Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: dumb question [processes and daemons]

  1. #1

    dumb question [processes and daemons]

    I have webmin and snort running on my RH7.3 box. I know for sure they're running but ps -ef | grep shows nothing, the same regarding snortd

    Both of those programs start as daemons (at least snortd)....

    Programs started as daemons do not show up as a processes?

    I guess it's a dumb question, but somebody help me put of that misery :-)

    [edit:gorn]please use a more descriptive title[/edit]

  2. #2
    Mentor coltrane's Avatar
    Join Date
    May 2001
    Location
    North Carolina
    Posts
    1,390

    Re:dumb question

    1) They should be there
    2) There is no such thing as a dumb question.....stupid questions exist, but not a dumb one, this is neither
    3) Do a regular ps -ef and look for it manually, it SHOULD be there.....once I get home I will send you a snap shot of my ps output.

  3. #3

    Re:dumb question

    hello,
    deamons should show up in a processes list just like coltrane said. you should have it like ps -aux | grep snortd. a grep w/o an snort (or some process name) will not work, you probably had that...

  4. #4

    Re:dumb question

    According to this:
    Snort is started, pid file shows pid but ps doesn't show ti in the list of the processes. (the same with webmin - it is running but it doesn't show)
    [root@snort1 root]# service snortd start
    Starting snort: [ OK ]
    [root@snort1 root]# ps -aux | grep snortd
    [root@snort1 root]#
    [root@snort1 root]# ps -ef | grep snortd
    [root@snort1 root]#
    [root@snort1 root]# cat /var/run/snort_any.pid
    1707
    [root@snort1 root]#

  5. #5

    Re:dumb question

    Is it possibly running the daemons within inetd or xinetd?

  6. #6

    Re:dumb question

    probably, my xinetd runs alot of shit...

  7. #7

    Re:dumb question

    [quote author=Ashcrow link=board=1;threadid=6736;start=0#63193 date=1049316582]
    Is it possibly running the daemons within inetd or xinetd?
    [/quote]

    Here is some output from chkconfig --list,
    according to this snortd and webmin are not part of xinetd...
    snortd 0ff 1ff 2ff 3n 4n 5n 6ff
    webmin 0ff 1ff 2n 3n 4ff 5n 6ff
    xinetd based services:
    chargen-udp: off
    chargen: off
    daytime-udp: off
    daytime: off
    echo-udp: off
    echo: off
    services: off
    servers: off
    time-udp: off
    time: off
    kotalk: off
    ktalk: off
    finger: off
    rexec: off
    rlogin: off
    rsh: off
    ntalk: off
    talk: off
    telnet: off
    rsync: off

  8. #8

    Re:dumb question

    is it possible it is not run under the name snort? e.g. samba runs under smb, i would see what actual executable is being called.

  9. #9

    Re:dumb question

    The actual executable is /usr/sbin/snort, the script that starts it is /etc/init.d/snortd. Here are the contents of snortd:

    [root@snort1 init.d]# cat snortd
    #!/bin/sh
    #
    # snortd Start/Stop the snort IDS daemon.
    #
    # chkconfig: 2345 40 60
    # description: snort is a lightweight network intrusion detection tool that
    # currently detects more than 1100 host and network
    # vulnerabilities, portscans, backdoors, and more.
    #
    # June 10, 2000 -- Dave Wreski <dave@linuxsecurity.com>
    # - initial version
    #
    # July 08, 2000 Dave Wreski <dave@guardiandigital.com>
    # - added snort user/group
    # - support for 1.6.2
    # July 31, 2000 Wim Vandersmissen <wim@bofh.st>
    # - added chroot support

    # Source function library.
    . /etc/rc.d/init.d/functions

    # Specify your network interface here
    INTERFACE=any

    # See how we were called.
    case "$1" in
    start)
    echo -n "Starting snort: "
    cd /var/log/snort
    daemon /usr/sbin/snort -i $INTERFACE -c /etc/snort/snort.conf -D
    touch /var/lock/subsys/snort
    echo
    ;;
    stop)
    echo -n "Stopping snort: "
    killproc snort
    rm -f /var/lock/subsys/snort
    echo
    ;;
    restart)
    $0 stop
    $0 start
    ;;
    status)
    status snort
    ;;
    *)
    echo "Usage: $0 {start|stop|restart|status}"
    exit 1
    esac

    exit 0

  10. #10

    Re:dumb question

    I just noticed the line int the script:
    # Source function library.
    . /etc/rc.d/init.d/functions

    Does that mean it runs from inetd?

Similar Threads

  1. Back with another dumb question ...
    By jeager in forum Linux - General Topics
    Replies: 10
    Last Post: 04-26-2006, 03:18 PM
  2. Kinda dumb BIND question
    By datamike in forum Linux - General Topics
    Replies: 2
    Last Post: 03-17-2003, 09:45 PM
  3. Dumb Dumb RAM Question
    By Tyr_7BE in forum Linux - Hardware, Networking & Security
    Replies: 7
    Last Post: 12-05-2002, 09:55 PM
  4. dumb kernel question
    By imported_Psycho in forum Linux - Software, Applications & Programming
    Replies: 10
    Last Post: 12-08-2001, 06:36 AM
  5. Dumb HTML question
    By popcorn in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 11-22-2001, 01:34 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •