[prev in list] [next in list] [prev in thread] [next in thread]
List: psad-discuss
Subject: Re: [psad-discuss] psad(psadwatchd): restarting psad on localhost
From: Michael Rash <mbr () cipherdyne ! org>
Date: 2014-02-05 5:01:38
Message-ID: CABv+sEc=V1E5XZhYovn-oJb79mv2SAjP+bt-PswbFMGGY=2kDg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Tue, Feb 4, 2014 at 9:36 AM, fddi <fddi@yahoo.com> wrote:
> Thanks Mike,
>
> How was psad installed on your system?
>
> I took the latest src.rpm from the Fedora 20 repo and rebuilt it on RHEL6 - which \
> makes sense that the latest Fedora is using the newer style compared to RHEL6. I \
> bet it would have been a clean install on RHEL7 beta.
>
>
Thanks for sending the init script over. That script looks to be the cause
of the problem I think mainly because it doesn't seems to be written for
upstart. At least, it doesn't use things like "expect fork", "respawn",
etc. Also, it is outdated in that it is creating the psadfifo file and
dealing with kmsgsd - both of which should no longer be used since psad
parses iptables logs directly from whatever file syslog writes them.
I think I should probably install a RHEL VM and write an init script for
upstart running on Red Hat. It may take me a few days to dive into this.
Or, if you are interested in working on this, it would likely be quite
doable - a good path I think would be to reference an existing script for a
different daemon and adapt it to psad...
Thanks,
--Mike
> Here is the init script that is in my RPM.
>
> #!/bin/bash
> #
> # /etc/rc.d/init.d/psad
> #
> # Starts the psad daemon
> #
> # chkconfig: - 95 5
> # description: The Port Scan Attack Detector (psad)
> # processname: psad
> #
> # Return values according to LSB for all commands but status:
> # 0 - success
> # 1 - generic or unspecified error
> # 2 - invalid or excess argument(s)
> # 3 - unimplemented feature (e.g. "reload")
> # 4 - insufficient privilege
> # 5 - program is not installed
> # 6 - program is not configured
> # 7 - program is not running
> #
>
> PATH=/sbin:/bin:/usr/bin:/usr/sbin
> prog="psad"
>
> # Source function library.
> . /etc/init.d/functions
>
> # Allow anyone to run status
> if [ "$1" = "status" ] ; then
> if [ -f /var/run/psad/kmsgsd.pid ]; then
> status /usr/sbin/kmsgsd
> fi
> status /usr/sbin/psadwatchd
> status /usr/sbin/psad
> RETVAL=$?
> exit $RETVAL
> fi
>
> # Check that we are root ... so non-root users stop here
> test $EUID = 0 || exit 4
>
> RETVAL=0
>
> #
> # See how we were called.
> #
>
>
> start() {
> echo -n $"Starting $prog: "
> test -x /usr/sbin/psad || exit 5
> test -f /etc/psad/psad.conf || exit 6
>
> # Check if psad is already running
> if [ ! -f /var/lock/subsys/psad ]; then
> # Create empty fwdata file if it doesn't exist
> /bin/touch /var/log/psad/fwdata
> chown root.root /var/log/psad/fwdata
> chmod 0600 /var/log/psad/fwdata
> # Create fifo if it doesn't exist
> if [ ! -p /var/lib/psad/psadfifo ]; then
> [ -e /var/lib/psad/psadfifo ] && \
> /bin/rm -f /var/lib/psad/psadfifo
> /bin/mknod -m 600 /var/lib/psad/psadfifo p
> fi
> chown root.root /var/lib/psad/psadfifo
> chmod 0600 /var/lib/psad/psadfifo
>
> unset HOME MAIL USER USERNAME
> daemon /usr/sbin/psad
> RETVAL=$?
> echo
> if test $RETVAL = 0 ; then
> touch /var/lock/subsys/psad
> fi
> fi
> return $RETVAL
> }
>
> stop() {
> echo -n $"Stopping $prog: "
> killproc /usr/sbin/psadwatchd
> if [ -f /var/run/psad/kmsgsd.pid ]; then
> killproc /usr/sbin/kmsgsd
> fi
> killproc /usr/sbin/psad
> RETVAL=$?
