snort 服务启动脚本 iptables 联动启动脚本 开机启动

snort服务启动脚本
vi /etc/init.d/snort
********************
#!/bin/sh
#
# chkconfig: 2345 98 82
# description: Starts and stops the snort intrusion detection system
#
# config: /etc/snort.conf
# processname: snort

# Source function library
. /etc/rc.d/init.d/functions

BASE=snort
DAEMON="-D"
INTERFACE="-i eth0"
CONF="/etc/snort.conf"

# Check that $BASE exists.
[ -f /usr/local/bin/$BASE ] || exit 0

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

RETVAL=0
# See how we were called.
case "$1" in
  start)
        if [ -n "`/sbin/pidof $BASE`" ]; then
                echo -n $"$BASE: already running"
                echo ""
                exit $RETVAL
        fi
        echo -n "Starting snort service: "
        /usr/local/bin/$BASE $INTERFACE -c $CONF $DAEMON
        sleep 1
        action "" /sbin/pidof $BASE
        RETVAL=$?
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snort
        ;;
  stop)
        echo -n "Shutting down snort service: "
        killproc $BASE
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/snort
        ;;
  restart|reload)
        $0 stop
        $0 start
        RETVAL=$?
        ;;
  status)
        status $BASE
        RETVAL=$?
        ;;
  *)
        echo "Usage: snort {start|stop|restart|reload|status}"
        exit 1
esac

exit $RETVAL

chmod +x /etc/init.d/snort
chkconfig –add snort

* /usr/bin/perl /usr/local/bin/guardian.pl -c /etc/guardian.conf
* 将上一条命令加入 /etc/rc.d/rc.local
至此，完成设置
guardian有时会自动退出，可以使用如下脚本解决：
#!/bin/sh
/usr/local/bin/killguardian
/usr/local/bin/guardian.pl -c /etc/guardian.conf
exit 0
将上述脚本存为restartguardian,放置到/usr/local/bin
同时，crontab -e，加入如下一句：
* */6 * * * /usr/local/bin/restartguardian
意思为：每6小时重新启动guardian
perl -MCPAN -e shell
install Proc::ProcessTable
脚本：killguardian
#!/usr/bin/perl
#杀死当前guardian.pl进程，需要安装perl module Proc::ProcessTable
       #访问http://www.cpan.org可以获得上述module
use Proc::ProcessTable;
$t = new Proc::ProcessTable;
foreach $p (@{$t->table})
{
kill 9, $p->pid if $p->cmndline =~ 'guardian.pl';
}