snort服务启动脚本
vi /etc/init.d/snort
********************
#!/bin/sh
#
# chkconfig: 2345 98 82
# description: Starts and stops the snort intrusion detection system
#
# config: /etc/snort.conf
# processname: snort
# Source function library
. /etc/rc.d/init.d/functions
BASE=snort
DAEMON="-D"
INTERFACE="-i eth0"
CONF="/etc/snort.conf"
# Check that $BASE exists.
[ -f /usr/local/bin/$BASE ] || exit 0
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
RETVAL=0
# See how we were called.
case "$1" in
start)
if [ -n "`/sbin/pidof $BASE`" ]; then
echo -n $"$BASE: already running"
echo ""
exit $RETVAL
fi
echo -n "Starting snort service: "
/usr/local/bin/$BASE $INTERFACE -c $CONF $DAEMON
sleep 1
action "" /sbin/pidof $BASE
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/snort
;;
stop)
echo -n "Shutting down snort service: "
killproc $BASE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snort
;;
restart|reload)
$0 stop
$0 start
RETVAL=$?
;;
status)
status $BASE
RETVAL=$?
;;
*)
echo "Usage: snort {start|stop|restart|reload|status}"
exit 1
esac
exit $RETVAL
chmod +x /etc/init.d/snort
chkconfig –add snort
* /usr/bin/perl /usr/local/bin/guardian.pl -c /etc/guardian.conf
* 将上一条命令加入 /etc/rc.d/rc.local
至此,完成设置
guardian有时会自动退出,可以使用如下脚本解决:
#!/bin/sh
/usr/local/bin/killguardian
/usr/local/bin/guardian.pl -c /etc/guardian.conf
exit 0
将上述脚本存为restartguardian,放置到/usr/local/bin
同时,crontab -e,加入如下一句:
* */6 * * * /usr/local/bin/restartguardian
意思为:每6小时重新启动guardian
perl -MCPAN -e shell
install Proc::ProcessTable
脚本:killguardian
#!/usr/bin/perl
#杀死当前guardian.pl进程,需要安装perl module Proc::ProcessTable
#访问http://www.cpan.org可以获得上述module
use Proc::ProcessTable;
$t = new Proc::ProcessTable;
foreach $p (@{$t->table})
{
kill 9, $p->pid if $p->cmndline =~ 'guardian.pl';
}
