Init.d/suricata help

Trying to create the /etc/init.d/suricata file for the package. I'm using the existing snort3 init.d file as a starter

It doesn't seem to create the local variables. The echo "Validated ${config_file} and ${interface}" returns no values. I've tried it with just $config_file and $interface with the same results..

It works with the direct call procd_set_param command $PROG -i eth0 -c /etc/suricata/suricata.yaml --pidfile /var/log/suricata.pid -D but not with the variable calls..

uci show suricata

root@OpenWrt:/etc/init.d# uci show suricata
suricata.service=suricata
suricata.service.interface='eth0'
suricata.service.config_file='/etc/suricata/suricata.yaml'
root@OpenWrt:/etc/init.d#
#!/bin/sh /etc/rc.common

START=99
STOP=10

USE_PROCD=1
PROG=/usr/bin/suricata

validate_suricata_section() {
        uci_validate_section suricata service "${1}" \
                'config_file:string' \
                'interface:string'
}

start_service() {
        local config_file interface

        validate_suricata_section suricata || {
                echo "validation failed"
                return 1
        }
        echo "Validated ${config_file} and ${interface}"
        procd_open_instance
        procd_set_param command $PROG -i eth0 -c /etc/suricata/suricata.yaml --pidfile /var/log/suricata.pid -D
#       procd_set_param command $PROG -i "$interface" -c "$config_file" -D
#       procd_set_param env SNORT_LUA_PATH="$config_dir"
        procd_set_param pidfile /var/log/suricata.pid
        procd_set_param file $CONFIGFILE
        procd_set_param respawn
        procd_close_instance
}

stop_service()
{
        service_stop ${PROG}
}

service_triggers()
{
        procd_add_reload_trigger "suricata"
        procd_add_validation validate_suricata_section
}
1 Like

Probably you shouldn't declare local variables, check out the log service example:

I changed it to uci_load_validate() thinking since the template I'm using is older, maybe that's a newer call. Same issue :frowning:

Commenting it the local defines (which are defined before uci_load_vallidate) still gives me nothing in the config_file and interface variables.

validate_suricata_section() {
        uci_load_validate suricata service "$1" "$2" \
                'config_file:string' \
                'interface:string'
}

also check snmpd and samba4-server init.d for ideas me thinks...

2 Likes

the config_load seems to have worked.. but, now it's a procd issue.. It won't run when I use the variables, even though they expand properly. If I run the command and fill in the spots where the vars are, it runs fine.

When I run that, the service never starts.. If I replace the procd string with an echo on the front, it fills fine.

root@OpenWrt:~# service suricata start
Validated /etc/suricata/suricata.yaml and eth0
procd_set_param command /usr/bin/suricata -i eth0 -c /etc/suricata/suricata.yaml --pidfile /var/log/suricata.pid -D
Validated /etc/suricata/suricata.yaml and eth0 2
#!/bin/sh /etc/rc.common

START=99
STOP=10

USE_PROCD=1
PROG=/usr/bin/suricata

validate_suricata_section() {
        uci_load_validate suricata service "$1" "$2" \
                'config_file:string' \
                'interface:string'
}

start_service() {
        local config_file interface
        config_load suricata
        config_get config_file service config_file
        config_get interface service interface

        rm -rf /var/log/suricata
        mkdir -p /var/log/suricata

        validate_suricata_section suricata || {
                echo "validation failed"
                return 1
        }

        echo "Validated $config_file and $interface"
        procd_open_instance
        procd_set_param command ${PROG} -i ${interface} -c ${config_file} --pidfile /var/log/suricata.pid -D
        echo "Validated $config_file and $interface 2"
        procd_set_param pidfile /var/log/suricata.pid
        procd_set_param respawn
        procd_close_instance
}

stop_service()
{
        service_stop ${PROG}
}

service_triggers()
{
        procd_add_reload_trigger "suricata"
        procd_add_validation validate_suricata_section
}
2 Likes

Can you think of any reason procd_set_param command ${PROG} -i ${interface} -c ${config_file} --pidfile /var/log/suricata.pid -D doesn't do anything unless fill in the blanks (except PROG)? :slight_smile:

Perhaps you shouldn't use --pidfile since it is managed by procd_set_param pidfile.
You may also need to avoid daemonizing/forking -D and just run in foreground.

2 Likes

Oh FFS..

Who would have thought this would have been the bang-head moment of Suricata..

Sigh.. Thanks All!

1 Like

Final init.d script for Suricata6

#!/bin/sh /etc/rc.common

START=99
STOP=10

USE_PROCD=1
PROG=/usr/bin/suricata

validate_suricata_section() {
        uci_load_validate suricata service "$1" "$2" \
                'config_file:string' \
                'interface:string' \
                'pidfile:string' \
                'logdir:string'
}

start_service() {
        local config_file interface pidfile
        config_load suricata
        config_get config_file service config_file
        config_get interface service interface
        config_get pidfile service pidfile
        config_get logdir service logdir

        [ -d $logdir ] && \
           rm -rf $logdir

        [ -e $pidfile ] && \
           rm -rf $pidfile

        mkdir -p $logdir

        validate_suricata_section suricata || {
                echo "validation failed"
                return 1
        }

        procd_open_instance
        procd_set_param command ${PROG} -i ${interface} -c ${config_file} -D
        procd_set_param file $config_file
        procd_set_param pidfile $pidfile
        procd_set_param respawn
        procd_close_instance
}

stop_service()
{
        service_stop ${PROG}
}

service_triggers()
{
        procd_add_reload_trigger "suricata"
        procd_add_validation validate_suricata_section
}
2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.