> [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/psad
> echo
> return $RETVAL
> }
>
>
> restart() {
> stop
> start
> }
>
> reload() {
> test -f /etc/psad/psad.conf || exit 6
> restart
> }
>
> case "$1" in
> start)
> start
> ;;
> stop)
> stop
> ;;
> reload|restart)
> restart
> ;;
> condrestart)
> if [ -f /var/lock/subsys/psad ]; then
> restart
> fi
> ;;
> *)
> echo $"Usage: $0 {start|stop|restart|condrestart|status}"
> RETVAL=3
> esac
>
> exit $RETVAL
>
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>
>
[Attachment #5 (text/html)]
<div dir="ltr"><br><div class="gmail_extra">On Tue, Feb 4, 2014 at 9:36 AM, fddi \
<span dir="ltr"><<a href="mailto:fddi@yahoo.com" \
target="_blank">fddi@yahoo.com</a>></span> wrote:<br><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"> <div><div \
style="font-size:12pt;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida \
Grande,sans-serif"><div>Thanks Mike,</div><div><br></div><pre><div class="im">How was \
psad installed on your system?<br><br></div> I took the latest src.rpm from the \
Fedora 20 repo and rebuilt it on RHEL6 - which makes sense that the latest Fedora is \
using the newer style compared to RHEL6. I bet it would have been a clean install on \
RHEL7 beta.<br> </pre><div \
style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida \
Grande,sans-serif"><br></div></div></div></blockquote><div><br></div><div><br> \
</div><div>Thanks for sending the init script over. That script looks to be the \
cause of the problem I think mainly because it doesn't seems to be written for \
upstart. At least, it doesn't use things like "expect fork", \
"respawn", etc. Also, it is outdated in that it is creating the psadfifo \
file and dealing with kmsgsd - both of which should no longer be used since psad \
parses iptables logs directly from whatever file syslog writes them.</div> \
<div><br></div><div>I think I should probably install a RHEL VM and write an init \
script for upstart running on Red Hat. It may take me a few days to dive into this. \
Or, if you are interested in working on this, it would likely be quite doable - a \
good path I think would be to reference an existing script for a different daemon and \
adapt it to psad...</div> \
<div><br></div><div>Thanks,</div><div><br></div><div>--Mike</div><div><br></div><div><br></div><div><br></div><div> \
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <div><div \
style="font-size:12pt;font-family:HelveticaNeue,Helvetica Neue,Helvetica,Arial,Lucida \
Grande,sans-serif"><div \
style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif"> </div><div \
style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif"> Here is the init script that is \
in my RPM.</div><div> <br></div><div \
style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif">#!/bin/bash<br>#<br># \
/etc/rc.d/init.d/psad<br>#<br> # Starts the psad daemon<br>#<br># chkconfig: - 95 \
5<br># description: The Port Scan Attack Detector (psad)<br># processname: \
psad<br>#<br># Return values according to LSB for all commands but status:<br># 0 - \
success<br> # 1 - generic or unspecified error<br># 2 - invalid or excess \
argument(s)<br># 3 - unimplemented feature (e.g. "reload")<br># 4 - \
insufficient privilege<br># 5 - program is not installed<br># 6 - program is not \
configured<br> # 7 - program is not \
running<br>#<br><br>PATH=/sbin:/bin:/usr/bin:/usr/sbin<br>prog="psad"<br><br># \
Source function library.<br>. /etc/init.d/functions<br><br># Allow anyone to run \
status<br>if [ "$1" = "status" ] ; then<br> if [ -f \
/var/run/psad/kmsgsd.pid ]; then<br> status /usr/sbin/kmsgsd<br> fi<br> \
status /usr/sbin/psadwatchd<br> status /usr/sbin/psad<br> RETVAL=$?<br> \
exit $RETVAL<br>fi<br><br># Check that we are root ... so non-root users stop \
here<br> test $EUID = 0 || exit 4<br><br>RETVAL=0<br><br>#<br># See how we were \
called.<br>#<br><br><br>start() {<br> echo -n $"Starting $prog: "<br> \
test -x /usr/sbin/psad || exit 5<br> test -f /etc/psad/psad.conf || exit 6<br> \
<br> # Check if psad is already running<br> if [ ! -f /var/lock/subsys/psad ]; \
then<br> # Create empty fwdata file if it doesn't exist<br> \
/bin/touch /var/log/psad/fwdata<br> chown root.root /var/log/psad/fwdata<br> \
chmod 0600 /var/log/psad/fwdata<br> # Create fifo if it doesn't exist<br> \
if [ ! -p /var/lib/psad/psadfifo ]; then<br> [ -e /var/lib/psad/psadfifo ] \
&& \<br> /bin/rm -f /var/lib/psad/psadfifo<br> /bin/mknod -m 600 \
/var/lib/psad/psadfifo p<br> fi<br> chown root.root \
/var/lib/psad/psadfifo<br> chmod 0600 /var/lib/psad/psadfifo<br><br> \
unset HOME MAIL USER USERNAME<br> daemon /usr/sbin/psad<br>
RETVAL=$?<br> echo<br> if test $RETVAL = 0 ; then<br> touch \
/var/lock/subsys/psad<br> fi<br> fi<br> return \
$RETVAL<br>}<br><br>stop() {<br> echo -n $"Stopping $prog: "<br> \
killproc /usr/sbin/psadwatchd<br> if [ -f /var/run/psad/kmsgsd.pid ]; then<br> \
killproc /usr/sbin/kmsgsd<br> fi<br> killproc /usr/sbin/psad<br> \
RETVAL=$?<br> [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/psad<br> \
echo<br> return $RETVAL<br> }<br><br><br>restart() {<br> stop<br> \
start<br>} <br><br>reload() {<br> test -f /etc/psad/psad.conf || exit 6<br> \
restart<br>} <br><br>case "$1" in<br>start)<br> start<br> \
;;<br>stop)<br> stop<br> ;;<br>reload|restart)<br> restart<br> \
;;<br>condrestart)<br> if [ -f /var/lock/subsys/psad ]; then<br> restart<br> \
fi<br> ;;<br>*)<br> echo $"Usage: $0 \
{start|stop|restart|condrestart|status}"<br> RETVAL=3<br>esac<br><br>exit \
$RETVAL<br></div><div \
style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida Grande,sans-serif"> <br></div><div \
style="font-style:normal;font-size:16px;background-color:transparent;font-family:HelveticaNeue,Helvetica \
Neue,Helvetica,Arial,Lucida \
Grande,sans-serif"></div></div></div><br>------------------------------------------------------------------------------<br>
Managing the Performance of Cloud-Based Applications<br>
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.<br>
Read the Whitepaper.<br>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk" \
target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk</a><br>_______________________________________________<br>
psad-discuss mailing list<br>
<a href="mailto:psad-discuss@lists.sourceforge.net">psad-discuss@lists.sourceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/psad-discuss" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/psad-discuss</a><br> \
<br></blockquote></div><br></div></div>
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic