Snort3(起動/停止)

動作テスト

    [root]# chown -R snort:snort /usr/local/snort
    [root]# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua
                --plugin-path /usr/local/snort/extra -i eth0 -l /var/log/snort
                -D -u snort -g snort --create-pidfile -k none --warn-all

    [root]# ps aux | grep snort

        snort  943449 ...  /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua
        --plugin-path /usr/local/snort/extra -i eth0 -l /var/log/snort -D -u snort -g snort
        --create-pidfile -k none --warn-all

    [root]# killall snort

起動/停止(systemd)

    ・ユニットファイル記述

    デフォルト設定(dnf, rpm アップグレード時に書き換わる)
    [root]# vim /usr/lib/systemd/system/snortd.service

      [Unit]
      Description=Snort 3 Intrusion Detection and Prevention service
      After=syslog.target network.target

      [Service]
      Type=simple
      ExecStart=/usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua \
                            --plugin-path /usr/local/snort/extra -i eth0 -l /var/log/snort \
                            -D -u snort -g snort --create-pidfile -k none
      ExecReload=/bin/kill -SIGHUP $MAINPID
      User=snort
      Group=snort
      Restart=on-failure
      RestartSec=5s
      CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_IPC_LOCK
      AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW CAP_IPC_LOCK

      [Install]
      WantedBy=multi-user.target

    ユーザー設定(優先される、設定変更はこちらに対して行う)
    [root]# cp -v /usr/lib/systemd/system/snortd.service /etc/systemd/system

    ・ユニットファイル登録/変更時

    [root]# systemctl daemon-reload

    ・起動/停止

    [root]# systemctl { start stop reload-or-restart status } snortd

    ・自動起動/停止

    [root]# systemctl { enable disable } snortd

    ・起動/自動起動を同時に行う

    [root]# systemctl enable --now snortd

    ・停止/自動停止を同時に行う

    [root]# systemctl disable --now snortd

    ・確認

    [root]# ps aux | grep snort
    [root]# systemctl -l status snortd.service