My guess is your script is passing sguild the arg '-u sguil'. Where in your startup script that could be, I don't know.
On Wed, Apr 9, 2008 at 2:37 PM, Paul Schmehl <[EMAIL PROTECTED]> wrote: > Note: I'm crossposting this to freebsd-ports and the sguil-devel list, hoping > that someone can find the obvious problem that I'm missing. > > I'm working on the new (0.7.0) sguil-server port, and I've run into a strange > problem that I can't seem to figure out. If I try to start sguild with my > startup script (which worked fine in 0.6.x), I get this: > > # /usr/local/etc/rc.d/sguild start > Starting sguild. > pid(3349) ERROR: sguil does not exist > Usage: /usr/local/bin/sguild [-D] [-h] [-c <filename>] [-u <filename>] [-P > <filename>] > [-O <filename>] [-C <directory] > /usr/local/bin/sguild [-u <filename] [-adduser <username>] [-deluser > <username] > -c <filename>: PATH to the sguild config (sguild.conf) file. > -a <filename>: PATH to the autocat config (autocat.conf) file. > -g <filename>: PATH to the sguild global queries (sguild.queries) file. > -u <filename>: PATH to the sguild users (sguild.users) file. > -P <filename>: Name of file to write the PID to. > Default is /var/run/sguild.pid > -l <filepath>: PATH to sguild libraries. > -O <filename>: Define PATH to tls (tcl openssl) lib (libtls1.x.so) > -C <directory>: Directory that contains sguild.pem and sguild.key > -D Runs sguild in daemon mode. > -adduser <username>: Add user to sguild.users > -deluser <username>: Delete user from sguild.users > -A <filename>: PATH to sguild.access file. > -d <0|1|2>: Set DEBUG level > -h Display this help > SGUILD: Exiting... > > I've got no idea where this error is coming from or what it refers to. It's > not in any of the source files for the distro (that I can find.) The only > thing that comes close is 'puts "ERROR: $USERS_FILE does not exist"' in > sguild, > but I would expect the commandline to throw the same error if that were true > *and* the sguild.users file *does* exist. > > If I start sguild from the commandline I get this: > > # /usr/local/bin/sguild > pid(3377) Loading access list: /usr/local/etc/sguil-server/sguild.access > pid(3377) Sensor access list set to ALLOW ANY. > pid(3377) Client access list set to ALLOW ANY. > pid(3377) Email Configuration: > pid(3377) Config file: /usr/local/etc/sguil-server/sguild.email > pid(3377) Enabled: Yes > pid(3377) Server: localhost > pid(3377) Rcpt To: [EMAIL PROTECTED] > pid(3377) From: [EMAIL PROTECTED] > pid(3377) Classes: successful-admin trojan-activity attempted-admin > attempted-user > pid(3377) Priorities: 0 > pid(3377) Disabled Sig IDs: 0 > pid(3377) Enabled Sig IDs: 1000003 > pid(3377) Connecting to localhost on 3306 as sguild > pid(3377) MySQL Version: version 5.0.51a > pid(3377) SguilDB Version: 0.12 > pid(3378) Loaderd Forked > pid(3379) Queryd Forked > pid(3377) Retrieving DB info... > pid(3377) SELECT sid, net_name, hostname, agent_type FROM sensor WHERE > active='Y' ORDER BY net_name, sid ASC > pid(3377) Warning: Event table appears to be empty. > pid(3377) If this is a new DB, then you can safely ignore this warning. > pid(3377) Retrieving DB info... > pid(3377) Getting a list of tables. > pid(3377) ...Getting info on history. > pid(3377) ...Getting info on nessus. > pid(3377) ...Getting info on nessus_data. > pid(3377) ...Getting info on pads. > pid(3377) ...Getting info on portscan. > pid(3377) ...Getting info on sensor. > pid(3377) ...Getting info on status. > pid(3377) ...Getting info on user_info. > pid(3377) ...Getting info on version. > pid(3377) Sguild Initialized. > > Or, as a daemon: > > # /usr/local/bin/sguild -D > pid(3380) Loading access list: /usr/local/etc/sguil-server/sguild.access > pid(3380) Sensor access list set to ALLOW ANY. > pid(3380) Client access list set to ALLOW ANY. > pid(3380) Email Configuration: > pid(3380) Config file: /usr/local/etc/sguil-server/sguild.email > pid(3380) Enabled: Yes > pid(3380) Server: localhost > pid(3380) Rcpt To: [EMAIL PROTECTED] > pid(3380) From: [EMAIL PROTECTED] > pid(3380) Classes: successful-admin trojan-activity attempted-admin > attempted-user > pid(3380) Priorities: 0 > pid(3380) Disabled Sig IDs: 0 > pid(3380) Enabled Sig IDs: 1000003 > > Clearly something is different about my startup script, but I'll be damned > if I > know what it is. What's really frustrating is, there's almost nothing to a > FreeBSD startup script, because it sources rcorder and the other rc > components. > > This is literally how simple it is: > > . /etc/rc.subr > > name="sguild" > rcvar=`set_rcvar` > > command="/usr/local/bin/${name}" > > load_rc_config ${name} > run_rc_command "$1" > > Stop works. Status works. Start fails. :-( > > Anyone have a hint? > > -- > Paul Schmehl ([EMAIL PROTECTED]) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Sguil-devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/sguil-devel > -- sguil - The Analyst Console for NSM http://sguil.sf.net _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"