Permalink
Browse files

Correct snort.sh portion of file so it correctly starts/stops existin…

…g Snort instances. See forums: http://forum.pfsense.org/index.php/topic,50758.15.html, reply #27.
  • Loading branch information...
uversy committed Jul 4, 2012
1 parent 7ff118d commit 0b645adba976737cf0ae4bc211e35a1084c0c8f7
Showing with 23 additions and 25 deletions.
  1. +23 −25 config/snort/snort.inc
View
@@ -871,37 +871,31 @@ function create_snort_sh() {
###### For Each Iface
-#### Fake start only used on bootup and Pfsense IP changes
-#### Only try to restart if snort is running on Iface
-if [ "`/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`" = "0" ]; then
- #### Restart Iface
- /bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort Soft Reload For {$snort_uuid}_{$if_real}..."
-else
- # Start snort and barnyard2
- /bin/rm {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid
-
- /usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
- $start_barnyard2
+# Start snort and barnyard2
+/usr/local/bin/snort -R {$snort_uuid} -D -q -l /var/log/snort/snort_{$if_real}{$snort_uuid} --pid-path {$g['varrun_path']} --nolock-pidfile -G {$snort_uuid} -c /usr/local/etc/snort/snort_{$snort_uuid}_{$if_real}/snort.conf -i {$if_real}
+$start_barnyard2
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..."
-fi
+/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD START For {$snort_uuid}_{$if_real}..."
EOE;
-
$start_snort_iface_stop[] = <<<EOF
-if [ "`/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid`" = "0" ]; then
- /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
-
- /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
- sleep 1
- if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
- /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
- /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
+if [ -e {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+ if [ `/bin/pgrep -nF {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid` -gt 3 ]; then
+ /usr/bin/logger -p daemon.info -i -t SnortStartup "Snort HARD STOP For {$snort_uuid}_{$if_real}..."
+
+ /bin/pkill -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a
+ sleep 1
+ if [ -f {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid ]; then
+ /bin/pkill -F {$g['varrun_path']}/barnyard2_{$if_real}{$snort_uuid}.pid -a
+ /bin/rm /var/run/barnyard2_{$if_real}{$snort_uuid}.pid
+ fi
+
+ # Delete pid file, just in case pkill didn't do the job.
+ if [ -e {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid ]; then
+ /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
+ fi
fi
-
- /bin/rm /var/run/snort_{$if_real}{$snort_uuid}.pid
fi
EOF;
@@ -919,6 +913,9 @@ EOF;
######## Begining of Main snort.sh
rc_start() {
+# Kill running instances before restarting them or, if system startup,
+# handle the issue with snort starting an instance twice.
+rc_stop
{$rc_start}
}
@@ -934,6 +931,7 @@ case $1 in
rc_stop
;;
restart)
+ # rc_start handles both stopping and starting of snort.
rc_start
;;
esac

1 comment on commit 0b645ad

@uversy

This comment has been minimized.

Show comment
Hide comment
@uversy

uversy Jul 4, 2012

Owner

Whomever handles this pull request, please at the very least test the code before rejecting these changes. I'm 100% certain it fixes the issue with snort.sh not killing existing instances, but successfully starting new instances. The existing code does not stop this problem that is affecting, well, everybody.

Thank you.

Owner

uversy commented on 0b645ad Jul 4, 2012

Whomever handles this pull request, please at the very least test the code before rejecting these changes. I'm 100% certain it fixes the issue with snort.sh not killing existing instances, but successfully starting new instances. The existing code does not stop this problem that is affecting, well, everybody.

Thank you.

Please sign in to comment.