Note: I'm crossposting this to freebsd-ports and the sguil-devel list, hoping
that someone can find the obvious problem that I'm missing.
I'm working on the new (0.7.0) sguil-server port, and I've run into a strange
problem that I can't seem to figure out. If I try to start sguild with my
startup script (which worked fine in 0.6.x), I get this:
# /usr/local/etc/rc.d/sguild start
Starting sguild.
pid(3349) ERROR: sguil does not exist
Usage: /usr/local/bin/sguild [-D] [-h] [-c <filename>] [-u <filename>] [-P
<filename>]
[-O <filename>] [-C <directory]
/usr/local/bin/sguild [-u <filename] [-adduser <username>] [-deluser
<username]
-c <filename>: PATH to the sguild config (sguild.conf) file.
-a <filename>: PATH to the autocat config (autocat.conf) file.
-g <filename>: PATH to the sguild global queries (sguild.queries) file.
-u <filename>: PATH to the sguild users (sguild.users) file.
-P <filename>: Name of file to write the PID to.
Default is /var/run/sguild.pid
-l <filepath>: PATH to sguild libraries.
-O <filename>: Define PATH to tls (tcl openssl) lib (libtls1.x.so)
-C <directory>: Directory that contains sguild.pem and sguild.key
-D Runs sguild in daemon mode.
-adduser <username>: Add user to sguild.users
-deluser <username>: Delete user from sguild.users
-A <filename>: PATH to sguild.access file.
-d <0|1|2>: Set DEBUG level
-h Display this help
SGUILD: Exiting...
I've got no idea where this error is coming from or what it refers to. It's
not in any of the source files for the distro (that I can find.) The only
thing that comes close is 'puts "ERROR: $USERS_FILE does not exist"' in sguild,
but I would expect the commandline to throw the same error if that were true
*and* the sguild.users file *does* exist.
If I start sguild from the commandline I get this:
# /usr/local/bin/sguild
pid(3377) Loading access list: /usr/local/etc/sguil-server/sguild.access
pid(3377) Sensor access list set to ALLOW ANY.
pid(3377) Client access list set to ALLOW ANY.
pid(3377) Email Configuration:
pid(3377) Config file: /usr/local/etc/sguil-server/sguild.email
pid(3377) Enabled: Yes
pid(3377) Server: localhost
pid(3377) Rcpt To: [EMAIL PROTECTED]
pid(3377) From: [EMAIL PROTECTED]
pid(3377) Classes: successful-admin trojan-activity attempted-admin
attempted-user
pid(3377) Priorities: 0
pid(3377) Disabled Sig IDs: 0
pid(3377) Enabled Sig IDs: 1000003
pid(3377) Connecting to localhost on 3306 as sguild
pid(3377) MySQL Version: version 5.0.51a
pid(3377) SguilDB Version: 0.12
pid(3378) Loaderd Forked
pid(3379) Queryd Forked
pid(3377) Retrieving DB info...
pid(3377) SELECT sid, net_name, hostname, agent_type FROM sensor WHERE
active='Y' ORDER BY net_name, sid ASC
pid(3377) Warning: Event table appears to be empty.
pid(3377) If this is a new DB, then you can safely ignore this warning.
pid(3377) Retrieving DB info...
pid(3377) Getting a list of tables.
pid(3377) ...Getting info on history.
pid(3377) ...Getting info on nessus.
pid(3377) ...Getting info on nessus_data.
pid(3377) ...Getting info on pads.
pid(3377) ...Getting info on portscan.
pid(3377) ...Getting info on sensor.
pid(3377) ...Getting info on status.
pid(3377) ...Getting info on user_info.
pid(3377) ...Getting info on version.
pid(3377) Sguild Initialized.
Or, as a daemon:
# /usr/local/bin/sguild -D
pid(3380) Loading access list: /usr/local/etc/sguil-server/sguild.access
pid(3380) Sensor access list set to ALLOW ANY.
pid(3380) Client access list set to ALLOW ANY.
pid(3380) Email Configuration:
pid(3380) Config file: /usr/local/etc/sguil-server/sguild.email
pid(3380) Enabled: Yes
pid(3380) Server: localhost
pid(3380) Rcpt To: [EMAIL PROTECTED]
pid(3380) From: [EMAIL PROTECTED]
pid(3380) Classes: successful-admin trojan-activity attempted-admin
attempted-user
pid(3380) Priorities: 0
pid(3380) Disabled Sig IDs: 0
pid(3380) Enabled Sig IDs: 1000003
Clearly something is different about my startup script, but I'll be damned if I
know what it is. What's really frustrating is, there's almost nothing to a
FreeBSD startup script, because it sources rcorder and the other rc components.
This is literally how simple it is:
. /etc/rc.subr
name="sguild"
rcvar=`set_rcvar`
command="/usr/local/bin/${name}"
load_rc_config ${name}
run_rc_command "$1"
Stop works. Status works. Start fails. :-(
Anyone have a hint?
--
Paul Schmehl ([EMAIL PROTECTED])
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
