On Tue, Feb 4, 2014 at 9:36 AM, fddi <f...@yahoo.com> wrote:

> Thanks Mike,
>
> How was psad installed on your system?
>
> I took the latest src.rpm from the Fedora 20 repo and rebuilt it on RHEL6 - 
> which makes sense that the latest Fedora is using the newer style compared to 
> RHEL6.  I bet it would have been a clean install on RHEL7 beta.
>
>
>

Thanks for sending the init script over.  That script looks to be the cause
of the problem I think mainly because it doesn't seems to be written for
upstart.  At least, it doesn't use things like "expect fork", "respawn",
etc.  Also, it is outdated in that it is creating the psadfifo file and
dealing with kmsgsd - both of which should no longer be used since psad
parses iptables logs directly from whatever file syslog writes them.

I think I should probably install a RHEL VM and write an init script for
upstart running on Red Hat.  It may take me a few days to dive into this.
 Or, if you are interested in working on this, it would likely be quite
doable - a good path I think would be to reference an existing script for a
different daemon and adapt it to psad...

Thanks,

--Mike





>      Here is the init script that is in my RPM.
>
> #!/bin/bash
> #
> #   /etc/rc.d/init.d/psad
> #
> # Starts the psad daemon
> #
> # chkconfig: - 95 5
> # description: The Port Scan Attack Detector (psad)
> # processname: psad
> #
> # Return values according to LSB for all commands but status:
> # 0 - success
> # 1 - generic or unspecified error
> # 2 - invalid or excess argument(s)
> # 3 - unimplemented feature (e.g. "reload")
> # 4 - insufficient privilege
> # 5 - program is not installed
> # 6 - program is not configured
> # 7 - program is not running
> #
>
> PATH=/sbin:/bin:/usr/bin:/usr/sbin
> prog="psad"
>
> # Source function library.
> . /etc/init.d/functions
>
> # Allow anyone to run status
> if [ "$1" = "status" ] ; then
>     if [ -f /var/run/psad/kmsgsd.pid ]; then
>          status /usr/sbin/kmsgsd
>     fi
>      status /usr/sbin/psadwatchd
>      status /usr/sbin/psad
>     RETVAL=$?
>     exit $RETVAL
> fi
>
> # Check that we are root ... so non-root users stop here
> test $EUID = 0  ||  exit 4
>
> RETVAL=0
>
> #
> #   See how we were called.
> #
>
>
> start() {
>     echo -n $"Starting $prog: "
>     test -x /usr/sbin/psad || exit 5
>     test -f /etc/psad/psad.conf  || exit 6
>
>     # Check if psad is already running
>     if [ ! -f /var/lock/subsys/psad ]; then
>         # Create empty fwdata file if it doesn't exist
>         /bin/touch /var/log/psad/fwdata
>         chown root.root /var/log/psad/fwdata
>         chmod 0600 /var/log/psad/fwdata
>         # Create fifo if it doesn't exist
>         if [ ! -p /var/lib/psad/psadfifo ]; then
>         [ -e /var/lib/psad/psadfifo ] && \
>             /bin/rm -f /var/lib/psad/psadfifo
>             /bin/mknod -m 600 /var/lib/psad/psadfifo p
>         fi
>         chown root.root /var/lib/psad/psadfifo
>         chmod 0600 /var/lib/psad/psadfifo
>
>         unset HOME MAIL USER USERNAME
>         daemon /usr/sbin/psad
>         RETVAL=$?
>         echo
>         if test $RETVAL = 0 ; then
>         touch /var/lock/subsys/psad
>         fi
>     fi
>     return $RETVAL
> }
>
> stop() {
>     echo -n $"Stopping $prog: "
>     killproc /usr/sbin/psadwatchd
>     if [ -f /var/run/psad/kmsgsd.pid ]; then
>         killproc /usr/sbin/kmsgsd
>     fi
>     killproc /usr/sbin/psad
>     RETVAL=$?
>     [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/psad
>     echo
>         return $RETVAL
> }
>
>
> restart() {
>     stop
>     start
> }
>
> reload() {
>     test -f /etc/psad/psad.conf  || exit 6
>     restart
> }
>
> case "$1" in
> start)
>     start
>     ;;
> stop)
>     stop
>     ;;
> reload|restart)
>     restart
>     ;;
> condrestart)
>     if [ -f /var/lock/subsys/psad ]; then
>         restart
>     fi
>     ;;
> *)
>     echo $"Usage: $0 {start|stop|restart|condrestart|status}"
>     RETVAL=3
> esac
>
> exit $RETVAL
>
>
>
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>
>
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to