Date: Wed, 9 Apr 2008 15:05:47 -0600 From: "Bamm Visscher" <bamm.visscher@gmail.com> To: sguil-devel@lists.sourceforge.net Cc: FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: [Sguil-devel] New sguil ports for FreeBSD Message-ID: <27492850804091405t7a2ec958q93064c04c433306b@mail.gmail.com> In-Reply-To: <2496DCB6636B3F0F4644C8AA@utd65257.utdallas.edu> References: <2496DCB6636B3F0F4644C8AA@utd65257.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
My guess is your script is passing sguild the arg '-u sguil'. Where in your startup script that could be, I don't know. On Wed, Apr 9, 2008 at 2:37 PM, Paul Schmehl <pauls@utdallas.edu> wrote: > Note: I'm crossposting this to freebsd-ports and the sguil-devel list, hoping > that someone can find the obvious problem that I'm missing. > > I'm working on the new (0.7.0) sguil-server port, and I've run into a strange > problem that I can't seem to figure out. If I try to start sguild with my > startup script (which worked fine in 0.6.x), I get this: > > # /usr/local/etc/rc.d/sguild start > Starting sguild. > pid(3349) ERROR: sguil does not exist > Usage: /usr/local/bin/sguild [-D] [-h] [-c <filename>] [-u <filename>] [-P > <filename>] > [-O <filename>] [-C <directory] > /usr/local/bin/sguild [-u <filename] [-adduser <username>] [-deluser > <username] > -c <filename>: PATH to the sguild config (sguild.conf) file. > -a <filename>: PATH to the autocat config (autocat.conf) file. > -g <filename>: PATH to the sguild global queries (sguild.queries) file. > -u <filename>: PATH to the sguild users (sguild.users) file. > -P <filename>: Name of file to write the PID to. > Default is /var/run/sguild.pid > -l <filepath>: PATH to sguild libraries. > -O <filename>: Define PATH to tls (tcl openssl) lib (libtls1.x.so) > -C <directory>: Directory that contains sguild.pem and sguild.key > -D Runs sguild in daemon mode. > -adduser <username>: Add user to sguild.users > -deluser <username>: Delete user from sguild.users > -A <filename>: PATH to sguild.access file. > -d <0|1|2>: Set DEBUG level > -h Display this help > SGUILD: Exiting... > > I've got no idea where this error is coming from or what it refers to. It's > not in any of the source files for the distro (that I can find.) The only > thing that comes close is 'puts "ERROR: $USERS_FILE does not exist"' in sguild, > but I would expect the commandline to throw the same error if that were true > *and* the sguild.users file *does* exist. > > If I start sguild from the commandline I get this: > > # /usr/local/bin/sguild > pid(3377) Loading access list: /usr/local/etc/sguil-server/sguild.access > pid(3377) Sensor access list set to ALLOW ANY. > pid(3377) Client access list set to ALLOW ANY. > pid(3377) Email Configuration: > pid(3377) Config file: /usr/local/etc/sguil-server/sguild.email > pid(3377) Enabled: Yes > pid(3377) Server: localhost > pid(3377) Rcpt To: root@localhost > pid(3377) From: root@localhost > pid(3377) Classes: successful-admin trojan-activity attempted-admin > attempted-user > pid(3377) Priorities: 0 > pid(3377) Disabled Sig IDs: 0 > pid(3377) Enabled Sig IDs: 1000003 > pid(3377) Connecting to localhost on 3306 as sguild > pid(3377) MySQL Version: version 5.0.51a > pid(3377) SguilDB Version: 0.12 > pid(3378) Loaderd Forked > pid(3379) Queryd Forked > pid(3377) Retrieving DB info... > pid(3377) SELECT sid, net_name, hostname, agent_type FROM sensor WHERE > active='Y' ORDER BY net_name, sid ASC > pid(3377) Warning: Event table appears to be empty. > pid(3377) If this is a new DB, then you can safely ignore this warning. > pid(3377) Retrieving DB info... > pid(3377) Getting a list of tables. > pid(3377) ...Getting info on history. > pid(3377) ...Getting info on nessus. > pid(3377) ...Getting info on nessus_data. > pid(3377) ...Getting info on pads. > pid(3377) ...Getting info on portscan. > pid(3377) ...Getting info on sensor. > pid(3377) ...Getting info on status. > pid(3377) ...Getting info on user_info. > pid(3377) ...Getting info on version. > pid(3377) Sguild Initialized. > > Or, as a daemon: > > # /usr/local/bin/sguild -D > pid(3380) Loading access list: /usr/local/etc/sguil-server/sguild.access > pid(3380) Sensor access list set to ALLOW ANY. > pid(3380) Client access list set to ALLOW ANY. > pid(3380) Email Configuration: > pid(3380) Config file: /usr/local/etc/sguil-server/sguild.email > pid(3380) Enabled: Yes > pid(3380) Server: localhost > pid(3380) Rcpt To: root@localhost > pid(3380) From: root@localhost > pid(3380) Classes: successful-admin trojan-activity attempted-admin > attempted-user > pid(3380) Priorities: 0 > pid(3380) Disabled Sig IDs: 0 > pid(3380) Enabled Sig IDs: 1000003 > > Clearly something is different about my startup script, but I'll be damned if I > know what it is. What's really frustrating is, there's almost nothing to a > FreeBSD startup script, because it sources rcorder and the other rc components. > > This is literally how simple it is: > > . /etc/rc.subr > > name="sguild" > rcvar=`set_rcvar` > > command="/usr/local/bin/${name}" > > load_rc_config ${name} > run_rc_command "$1" > > Stop works. Status works. Start fails. :-( > > Anyone have a hint? > > -- > Paul Schmehl (pauls@utdallas.edu) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Sguil-devel mailing list > Sguil-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sguil-devel > -- sguil - The Analyst Console for NSM http://sguil.sf.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27492850804091405t7a2ec958q93064c04c433306b>