Create a Bash init script for Suricata

Question

I'm running an older version "1.1" of Suricata on my Fedora 14 System. It was installed through yum and as such doesn't have a working init script due to some issues that I've read about. Is there a simple way to include the following in a generic init script so that suricata autostarts when the system boots.

Thanks for any help/direction.

Answer 1

Try this on for size: "call it suricata and place it in your /etc/init.d directory

#!/bin/bash
#
# Init file for suricata
#
#
# chkconfig: 345 52 48
# description: Network Intrusion Detection System
#
# processname: Suricata
# pidfile: /var/run/suricata.pid

source /etc/rc.d/init.d/functions


### Read configuration
[ -r "$SYSCONFIG" ] && source "$SYSCONFIG"

RETVAL=0
prog="suricata"
desc="Suricata IDS"

start() {
    echo -n $"Starting $desc ($prog): "

    daemon suricata -c /etc/suricata.yaml -i eth0 
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
    return $RETVAL
}

stop() {
    echo -n $"Shutting down $desc ($prog): "
    killproc $prog
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
    return $RETVAL
}

restart() {
    stop
    start
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
    ;;
  reload)
    reload
    ;;
  condrestart)
    [ -e /var/lock/subsys/$prog ] && restart
    RETVAL=$?
    ;;
  status)
    status $prog
    RETVAL=$?
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
    RETVAL=1
esac

exit $RETVAL

depending on your system, I'm not running Fedora 14, you may need to provide the absolute path to the suricata binary. Mine is /usr/local/bin/suricata

You should also consider updating or at least compiling from source this gives you a make install-full option that does all of this for you now including installation of an init script. You can download it from the suricata open info sec website