From: Michael Tremer Date: Tue, 10 Sep 2024 21:23:38 +0000 (+0200) Subject: suricata: Force Suricata to write a PID file again X-Git-Tag: v2.29-core189~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8b73307b15a74b3e0781cfb3430298403e849ed6;p=ipfire-2.x.git suricata: Force Suricata to write a PID file again The PID file does not get written when Suricata is not being started in daemon mode and therefore we need to pass it as a command line parameter. The initscript should not deal with the PID file when starting but needs it to terminate the process and to check the process status. The web UI can use the PID file again. Signed-off-by: Michael Tremer --- diff --git a/config/suricata/suricata-watcher b/config/suricata/suricata-watcher index af4defe04f..d937ef8cc9 100644 --- a/config/suricata/suricata-watcher +++ b/config/suricata/suricata-watcher @@ -24,9 +24,12 @@ PIDFILE="/var/run/suricata.pid" main() { local ret + # Suricata becomes unhappy if the PID file exists + unlink "${PIDFILE}" &>/dev/null + while :; do # Launch suricata - /usr/bin/suricata "$@" &>/dev/null + /usr/bin/suricata --pidfile "${PIDFILE}" "$@" &>/dev/null # Wait until suricata is done ret=$? diff --git a/html/cgi-bin/ids.cgi b/html/cgi-bin/ids.cgi index 34e6bf233a..db05df98a9 100644 --- a/html/cgi-bin/ids.cgi +++ b/html/cgi-bin/ids.cgi @@ -1011,7 +1011,7 @@ sub show_mainpage() { &Header::ServiceStatus({ $Lang::tr{'intrusion prevention system'} => { - "process" => "Suricata-Main", + "pidfile" => "/var/run/suricata.pid", }, }); diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index f3aa18f239..2890fa64be 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -159,7 +159,7 @@ case "$1" in stop) boot_mesg "Stopping Intrusion Detection System..." - killproc /usr/bin/suricata + killproc -p /var/run/suricata.pid /usr/bin/suricata # Flush firewall chain. flush_fw_chain @@ -169,13 +169,14 @@ case "$1" in ;; status) - statusproc /usr/bin/suricata + PIDFILE="/var/run/suricata.pid" statusproc /usr/bin/suricata ;; restart) $0 stop $0 start ;; + reload) # Send SIGUSR2 to the suricata process to perform a reload # of the ruleset.