52

Chapter 2     Installing Snort and Getting Started

In case of automatic startup and shutdown as explained in the next section, you

have to modify /etc/init.d/snortd script so that Snort starts on the desired

interface at boot time.

2.2.6

Automatic Startup and Shutdown

You can configure Snort to start at boot time automatically and stop when the system

shuts down. On UNIX type machines, this can be done through a script that starts and

stops Snort. The script is usually created in the /etc/init.d directory on Linux. A link

to the startup script may be created in /etc/rc3.d directory and shutdown links may be

present in /etc/rc2.d, /etc/rc1.d and /etc/rc0.d directories. A typical script

file /etc/init.d/snortd that is bundled with Snort RPM is as shown below:

4

[root@conformix]# cat /etc/init.d/snortd 

#!/bin/sh

#

# snortd         Start/Stop the snort IDS daemon.

#

# chkconfig: 2345 40 60

# description:  snort is a lightweight network intrusion

# detection tool that

#           currently detects more than 1100 host and network

#           vulnerabilities, portscans, backdoors, and more.

#

# June 10, 2000    Dave Wreski 

#     initial version

#

# July 08, 2000 Dave Wreski 

#     added snort user/group

#     support for 1.6.2

# July 31, 2000 Wim Vandersmissen 

#     added chroot support

# Source function library.

. /etc/rc.d/init.d/functions

# Specify your network interface here

INTERFACE=eth0

# See how we were called.

case "$1" in

  start)

4.

If you are creating a startup/shutdown script when you compile Snort  yourself, you have to modify 

paths to Snort files according to your installation. This script still works very well as a reference 

starting point.