Spawnzao

Criando um Script de Inicialização do Barnyard2 para o SystemD / SystemD service file (continuação)

Por em 19/08/2014 - 2,544 views

Bom pessoal,

Quem seguiu até o último tutorial deve ter percebido que o script de inicialização do Barnyard2 fica no diretório /etc/init.d/, como o CentOS 7 está descontinuando essa forma de trabalho, o script está dando alguns erros, mas mesmo assim o barnyard2 é iniciado. Entretanto, podemos abandonar esse script de inicialização e criarmos um novo script para iniciarmos o Barnyard2 com o SystemD e já utilizarmos algumas melhorias que a ferramenta oferece, como por exemplo: dependência do serviço do Mysql (MariaDB) e reinicialização automática caso o serviço pare de funcionar. ;D

Vamos apagar o nosso antigo script de inicialização:


rm -rf /etc/init.d/barnyard2

Vamos alterar o arquivo /etc/sysconfig/barnyard, para adicionar mais variáveis para a execução do Barnyard2:

# Config file for /etc/init.d/barnyard2
LOG_FILE=”alert.log”

# You probably don’t want to change this, but in case you do
SNORTDIR=”/var/log/snort”
INTERFACES=”eth1″

# Probably not this either
CONF=/etc/snort/barnyard.conf

PIDFILE=”/var/lock/subsys/barnyard2.pid”
ARCHIVEDIR=”/var/log/snort/archive”
WALDO_FILE=”/var/log/snort/barnyard2.waldo”

EXTRA_ARGS=”-u snort -g snort”

Agora vamos criar o nosso script de inicialização para o SystemD, execute:


vim /usr/lib/systemd/system/barnyard2.service

Adicione o seguinte conteúdo:

[Unit]
Description=Snort Output Processor
After=mariadb.service

[Service]
Type=simple
Restart=always
User=snort
Group=snort
EnvironmentFile=-/etc/sysconfig/barnyard2
ExecStart=/usr/bin/barnyard2 -c $CONF -d $SNORTDIR -w $WALDO_FILE -l $SNORTDIR -a $ARCHIVEDIR -f $LOG_FILE
KillMode=process

[Install]
WantedBy=multi-user.target

Agora vamos iniciar o Barnyard2, para isso execute:


systemctl start barnyard2.service

Agora vamos verificar se o nosso Barnyard2 está funcionando perfeitamente, para isso execute:


systemctl status barnyard2.service

barnyard2.service – Snort Output Processor
Loaded: loaded (/usr/lib/systemd/system/barnyard2.service; disabled)
Active: active (running) since Ter 2014-08-19 09:04:01 BRT; 1min 17s ago
Main PID: 4109 (barnyard2)
CGroup: /system.slice/barnyard2.service
ââ4109 /usr/bin/barnyard2 -c /etc/snort/barnyard.conf -d /var/log/snort -w /var/log/snort/barnyard2.waldo -l /var/log/snort -a /var/log/snort/archive -f alert.log

Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: / ,,_ \ Version 2.1.13 (Build 327)
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: |o” )~| By Ian Firns (SecurixLive): http://www.securixlive.com/
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: + ”” + (C) Copyright 2008-2013 Ian Firns
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: Using waldo file ‘/var/log/snort/barnyard2.waldo’:
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: spool directory = /var/log/snort
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: spool filebase = alert.log
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: time_stamp = 1408308299
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: record_idx = 1479416
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: Opened spool file ‘/var/log/snort/alert.log.1408308299’
Ago 19 09:05:17 snort.local.seweb.corp barnyard2[4109]: Waiting for new data

Como podemos perceber no log, o nosso serviço está carregado mas desabilitado, por isso vamos habilitá-lo:


systemctl enable barnyard2.service

Vamos testar para verificar se o serviço agora está habilitado:


systemctl status barnyard2.service

barnyard2.service – Snort Output Processor
Loaded: loaded (/usr/lib/systemd/system/barnyard2.service; enabled)
Active: active (running) since Ter 2014-08-19 09:04:01 BRT; 18min ago
Main PID: 4109 (barnyard2)
CGroup: /system.slice/barnyard2.service
ââ4109 /usr/bin/barnyard2 -c /etc/snort/barnyard.conf -d /var/log/snort -w /var/log/snort/barnyard2.waldo -l /var/log/snort -a /var/log/snort/archive -f alert.log

Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: / ,,_ \ Version 2.1.13 (Build 327)
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: |o” )~| By Ian Firns (SecurixLive): http://www.securixlive.com/
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: + ”” + (C) Copyright 2008-2013 Ian Firns
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: Using waldo file ‘/var/log/snort/barnyard2.waldo’:
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: spool directory = /var/log/snort
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: spool filebase = alert.log
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: time_stamp = 1408308299
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: record_idx = 1479416
Ago 19 09:04:47 snort.local.seweb.corp barnyard2[4109]: Opened spool file ‘/var/log/snort/alert.log.1408308299’
Ago 19 09:05:17 snort.local.seweb.corp barnyard2[4109]: Waiting for new data

Agora temos o Barnyard2 rodando redondo com o SystemD, o novo gerenciador de serviços do CentOS 7.

Até o próximo pessoal.

:, , , , , , , , , , , , , , ,
1 comment for this entry:
  1. Willians

    Hola Felipe, encontre tu blog y me parecio interesante porque tengo un inconveniente con el servicio de Barnyard2, el cual me arroja un error al iniciar incluisive con el systemctl, podrias ayudarme con esto.

    Active: failed (Result: start-limit) since mar 2014-12-23 14:37:06 PYST; 6s ago
    Process: 11418 ExecStart=/usr/bin/barnyard2 -c $CONF -d $SNORTDIR -f $LOG_FILE -w $WALDO_FILE -D (code=exited, status=203/EXEC)
    Main PID: 11418 (code=exited, status=203/EXEC)

    barnyard2.service: main process exited, code=exited, status=203/EXEC
    Unit barnyard2.service entered failed state.
    barnyard2.service holdoff time over, scheduling restart.
    Stopping Snort Output Processor…
    Starting Snort Output Processor…
    barnyard2.service start request repeated too quickly, refusing to start.
    Failed to start Snort Output Processor.
    Unit barnyard2.service entered failed state.

Leave a Reply

Licença

Creative Commons License

Techs

 Blog Tool, Publishing Platform, and CMS
Powered by PHP
Powered by MySQL
Mozilla Foundation
hacker emblem
Mozilla Foundation
Open Source Initiative
Creative Commons