2

I get the following (truncated) output from --status-all

$ service --status-all
 [..]
 [ - ]  ossec
 [ - ]  ossec-hids-authd
 [..]

But I can't access it through service:

$ service status ossec-hids-authd
status: unrecognized service

My init.d script looks like this:

#!/bin/sh -e
#### BEGIN INIT INFO
# Provides:          ossec-authd
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Authentication Daemon for OSSEC-HIDS.
# Description:       Provides key signing for OSSEC Clients
### END INIT INFO
NAME=ossec-authd
DAEMON=/var/ossec/bin/ossec-authd
DAEMON_ARGS="-p 1515 2>&1 >> /var/ossec/logs/ossec-authd.log &"
PIDFILE=/var/run/ossec-authd.pid

test -x ${DAEMON} || exit 5

case $1 in
 start)
  if [ -e $PIDFILE ]; then
   status_of_proc -p $PIDFILE $DAEMON "$NAME process" && status="0" || status="$?"
   if [ $status = "0" ]; then
    exit
   fi
  fi
  log_daemon_msg "Starting the process" "$NAME"
  if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS; then
   log_end_msg 0
  else
   log_end_msg 1
  fi
  ;;
 stop)
  if [ -e $PIDFILE ]; then
   status_of_proc -p $PIDFILE $DAEMON "Stoppping the $NAME process" && status="0" || status="$?"
   if [ "$status" = 0 ]; then
    start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE
    /bin/rm -rf $PIDFILE
   fi
  else
   log_daemon_msg "$NAME process is not running"
   log_end_msg 0
  fi
  ;;
 restart)
  $0 stop && sleep 2 && $0 start
  ;;
 status)
  if [ -e $PIDFILE ]; then
   status_of_proc -p $PIDFILE $DAEMON "$NAME process" && exit 0 || exit $?
  else
   log_daemon_msg "$NAME Process is not running"
   log_end_msg 0
  fi
  ;;
 reload)
  if [ -e $PIDFILE ]; then
   start-stop-daemon --stop --signal USR1 --quiet --pidfile $PIDFILE --name $NAME -- $DAEMON_ARGS
   log_success_msg "$NAME process reloaded successfully"
  else
   log_failure_msg "$PIDFILE does not exists"
  fi
  ;;
 *)
  echo "Usage: $0 {start|stop|restart|reload|status}"
  exit 2
  ;;
esac

What have I done wrong?

Kit Sunde
  • 11,096

2 Answers2

6

And now the Ubuntu answer.

You've managed to avoid the unnecessary horror that is ossec-control. But on Ubuntu Linux that System 5 rc script is an unnecessary horror all in itself.

You are using Ubuntu Linux. You already have either upstart or systemd. Do not begin by writing System 5 rc scripts.

systemd

In https://unix.stackexchange.com/a/200365/5132 I showed a simple systemd template service unit that could start a whole bunch of OSSEC HIDS services, as template instances. Unfortunately, it doesn't work with ossec-authd, for the simple reason that that doesn't have an -f option like the other programs do. Ironically, this is because it doesn't have the unnecessary (yet again) code for double-forking that the other programs have, and that they have to have switched off with the -f option.

So here's another template to save as /etc/systemd/system/ossec-f@.service.

[Unit]
Description=The OSSEC HIDS %i server
After=network.target 

[Service]
Type=simple
ExecStartPre=/usr/bin/env /var/ossec/bin/ossec-%i -t
ExecStart=/usr/bin/env /var/ossec/bin/ossec-%i

[Install]
WantedBy=multi-user.target

This template is to be instantiated into the actual service as ossec-f@authd.service and the normal systemd controls are available:

  • systemctl enable ossec-f@authd.service to set the service to auto-start at bootstrap.
  • systemctl start ossec-f@authd.service to start the service now.
  • systemctl status ossec-f@authd.service to see the service status.

The command to see service statuses is 

systemctl
or 

systemctl --all
to see all loaded units, even the inactive ones.

upstart

Having never had need of OSSEC HIDS under upstart myself, this is just a skeleton /etc/init/ossec-authd.conf that you will have to work on.

description "OSSEC HIDS authd server"

start on runlevel [2345]
stop on runlevel [!2345]

respawn

exec /var/ossec/bin/ossec-authd

Further reading

Community
  • 1
JdeBP
  • 3,959
  • I ended up using start-stop-daemon with -background, but yeah init.d is pretty disgusting I use upstart normally. The other parts of OSSEC run through the controller (the whole OSSEC thing is strangely non-standard). Their apt source where GPG is isn't even HTTPS so much for security, but I digress. ;) Can't wait until systemd comes pre-installed. – Kit Sunde May 17 '15 at 14:06
0

It seems like service --status-all will list down everything by file name and that my init.d script is broken somehow.

Kit Sunde
  • 11,096