snort服務啟動腳本
vi /etc/init.d/snort
********************
#!/bin/sh
#
# chkconfig: 2345 98 82
# description: Starts and stops the snort intrusion detection system
# config: /etc/snort.conf
# processname: snort
# Source function library
. /etc/rc.d/init.d/functions
BASE=snort
DAEMON="-D"
INTERFACE="-i eth0"
CONF="/etc/snort.conf"
# Check that $BASE exists.
[ -f /usr/local/bin/$BASE ] || exit 0
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
RETVAL=0
# See how we were called.
case "$1" in
start)
if [ -n "`/sbin/pidof $BASE`" ]; then
echo -n $"$BASE: already running"
echo ""
exit $RETVAL
fi
echo -n "Starting snort service: "
/usr/local/bin/$BASE $INTERFACE -c $CONF $DAEMON
sleep 1
action "" /sbin/pidof $BASE
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/snort
;;
stop)
echo -n "Shutting down snort service: "
killproc $BASE
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snort
restart|reload)
$0 stop
$0 start
status)
status $BASE
*)
echo "Usage: snort {start|stop|restart|reload|status}"
exit 1
esac
exit $RETVAL
chmod +x /etc/init.d/snort
chkconfig –add snort
* /usr/bin/perl /usr/local/bin/guardian.pl -c /etc/guardian.conf
* 将上一條指令加入 /etc/rc.d/rc.local
至此,完成設定
guardian有時會自動退出,可以使用如下腳本解決:
/usr/local/bin/killguardian
/usr/local/bin/guardian.pl -c /etc/guardian.conf
exit 0
将上述腳本存為restartguardian,放置到/usr/local/bin
同時,crontab -e,加入如下一句:
* */6 * * * /usr/local/bin/restartguardian
意思為:每6小時重新啟動guardian
perl -MCPAN -e shell
install Proc::ProcessTable
腳本:killguardian
#!/usr/bin/perl
#殺死目前guardian.pl程序,需要安裝perl module Proc::ProcessTable
#通路http://www.cpan.org可以獲得上述module
use Proc::ProcessTable;
$t = new Proc::ProcessTable;
foreach $p (@{$t->table})
{
kill 9, $p->pid if $p->cmndline =~ 'guardian.pl';
}
![1、Linux 指令行使用技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)