Snort still running even after uninstalled (in GUI)
-
Hi all,
I see Snort starting and shutting down when I bring PFSense on or offline. I had installed Snort to test, but by system only has 400mb RAM, and I saw that the requirements were higher so I uninstalled it using the package remove tool from within the WebGUI.
Snort has now survived several reboots - I wanted to let you know in case its not normal. Also, how I can remove this from my system without messing things up?
Thanks!
– Phob
-
If you ssh into your pfsense box, enter the shell, and run the command 'top', what snort process do you see running?
-
Hi,
PID: 758, Username: Root, THR: 1, PRI: -58, Nice: 0, Size: 12008K, RES: 11264K, State: bpf, Time: 0:06, WCPU 0.00%, Command: Snort
It doesn't look like its using up any processor cycles, but it is using a fair chunk of memory. As I said above, I see it starting during boot-up, and get the report on shut-down.
Is there a way to manually un-install it?
Thanks!
– Phob
-
Hey,
Your best bet is make sure it is not running before uninstalling it. In the shell run: kill -9 758 until it says: kill: (xxx) - No such process or just do: killall -9 snort (Two times should be enough) Then try to unistall it via the panel and reboot. See if that does the trick.
-
Thanks for the tips… only one problem, it doesn't appear in the panel anymore.
Should I attempt to re-install it then follow your instructions?
Worth a shot either way.
Thanks again,
-- Phob
-
I would just ssh in and go to /usr/local/etc/rc.d look for the snort startup script and delete it. I don't imagine it works a whole lot different than other packages…