Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Problems stopping snort with start-stop-daemon
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
volumen1
Guru
Guru


Joined: 01 Mar 2003
Posts: 393
Location: Missoula, MT
PostPosted: Tue Apr 05, 2011 2:53 am    Post subject: Problems stopping snort with start-stop-daemon Reply with quote
I have about 50 servers running snort. I'm trying to manage them through puppet and I'm having problems with puppet restarting snort after configuration changes. So, I did some investigation and it looks like the real problem is that the snort initscript is having problems stopping snort. Here's a case in point.

Code:
server ~ # /etc/init.d/snort start
 * Starting snort ...                                                                                         [ ok ]
server ~ # ps aux | grep snort
snort     4633  0.0  3.1  81444 32308 ?        Ssl  20:50   0:00 /usr/bin/snort --nolock-pidfile --pid-path /var/run/snort -D -u snort -i eth0 -c /etc/snort/snort.conf
root      4643  0.0  0.0   1924   596 pts/0    S+   20:50   0:00 grep --colour=auto snort
server ~ # cat /var/run/snort/snort_eth0.pid
4633
server ~ # /etc/init.d/snort stop
 * Stopping snort ...                                                                                         [ ok ]
server ~ # ps aux | grep snort
snort     4633  0.0  3.1  81444 32312 ?        Ssl  20:50   0:00 /usr/bin/snort --nolock-pidfile --pid-path /var/run/snort -D -u snort -i eth0 -c /etc/snort/snort.conf
root      4735  0.0  0.0   1924   596 pts/0    S+   20:51   0:00 grep --colour=auto snort
server ~ # cat /var/run/snort/snort_eth0.pid
4633
server ~ # /etc/init.d/snort start
 * Starting snort ...                                                                                         [ !! ]
server ~ # /etc/init.d/snort zap 
 * Manually resetting snort to stopped state.
server ~ # killall -9 snort
server ~ # /etc/init.d/snort start
 * Starting snort ...                                                                                         [ ok ]
server ~ #


What's even more frustrating is that it works on some of the servers. Why that is frustrating is because these ~50 machines are built from a single VMware server image with only IP and other changes made. So, they are all identical.

Anyway, I'm hoping someone has seen this before?
_________________
I was born with a freakin' dice bag on my belt.
-- www.howsyournetwork.com
Back to top
View user's profile Send private message
volumen1
Guru
Guru


Joined: 01 Mar 2003
Posts: 393
Location: Missoula, MT
PostPosted: Tue Apr 05, 2011 2:43 pm    Post subject: Reply with quote
I think I've solved this now. I modified the initscript to do "ifconfig eth0 down" before it tries to stop snort and that seems to fix it. Not exactly sure why, though.
_________________
I was born with a freakin' dice bag on my belt.
-- www.howsyournetwork.com
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy