What I usually do for the autosnort scripts is add an entry to rc.local -- rc.local is a script that runs after all of the other init scripts are ran. This is the line I usually put in for snort:
echo "/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i $snort_iface" >> /etc/rc.local
so, to explain what this line is doing:
we're using echo to print this line to the terminal instead of running it
we're calling snort, wherever its installed (my scripts install snort to /usr/local/snort/bin/)
using the -D flag to daemonize it
running it as the snort user and group (-u snort -g snort)
pointing it to snort.conf (-c /usr/local/snort/etc/snort.conf)
and specifying which interface we want snort to run on (-i $snort_iface [snort iface is the snort sniffing interface of your choice, say for instance, eth1])
then we use the append redirection option to redirect the printed outputl to the /etc/rc.local file (>> /etc/rc.local)
if you use different command line options, such as afpacket for inline mode operation or other options, then add those command options or specify running snort however you prefer to run it, just add the line to rc.local and provided snort didn't run across something it did not like in the configuration file or the directives you gave it, it should come up automatically:
ps -ef | grep snort
what to do if it isn't running:
check /var/log/messages or /var/log/syslog.
cat /var/log/[messages or syslog] | grep snort | less -- and look for error messages or warning messages when snort is trying to initialize. the error messages are usually pretty straightforward.
hope this helps,
DA
hi.how can i config my linux backtrack 64bit system to automatically run snort with custom options after boot?
--
when does reality end? when does fantasy begin?