The PID file does not get written when Suricata is not being started in
daemon mode and therefore we need to pass it as a command line
parameter.
The initscript should not deal with the PID file when starting but needs
it to terminate the process and to check the process status.
The web UI can use the PID file again.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
main() {
local ret
+ # Suricata becomes unhappy if the PID file exists
+ unlink "${PIDFILE}" &>/dev/null
+
while :; do
# Launch suricata
- /usr/bin/suricata "$@" &>/dev/null
+ /usr/bin/suricata --pidfile "${PIDFILE}" "$@" &>/dev/null
# Wait until suricata is done
ret=$?
&Header::ServiceStatus({
$Lang::tr{'intrusion prevention system'} => {
- "process" => "Suricata-Main",
+ "pidfile" => "/var/run/suricata.pid",
},
});
stop)
boot_mesg "Stopping Intrusion Detection System..."
- killproc /usr/bin/suricata
+ killproc -p /var/run/suricata.pid /usr/bin/suricata
# Flush firewall chain.
flush_fw_chain
;;
status)
- statusproc /usr/bin/suricata
+ PIDFILE="/var/run/suricata.pid" statusproc /usr/bin/suricata
;;
restart)
$0 stop
$0 start
;;
+
reload)
# Send SIGUSR2 to the suricata process to perform a reload
# of the ruleset.
projects / ipfire-2.x.git / commitdiff
