Thanks for Help with Startup Scripts

Thanks to @sevanjaniyan and @cperciva for helping with my FreeBSD startup script issue. By removing the ${barnyard2_flags} argument from the command_args section I was able to start barnyard2 properly:

root 45842 54.9 0.5 18572 11116 ?? Ss 7:15PM 0:00.00
/usr/local/bin/barnyard2 -D -U -d /nsm/r200a -f snort.unified2
-c /usr/local/etc/nsm/barnyard2.conf

In other words, the script has this now:

. /etc/rc.subr

name="barnyard2"
load_rc_config $name
rcvar=`set_rcvar`
# set some defaults
: ${barnyard2_enable="NO"}
: ${barnyard2_conf="/usr/local/etc/barnyard2.conf"}
: ${barnyard2_flags="-D"}

command="/usr/local/bin/barnyard2"
command_args="-c ${barnyard2_conf}"

run_rc_command "$1"

I made changes to some other startup scripts and needed to commit them via Git. I did it this way.

richard@macmini:~/taosecurity_freebsd_sguil$ git status
# On branch master
# Changes to be committed:
# (use "git reset HEAD ..." to unstage)
#
# new file: pcap_agent
# new file: sancp_agent
# new file: sguild
# new file: snort_agent
#

richard@macmini:~/taosecurity_freebsd_sguil$ git add pcap_agent sancp_agent sguild snort_agent

richard@macmini:~/taosecurity_freebsd_sguil$ git commit -am "Added new startup scripts."
Created commit 296687e: Added new startup scripts.
4 files changed, 145 insertions(+), 0 deletions(-)
create mode 100755 pcap_agent
create mode 100755 sancp_agent
create mode 100755 sguild
create mode 100755 snort_agent

richard@macmini:~/taosecurity_freebsd_sguil$ git push origin master
taosecurity@taosecurity.git.sourceforge.net's password:
Counting objects: 7, done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 1.89 KiB, done.
Total 6 (delta 3), reused 0 (delta 0)
To ssh://taosecurity@taosecurity.git.sourceforge.net/gitroot/taosecurity/taosecurity
9cad54a..296687e master -> master

Thanks again for your help!

Now I'm watching commits to https://github.com/firnsy/barnyard2 to see if Barnyard2 is updated to work with the new Snort event types that kills it.

Comments

wxs said…
If you have a PR number I can make sure it gets committed.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics