Check if snort is running
-
I have found that snort wasn't running on several occasion, seemingly because of some kind of rules download error. The last time was in this message:
https://forum.pfsense.org/index.php?topic=117233.0It was rather aggravating to always be in the dark as to whether snort intrusion protection was running. I have written a quick bash script that checks every minute to see if snort is running and puts out 6 alternating beeps on my controller when snort isn't found in a top list. Cron has to be installed.
#!/usr/local/bin/bash
snortwarn.sh
cron line: */1 * * * * /usr/local/bin/snortwarn.sh
export PATH=$PATH:/usr/local/bin
top -n 1000 > /etc/dummy.txt
if [[ $(grep -cw "snort" /etc/dummy.txt) -eq 0 ]]; then
beep -p 2600 50
beep -p 2800 50
beep -p 2600 50
beep -p 2800 50
beep -p 2600 50
beep -p 2800 50
firm /etc/dummy.txt
exit 0