_DEV.pid ]; then DEVICES+="$GREEN_DEV " fi
if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then DEVICES+="$ORANGE_DEV " fi
RED=`cat /var/ipfire/red/iface 2>/dev/null` if [ -r /var/run/snort_$RED.pid ]; then DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null` fi
for DEVICE in $DEVICES; do boot_mesg "Reloading Intrusion Detection System on $DEVICE..." /bin/kill -SIGHUP `cat /var/run/snort_$DEVICE.pid` evaluate_retval done ;; ...
Any better solution is welcome... ;-))
Best,
Matthias
-Michael
On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
Hi,
while searching for something else I found this:
Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):
"# Function - killproc [-p pidfile] pathname [signal] # # Purpose: # # Inputs: -p pidfile, uses the specified pidfile # pathname, pathname to the specified program ..."
But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to an error (FAIL) if both 'green0' and 'red0' are enabled and should be both stopped:
... killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd ^^^^^^ ... killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay ^^^^^^^^^ ... killproc -p /var/run/rngd.pid /usr/sbin/rngd ^^^^^ ... killproc -p /var/run/snort_$DEVICE.pid /var/run ^^^^^^^^
IMHO, all these should be changed to "pathname to the specified program" as cited above ('/usr/sbin').
Can anyone please confirm?
Best, Matthias
Hi,
well this looks okay. If you would want to clean this up a little bit more and add some comments, I would accept it as a patch.
Here, it is not an option to call killproc without the PID file since it would kill all running instances of snort at once. We usually always do this anyway though.
-Michael
On Mon, 2017-04-24 at 13:57 +0200, Matthias Fischer wrote:
Hi,
On 24.04.2017 12:24, Michael Tremer wrote:
Hi,
yes indeed.
But is not 100% necessary to pass the -p parameter with the PID file. I just removed that when ever it got difficult to use and did not even add that for new scripts.
I noticed that. 'killproc' is used in two different ways.
'killproc -p' is only used in four init-scripts (dhcp, dhcrelay, rngd and snort). All other scripts use 'killproc [PROGRAMNAME]', sometimes 'killproc [PATH][PROGRAMNAME].
As I'm not really sure about this: which solution should we prefer?
But using $DEVICE is definitely wrong in the snort script.
Ok - but as far as I can see, this is working?
Improving this would lead to changing the complete 'start'- and 'stop'-section:
Example: ... stop) DEVICES="" if [ -r /var/run/snort_$BLUE_DEV.pid ]; then DEVICES+="$BLUE_DEV " fi if [ -r /var/run/snort_$GREEN_DEV.pid ]; then DEVICES+="$GREEN_DEV " fi
if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then DEVICES+="$ORANGE_DEV " fi
RED=`cat /var/ipfire/red/iface 2>/dev/null` if [ -r /var/run/snort_$RED.pid ]; then DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null` fi
for DEVICE in $DEVICES; do boot_mesg "Stopping Intrusion Detection System on $DEVICE..." killproc -p /var/run/snort_$DEVICE.pid /var/run done ...
The whole thing began because I wanted a 'reload' section for 'snort' for use after automatic rule updates, which seems to work:
... reload) DEVICES="" if [ -r /var/run/snort_$BLUE_DEV.pid ]; then DEVICES+="$BLUE_DEV " fi
if [ -r /var/run/snort_$GREEN_DEV.pid ]; then DEVICES+="$GREEN_DEV " fi
if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then DEVICES+="$ORANGE_DEV " fi
RED=`cat /var/ipfire/red/iface 2>/dev/null` if [ -r /var/run/snort_$RED.pid ]; then DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null` fi
for DEVICE in $DEVICES; do boot_mesg "Reloading Intrusion Detection System on $DEVICE..." /bin/kill -SIGHUP `cat /var/run/snort_$DEVICE.pid` evaluate_retval done ;; ...
Any better solution is welcome... ;-))
Best,
Matthias
-Michael
On Sun, 2017-04-23 at 19:20 +0200, Matthias Fischer wrote:
Hi,
while searching for something else I found this:
Usage for the 'killproc'-function in '/etc/init.d/'-files should be (cited):
"# Function - killproc [-p pidfile] pathname [signal] # # Purpose: # # Inputs: -p pidfile, uses the specified pidfile # pathname, pathname to the specified program ..."
But in the 'init'-files for 'dhcp', 'dhcrelay' and 'rndg' there is the PROGRAMname and in 'snort'-file '/var/run' is given. The latter leads to an error (FAIL) if both 'green0' and 'red0' are enabled and should be both stopped:
... killproc -p /var/run/dhcpd.pid /usr/sbin/dhcpd ^^^^^^ ... killproc -p /var/run/dhcrelay.pid /usr/sbin/dhcrelay ^^^^^^^^^ ... killproc -p /var/run/rngd.pid /usr/sbin/rngd ^^^^^ ... killproc -p /var/run/snort_$DEVICE.pid /var/run ^^^^^^^^
IMHO, all these should be changed to "pathname to the specified program" as cited above ('/usr/sbin').
Can anyone please confirm?
Best, Matthias
-
Matthias Fischer -
Michael Tremer