Date: Wed, 9 Apr 2008 15:05:47 -0600 From: "Bamm Visscher" <bamm.visscher@gmail.com> To: sguil-devel@lists.sourceforge.net Cc: FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: [Sguil-devel] New sguil ports for FreeBSD Message-ID: <27492850804091405t7a2ec958q93064c04c433306b@mail.gmail.com> In-Reply-To: <2496DCB6636B3F0F4644C8AA@utd65257.utdallas.edu> References: <2496DCB6636B3F0F4644C8AA@utd65257.utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
My guess is your script is passing sguild the arg '-u sguil'. Where
in your startup script that could be, I don't know.
On Wed, Apr 9, 2008 at 2:37 PM, Paul Schmehl <pauls@utdallas.edu> wrote:
> Note: I'm crossposting this to freebsd-ports and the sguil-devel list, hoping
> that someone can find the obvious problem that I'm missing.
>
> I'm working on the new (0.7.0) sguil-server port, and I've run into a strange
> problem that I can't seem to figure out. If I try to start sguild with my
> startup script (which worked fine in 0.6.x), I get this:
>
> # /usr/local/etc/rc.d/sguild start
> Starting sguild.
> pid(3349) ERROR: sguil does not exist
> Usage: /usr/local/bin/sguild [-D] [-h] [-c <filename>] [-u <filename>] [-P
> <filename>]
> [-O <filename>] [-C <directory]
> /usr/local/bin/sguild [-u <filename] [-adduser <username>] [-deluser
> <username]
> -c <filename>: PATH to the sguild config (sguild.conf) file.
> -a <filename>: PATH to the autocat config (autocat.conf) file.
> -g <filename>: PATH to the sguild global queries (sguild.queries) file.
> -u <filename>: PATH to the sguild users (sguild.users) file.
> -P <filename>: Name of file to write the PID to.
> Default is /var/run/sguild.pid
> -l <filepath>: PATH to sguild libraries.
> -O <filename>: Define PATH to tls (tcl openssl) lib (libtls1.x.so)
> -C <directory>: Directory that contains sguild.pem and sguild.key
> -D Runs sguild in daemon mode.
> -adduser <username>: Add user to sguild.users
> -deluser <username>: Delete user from sguild.users
> -A <filename>: PATH to sguild.access file.
> -d <0|1|2>: Set DEBUG level
> -h Display this help
> SGUILD: Exiting...
>
> I've got no idea where this error is coming from or what it refers to. It's
> not in any of the source files for the distro (that I can find.) The only
> thing that comes close is 'puts "ERROR: $USERS_FILE does not exist"' in sguild,
> but I would expect the commandline to throw the same error if that were true
> *and* the sguild.users file *does* exist.
>
> If I start sguild from the commandline I get this:
>
> # /usr/local/bin/sguild
> pid(3377) Loading access list: /usr/local/etc/sguil-server/sguild.access
> pid(3377) Sensor access list set to ALLOW ANY.
> pid(3377) Client access list set to ALLOW ANY.
> pid(3377) Email Configuration:
> pid(3377) Config file: /usr/local/etc/sguil-server/sguild.email
> pid(3377) Enabled: Yes
> pid(3377) Server: localhost
> pid(3377) Rcpt To: root@localhost
> pid(3377) From: root@localhost
> pid(3377) Classes: successful-admin trojan-activity attempted-admin
> attempted-user
> pid(3377) Priorities: 0
> pid(3377) Disabled Sig IDs: 0
> pid(3377) Enabled Sig IDs: 1000003
> pid(3377) Connecting to localhost on 3306 as sguild
> pid(3377) MySQL Version: version 5.0.51a
> pid(3377) SguilDB Version: 0.12
> pid(3378) Loaderd Forked
> pid(3379) Queryd Forked
> pid(3377) Retrieving DB info...
> pid(3377) SELECT sid, net_name, hostname, agent_type FROM sensor WHERE
> active='Y' ORDER BY net_name, sid ASC
> pid(3377) Warning: Event table appears to be empty.
> pid(3377) If this is a new DB, then you can safely ignore this warning.
> pid(3377) Retrieving DB info...
> pid(3377) Getting a list of tables.
> pid(3377) ...Getting info on history.
> pid(3377) ...Getting info on nessus.
> pid(3377) ...Getting info on nessus_data.
> pid(3377) ...Getting info on pads.
> pid(3377) ...Getting info on portscan.
> pid(3377) ...Getting info on sensor.
> pid(3377) ...Getting info on status.
> pid(3377) ...Getting info on user_info.
> pid(3377) ...Getting info on version.
> pid(3377) Sguild Initialized.
>
> Or, as a daemon:
>
> # /usr/local/bin/sguild -D
> pid(3380) Loading access list: /usr/local/etc/sguil-server/sguild.access
> pid(3380) Sensor access list set to ALLOW ANY.
> pid(3380) Client access list set to ALLOW ANY.
> pid(3380) Email Configuration:
> pid(3380) Config file: /usr/local/etc/sguil-server/sguild.email
> pid(3380) Enabled: Yes
> pid(3380) Server: localhost
> pid(3380) Rcpt To: root@localhost
> pid(3380) From: root@localhost
> pid(3380) Classes: successful-admin trojan-activity attempted-admin
> attempted-user
> pid(3380) Priorities: 0
> pid(3380) Disabled Sig IDs: 0
> pid(3380) Enabled Sig IDs: 1000003
>
> Clearly something is different about my startup script, but I'll be damned if I
> know what it is. What's really frustrating is, there's almost nothing to a
> FreeBSD startup script, because it sources rcorder and the other rc components.
>
> This is literally how simple it is:
>
> . /etc/rc.subr
>
> name="sguild"
> rcvar=`set_rcvar`
>
> command="/usr/local/bin/${name}"
>
> load_rc_config ${name}
> run_rc_command "$1"
>
> Stop works. Status works. Start fails. :-(
>
> Anyone have a hint?
>
> --
> Paul Schmehl (pauls@utdallas.edu)
> Senior Information Security Analyst
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
> Don't miss this year's exciting event. There's still time to save $100.
> Use priority code J8TL2D2.
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Sguil-devel mailing list
> Sguil-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sguil-devel
>
--
sguil - The Analyst Console for NSM
http://sguil.sf.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?27492850804091405t7a2ec958q93064c04c433306b>